Do you remember where you put the boarding pass after completing your last flight? Did you leave it in the airport, or in the taxi? Not a smart thing to do, say a few of the global aviation experts. Anyone, a hacker or a stalker, can use the barcode on your boarding pass to get your personal information; including your address.
Brian Krebbs, an American security expert and blogger, set off an intense debate late last year on the possible hazard of a boarding pass. He took the screenshot of a boarding pass photo that his friend had shared online, and decoded the data using a freely available barcode reader. Krebbs got his name, frequent flyer number and record locator.
A record locator has specific information regarding a reservation, including the passenger name record, or PNR. But in some cases, it could contain even more data. Krebbs used the record locator to access his friend’s account, which included his travel itinerary and phone number. A hacker, the security expert added, could use this access to change or cancel travel plans and reset the PIN number of an account. If the secret question to change the PIN is, “What is your mother’s maiden name?” the hacker just has to visit the account holder’s Facebook profile, which in most cases would have the information.
IATA, or the International Air Transport Association, had published the global standard for bar-coded boarding passes in 2005. It soon became an industry practice, as airlines looked to eliminate the older norm of magnetic boarding passes, which were more expensive to maintain. The new technology enables web and mobile check-in, which saves the airline industry hundreds of millions of dollars every year. Since then, the standard has been used by 200 airlines across the world, including in India. While all boarding passes have information like the name of the flier and booking reference, some airlines also include the frequent flier account number.
But can a boarding pass really compromise one’s safety? Not really, says Ankur Bhatia, Executive Director, Bird Group, which specialises in travel technology. “The ticketing systems have been there for years and till now, one hasn’t come across a serious issue regarding this. Someone could fool around with the information. But other than that, what would you gain by having someone’s travel information?”
The most sensitive information on the boarding pass is the frequent flier account number, which becomes a one-stop destination for the airline to get all the information of a passenger. It is debatable if airlines need to include this information. But just to be careful, fliers can prevent an unpleasant experience by disposing of their boarding pass after the flight. And if one has to really share a picture of the boarding pass online, just make sure to avoid the barcode.