If you’re going to pick a fight with the airlines over fraud accusations make sure you’ve covered your tracks. This appears to be the lesson for one Ms. Maria Borges with respect to the American Airlines AAdvantage program. After filing a complaint seeking to recover points tied to a cancelled ticket Ms. Borges (and the rest of the world) are seeing the level of detail to which American Airlines can mine data, and also learning what it is like to be accused of conspiracy to defraud a company.
The masterminds behind this scheme appear to be the Complainant’s son-in-law and daughter, i.e., her co-fraudsters, who also violated the AAdvantage Terms by utilizing nearly identical means to improperly obtain bonus miles for deposit to additional AAdvantage accounts established under their names, but on a stunningly larger scale as discussed in Section III.
Ms. Borges filed the complaint, but American asserts that she is not the brains of the scheme. Her daughter and son-in-law (SIL) appear to be at the core of this operation, and American has the emails, phone calls, ticket details, mailing addresses and more to connect the dots.
Too many accounts, too many bonuses
It is very unlikely that a trio of legitimate actors would have opened 45 co-brand credit cards over a 4 year span. And, even if that was legitimate, using 16 different AAdvantage account numbers in an effort to continue the ruse is almost certainly a bad idea. And those are just the accounts American can prove. The carrier notes that an additional nine cards were opened under five accounts for different named individuals at the same address as the Borges.
Indeed, the January 2020 email from the Complainant directing American to close her AAdvantage account was sent from one of several email accounts belonging to either her son-in-law or daughter and used to open AAdvantage accounts in furtherance of the fraud. The ticketed beneficiaries of the miles redeemed from the Complainant’s AAdvantage account were her son-in-law and daughter…The Complainant’s AAdvantage account activity thus was clearly part of a larger enterprise involving her son-in-law and daughter.
Ultimately American says that more than 1.4 million points were fraudulently accrued by the trio using new cardholder bonuses between May 2018 and the beginning of 2020 when the accounts were closed.
After the son-in-law’s account was terminated for fraud the trio cashed out Borges’ account, issuing a pair of seats to Hawaii. Then Borges closed her account and the daughter’s account was terminated for fraud. A couple months later a scheduled change hit and they decided to risk a refund request on the tickets. The SIL or his father made no fewer than 19 calls to the carrier (Note: Hang up/Call again doesn’t always work, as I well know) to request that the points be refunded. But because the account was closed they would need to be refunded to the new account Borges created and the airline was not keen on that idea. Also, American is pretty sure that on at least some of the calls the same person claimed to be either the SIL or the SIL’s father.
Tracking the applications
Lest there be any doubt, American Airlines now makes it clear that the company has the ability to track accounts using details like address, phone number, email and more. The carrier spells out how it has followed some of those trails in the Borges case, including that it can dedupe email addresses from Gmail that have periods in the middle as an effort to obfuscate the account.
The email used by the Complainant for account 2AF9N50 was the same as used for another AAdvantage account associated with the Complainant’s address, and the telephone number used was the same as used by the Complainant’s daughter for one of her AAdvantage accounts that previously had been terminated due to fraud. And, although unmentioned in the Complaint, another AAdvantage account was opened by the Complainant on December 17, 2019 (one day before the Hawaii itinerary was booked from Account 1LJ73H8), using yet another email address and phone number. Also, perhaps not coincidentally, on January 18, 2020, American received a request to close yet another AAdvantage account associated with the Complainant’s street address. The request to close that account came from an email address used often by the Complainant’s son-in-law in connection with other AAdvantage accounts terminated for fraud. Over 250,000 miles had accrued to that account since May 2018, with six award tickets redeemed from the account between January 16 and 18, 2020. All but 1,000 of the 250,000 miles that had accrued in the account were from Citi Card accounts, including New Account Mileage Bonuses.
There was also a point where Borges claims that she applied for a Citi card using a flight attendant-provided application. American rightly points out that only the Barclay’s-backed cards are available in flight. Borges also misrepresents the bonus points earned on the cards that were legitimate, which does not help her standing with respect to the more fraudulent actions.
Online monitoring, too
American also notes that its corporate security team monitors FlyerTalk, Reddit, and other online forums to track such practices and tune its detection processes. Indeed, the ability to manipulate the online application for new card bonuses was a huge problem for American Airlines. And the conversations online helped tip the company off to these actions (emphasis added).
For a period of time and due to a technical issue, certain unscrupulous individuals were able to circumvent security protocols in place designed to prevent the accrual of multiple New Account Mileage Bonuses within the specified timeframe. More specifically, a small number of individuals acting in bad faith obtained invitations not intended for them – either by establishing multiple, bogus AAdvantage Accounts or getting their hands on mailers or emails addressed to third parties. Once the individual had the invitation and unique code, he or she would apply and change information during the Citi Card application process to match his or her actual identity and AAdvantage account, which otherwise would not have been eligible for a New Account Mileage Bonus. Disclosures, including those provided when accessing the online application via aa.com (as will be demonstrated in Section III, infra), clearly notified prospective applicants that only new Citi Card account holders were eligible for the New Account Mileage Bonuses. These unscrupulous individuals repeatedly bragged, in online forums such as FlyerTalk and Reddit, of their schemes. As shown in Exhibit AA-1 hereto, several individuals posting to these online communities would share strategies on how to “game” the Citi application process. Some of their postings explicitly acknowledged that the schemes were in violation of the AAdvantage Terms and contained “tips” on methods to evade detection by American and Citi. Once American became aware of these fraudulent activities, it conducted a review of New Account Mileage Bonuses, which ultimately identified the Complainant’s son-in-law and daughter as among certain AAdvantage members who engaged in misrepresentation and abuse of the Program at issue.
