In the past week or so, I have again received several emails and messages from readers that have had their IHG Rewards Club accounts compromised and points used.
You would think that IHG Rewards Club would have taken member account security as a higher priority and would have moved away from four digit PINs years ago?
You can access IHG Rewards Club here.
The modus operandi seems to be that the thieves change the email address, phone number and address one file. They used the points for either hotel reservations (sell on internet) or merchandise rewards (also easy to liquidate).
IHG Rewards Club customer service usually do replace the points that member loses but this can take weeks. Sometimes this may also require changing the account number and moving the stay history over.
I am not asking IHG Rewards Club to go overboard with their password,PIN requirements but this four digit PIN just is not secure enough!
There must be bot farms running around IHG systems trying to guess account number/PIN combinations or perhaps there are employees from customer contact center in Manila involved in this scam activity.
IHG claims that they take member account security seriously? Having four digit PIN number to access member account is not security at this day and age.