Mind your boarding pass, but don’t freak out about it

Everyone who flies knows their boarding pass contains basic personal and flight information, but do you know what information is hidden in that bar code?

20160327-DSC_0490

I never thought about it at all until I began running across stories warning airline passengers about the need to safeguard their boarding passes, with most taking particular aim at those who post pictures of their boarding pass on social media while awaiting their flight.

Various websites have taken this information and run with it, warning unwary passengers that boarding passes hold the key to identity theft and recommending that you not only never ever post a picture of your boarding pass online, but that you never throw it in the trash either.

Really?

While I’m not usually one to post pictures of my boarding pass on Facebook (mostly for fear of jinxing my chances of scoring a first class upgrade), I have been known to stick it in the seat pocket once on board and just leave it there with other trash or to chuck it in the wastebasket once I reach my destination. While leaving any document with personal information on it just lying around isn’t a great idea, am I really leaving the door to identity theft wide open by failing to secure my boarding pass?

Probably not.

You may be leaving the door to identity theft open a crack, but likely only a crack.

Boarding passes do contain sensitive information, but most of that is either already visible on the pass or related to your frequent flier account. A thief might be able to hack your frequent flier account, but shouldn’t be able to use that to access financial or other data without lots and lots of knowledge and effort. And they have to get right on it, because boarding pass data is wiped clean within a few days of your flight.

Here’s what I’ve been able to glean from the various reports on this:

  • The bar code on a boarding pass generally contains all of the information printed on the boarding pass, as well as the flight record and frequent flier number.
  • Bar code information on a boarding pass can easily be read by any smart phone using a free app.
    • This information might be adequate to change the passenger’s seat assignment or even cancel the next leg of their current trip.
    • It could also be used to mine the passenger’s airline record for additional information like their phone number, who booked the flight, and their upcoming flights.
    • This information would be helpful in resetting the account PIN and gaining control of the account. However, the potential thief would still need to find or guess the answers to security questions. If the potential thief was able to do so, they could then reset the PIN and take control of the account . . . but I don’t see where this would allow them to do more than cause you a nasty headache when you have to clean up after them:
      • They could change or cancel the flights you already have booked. Potentially they could book new flights and charge them to you, but only if your credit card is tied to your account and they do the additional work elsewhere to steal the PIN for your card. Of course, they couldn’t actually fly on any of those flights without doing a whole lot more work to steal and copy your driver’s license or passport.
      • They could transfer your frequent flier mile to another account, but the airlines charge for that, so it wouldn’t be of much value unless they also did the work noted above to get access to your credit card PIN.
      • They could change your personal information, creating a mess the next time you wanted to fly.
  • The encrypted information is wiped within a few days of the flight, so the would-be thief would need to act promptly.

As you can see, the farther you move into the sub-bullets, the more theoretical and challenging nefarious activity becomes. Someone would need to be both a highly skilled data thief and really have it in for you to go to so much trouble for so little personal gain!

But that doesn’t mean you shouldn’t safeguard your boarding pass while you are traveling. As noted, access to the flight record – your confirmation code – does open you up to the potential for malicious meddling on flights with multiple legs. And, like any document that contains personal information, you’re always safer if you keep it to yourself.

Once you’ve been home for a week or so, toss it in the trash and don’t worry about it. (Unless, of course, you are watching your frequent flier miles, in which case you should keep your boarding pass until the miles have posted to your account. But that is a different post.)

And if your boarding pass does get mixed in with the trash or shows up in a selfie while you are traveling?

20160327-DSC_0486

Don’t worry about it.

In a word filled with risks, this is a minor one. It’s a lot more likely that the sweet waitress who served you dinner last night took an extra minute behind the counter to make a copy of your credit card for her heroin-addicted friends . . .

Facebooktwittergoogle_pluspinterestlinkedintumblr

Your turn!