If you’re going to pick a fight with the airlines over fraud accusations make sure you’ve covered your tracks. This appears to be the lesson for one Ms. Maria Borges with respect to the American Airlines AAdvantage program. After filing a complaint seeking to recover points tied to a cancelled ticket Ms. Borges (and the rest of the world) are seeing the level of detail to which American Airlines can mine data, and also learning what it is like to be accused of conspiracy to defraud a company.
The masterminds behind this scheme appear to be the Complainant’s son-in-law and daughter, i.e., her co-fraudsters, who also violated the AAdvantage Terms by utilizing nearly identical means to improperly obtain bonus miles for deposit to additional AAdvantage accounts established under their names, but on a stunningly larger scale as discussed in Section III.
Ms. Borges filed the complaint, but American asserts that she is not the brains of the scheme. Her daughter and son-in-law (SIL) appear to be at the core of this operation, and American has the emails, phone calls, ticket details, mailing addresses and more to connect the dots.
Too many accounts, too many bonuses
It is very unlikely that a trio of legitimate actors would have opened 45 co-brand credit cards over a 4 year span. And, even if that was legitimate, using 16 different AAdvantage account numbers in an effort to continue the ruse is almost certainly a bad idea. And those are just the accounts American can prove. The carrier notes that an additional nine cards were opened under five accounts for different named individuals at the same address as the Borges.
Indeed, the January 2020 email from the Complainant directing American to close her AAdvantage account was sent from one of several email accounts belonging to either her son-in-law or daughter and used to open AAdvantage accounts in furtherance of the fraud. The ticketed beneficiaries of the miles redeemed from the Complainant’s AAdvantage account were her son-in-law and daughter…The Complainant’s AAdvantage account activity thus was clearly part of a larger enterprise involving her son-in-law and daughter.
Ultimately American says that more than 1.4 million points were fraudulently accrued by the trio using new cardholder bonuses between May 2018 and the beginning of 2020 when the accounts were closed.
After the son-in-law’s account was terminated for fraud the trio cashed out Borges’ account, issuing a pair of seats to Hawaii. Then Borges closed her account and the daughter’s account was terminated for fraud. A couple months later a scheduled change hit and they decided to risk a refund request on the tickets. The SIL or his father made no fewer than 19 calls to the carrier (Note: Hang up/Call again doesn’t always work, as I well know) to request that the points be refunded. But because the account was closed they would need to be refunded to the new account Borges created and the airline was not keen on that idea. Also, American is pretty sure that on at least some of the calls the same person claimed to be either the SIL or the SIL’s father.
Tracking the applications
Lest there be any doubt, American Airlines now makes it clear that the company has the ability to track accounts using details like address, phone number, email and more. The carrier spells out how it has followed some of those trails in the Borges case, including that it can dedupe email addresses from Gmail that have periods in the middle as an effort to obfuscate the account.
The email used by the Complainant for account 2AF9N50 was the same as used for another AAdvantage account associated with the Complainant’s address, and the telephone number used was the same as used by the Complainant’s daughter for one of her AAdvantage accounts that previously had been terminated due to fraud. And, although unmentioned in the Complaint, another AAdvantage account was opened by the Complainant on December 17, 2019 (one day before the Hawaii itinerary was booked from Account 1LJ73H8), using yet another email address and phone number. Also, perhaps not coincidentally, on January 18, 2020, American received a request to close yet another AAdvantage account associated with the Complainant’s street address. The request to close that account came from an email address used often by the Complainant’s son-in-law in connection with other AAdvantage accounts terminated for fraud. Over 250,000 miles had accrued to that account since May 2018, with six award tickets redeemed from the account between January 16 and 18, 2020. All but 1,000 of the 250,000 miles that had accrued in the account were from Citi Card accounts, including New Account Mileage Bonuses.
There was also a point where Borges claims that she applied for a Citi card using a flight attendant-provided application. American rightly points out that only the Barclay’s-backed cards are available in flight. Borges also misrepresents the bonus points earned on the cards that were legitimate, which does not help her standing with respect to the more fraudulent actions.
Online monitoring, too
American also notes that its corporate security team monitors FlyerTalk, Reddit, and other online forums to track such practices and tune its detection processes. Indeed, the ability to manipulate the online application for new card bonuses was a huge problem for American Airlines. And the conversations online helped tip the company off to these actions (emphasis added).
For a period of time and due to a technical issue, certain unscrupulous individuals were able to circumvent security protocols in place designed to prevent the accrual of multiple New Account Mileage Bonuses within the specified timeframe. More specifically, a small number of individuals acting in bad faith obtained invitations not intended for them – either by establishing multiple, bogus AAdvantage Accounts or getting their hands on mailers or emails addressed to third parties. Once the individual had the invitation and unique code, he or she would apply and change information during the Citi Card application process to match his or her actual identity and AAdvantage account, which otherwise would not have been eligible for a New Account Mileage Bonus. Disclosures, including those provided when accessing the online application via aa.com (as will be demonstrated in Section III, infra), clearly notified prospective applicants that only new Citi Card account holders were eligible for the New Account Mileage Bonuses. These unscrupulous individuals repeatedly bragged, in online forums such as FlyerTalk and Reddit, of their schemes. As shown in Exhibit AA-1 hereto, several individuals posting to these online communities would share strategies on how to “game” the Citi application process. Some of their postings explicitly acknowledged that the schemes were in violation of the AAdvantage Terms and contained “tips” on methods to evade detection by American and Citi. Once American became aware of these fraudulent activities, it conducted a review of New Account Mileage Bonuses, which ultimately identified the Complainant’s son-in-law and daughter as among certain AAdvantage members who engaged in misrepresentation and abuse of the Program at issue.
So, is there anything useful to take away from this tale?
If you’re gaming the program it seems the biggest lesson is that the airlines are (or can be when properly motivated) far better equipped to track fraud than many give them credit for. And they really do record the calls and use those recordings when it is useful for responding to challenging situations.
And, for the rest of the loyalty program world, just a reminder of the lengths to which people will go in an effort to score a “free” plane ticket.
A favor to ask while you're here...
Did you enjoy the content? Or learn something useful? Or generally just think this is the type of story you'd like to see more of? Consider supporting the site through a donation (any amount helps). It helps keep me independent and avoiding the credit card schlock.