Lessons learned?
So, is there anything useful to take away from this tale?
If you’re gaming the program it seems the biggest lesson is that the airlines are (or can be when properly motivated) far better equipped to track fraud than many give them credit for. And they really do record the calls and use those recordings when it is useful for responding to challenging situations.
And, for the rest of the loyalty program world, just a reminder of the lengths to which people will go in an effort to score a “free” plane ticket.
The full DOT filing can be found here.
A favor to ask while you're here...
Did you enjoy the content? Or learn something useful? Or generally just think this is the type of story you'd like to see more of? Consider supporting the site through a donation (any amount helps). It helps keep me independent and avoiding the credit card schlock.
Red says
“For a period of time and due to a technical issue, certain unscrupulous individuals were able to circumvent security protocols in place designed to prevent the accrual of multiple New Account Mileage Bonuses within the specified timeframe.”
This is post-facto B.S.
Talent Hacker says
Easy solution for AA is to start collecting id proofs like drivers license etc to create a FF account. Replicate what coinbase, and other crypto wallets do…. KYC .. know your customer
Kirk says
This article seems written by an AA executive, but it misses one critical point. The cards in question and points awarded were by CitiBank, not AA, and it was Citi that allowed the duplicate cards to be issued and points earned. It ignores the fact that by cancelling one’s AA account AA stole many points not earned via cards
Seth Miller says
I assure you I do not work for AA.
In this particular case – and only in this case – the company outlines a repeated behavior of opening multiple accounts for the purpose of securing new CC sign up bonus points. Opening multiple accounts for the same person is definitely a violation of the AA rules, not the Citi rules.
Separate from that is whether opening multiple CCs with a new account bonus that was garnered through less-than-pristine circumstances would be a violation of AA rules, Citi rule or both.
Hakeem says
This really does come off as one sided though. How about a situation that Citi kept repeatedly spamming my mailbox with no lifetime language terms. Because I was shutdown for this and I did nothing wrong. Citi sent them to me with no terms.
Seth Miller says
And what did the T&Cs say on the application you filled out? Not the mailer, but the actual application? I think Citi/AA made plenty of mistakes along the way. Their promo targeting mechanism was very broken. But that doesn’t change the rules.
And it is not just Citi. I’ve received similar targeting from Chase to get a bonus I know I’m not eligible for on cards, FWIW, though not as aggressively as Citi/AA’s push.
Robert says
This is hilarious. I started this “game” seven years ago and thus am a relative newbie compared to Seth but there has never been a shortage of people being shutdown and then trying to play the victim card.
JCans47 says
Certainly sounds like fraud. But then AA would know since they have been gaming the system against honest, loyal customers for a long, long time.
HaveMiles says
Honest loyal customers like Ms Borges and her family? 😉
Barbara L Patterson says
You bring up a very valid point. Who hasn’t been annoyed by, for example, a phone company offering amazing deals for new customers, but denying that same deal to loyal customers who pay their bills on time for years? AA seems to always be in the middle of whatever is in the news.
I prefer to fly Delta. Better service, nice people, good options, they are quietly going about their business.
Hmmmmmmm
Seth Miller says
Delta/AmEx also offer sign up bonuses on the cards but not a bonus to keep the cards. Nothing particularly different there.
I tend to agree that the inflight service is probably better at DL on average relative to AA, but that’s a much different discussion than the CC/points opportunities.
Recap: American Airlines Details Fraudulent Behavior & More - Doctor Of Credit says
[…] American Airlines details fraudulent AAdvantage behaviors by Wandering Aramean. […]
DaninMCI says
I think at the core of all this is a few issues with morality. But even putting that aside they seemed to be smart enough to open all these accounts to only earn 1.4 million miles? Seems low. In addition they used all this work to end up in a place where they actually helped raise a red flag by asking for a ticket refund to a closed account and then when busted they file a legal complaint? This group gives a bad name to churning and may be lucky if Citi and AA don’t take them to court.
Seth Miller says
There is roughly zero chance of an actual court case here. Neither Citi nor AA want to open up that discovery opportunity. And there’s minimal additional value te companies can realize that is better for them than just shutting down the accounts.
2808 Heavy says
It’s interesting that folks don’t think that these companies frequent the same sites/blogs as we do. You don’t think for a minute that Amex doesn’t realize that one is spending $6k a week at the grocery store on the Amex Gold? Sure they do. Just because they haven’t acted upon such doesn’t mean that they’re ignorant to what’s really going on.
They all have a tolerance level…stay within said level and you’re fine…go outside those lines and you have closed accounts and points that are clawed back. Look at what’s happening over at Amex now with the Hilton/Delta/Marriott card. Those who racked up thousands of points during the past couple of months using their cards at the grocery store are now realizing that it was all for nothing as there are more and more stories about points being withheld or clawed back.
Seth Miller says
Especially if you ever meet any of them in person and realize that many are also points junkies (NRSA or ZED/ID90 fares only go so far). The number I know who also buy mistake fares (on competitors, of course) is well above zero.