A Delta security flaw discovered this week showed once again the need for identity authentication measures for online and mobile platforms.
Dani Grant, a passenger and hacker, found that she could share the URL to her mobile boarding pass and because there was no requirement to log in, anyone could download the pass. Grant investigated further and found that by changing a digit in the URL she could access the boarding passes of other passengers.
Grant was also able to log into Delta’s site as these passengers where she could change their seat assignments and access any personal details they have stored in the site.
This means that people could download boarding passes, change the name on the QR code to their own, and potentially board flights with tickets they had not purchased. Airports are supposed to conduct their own thorough identity checks, but often fail to do so. Additionally, photo ID checks may not have caught the problem.
Airline security is still a major concern and while Delta has said the bug has been fixed, airlines need to make online identity verification a bigger concern. As airlines move toward becoming paperless, the use of mobile boarding passes is on the rise. With this move there needs to also be a move toward tighter online security.
Delta should, at the very least, require customers to log in before accessing any flight information, especially boarding passes. By using more thorough identity verification systems, like dynamic KBA, they could prevent what could become a very serious federal aviation security issue.
In a time when security threats can harm brand reputation, taking hard line against fraud is a worthy investment.
[Contributed by EVS Marketing]