Person using a laptop
Member account security

The security of your Frequent Flyer membership account is important and we're committed to protecting your personal details. You also have an important role to play in security. To help secure your account here's some simple steps you can take to protect yourself online and beyond.

Security tips

Security tips for your Frequent Flyer details

  • Don't share your PIN or write down the number. Remember, your Qantas Points are valuable and should be treated like cash.
  • Change your PIN regularly and avoid easy-to-guess numbers like birthdays, telephone or street numbers.
  • Setup your account with secure Two-Factor Authentication (2FA) methods including Time-based OTP (TOTP) and Custom Security Questions by going to your “Profile” page on qantas.com.
  • Report any suspicious account activity immediately to the Frequent Flyer Service Centre.
  • Keep your personal details up-to-date so we can easily contact you if we need to.
  • Report lost or stolen membership cards to the Frequent Flyer Service Centre as soon as you become aware.

Security tips for your Qantas Business Rewards details

  • Don't share or write down your password.
  • Change your password regularly and avoid easy-to-guess words.
  • Keep your details up-to-date so we can easily contact you.
  • Report any suspicious account activity immediately to Qantas Corporate Sales.

Security tips for your general computer use

  • Keep your computer safe - use up-to-date security software and install updates when they become available. Turn on automatic updates so all of your software remains up-to-date.
  • Reduce the risks to your computer - don't open emails from unknown contacts or visit websites that aren't trusted. Be aware of the links you click on within emails.
  • Always log out of your Frequent Flyer or Qantas Business Rewards account after your session and close the browser window if you're using a shared computer.
  • Be aware of your computer's security settings and ensure they meet your needs. Speak to your internet provider if you need advice on the recommended level of security.
  • Before you dispose of your old computer, remove all traces of your personal data.

Security tips for your smart phone

  • Put a password on your device; a PIN on your SIM card; and set your device to automatically lock after a few minutes of inactivity. Your PIN will then be required to unlock your device.
  • Encrypt your data if your device allows this - encryption secures your data if your device is lost or stolen

Following these simple steps will help protect your personal details and assist in keeping your Frequent Flyer and Qantas Business Rewards account secure.

For further information and the latest advice about protecting yourself online, visit the Australian Government's Stay Smart Online website.

For details on how we protect the privacy of your information see our privacy and security policy.

Password tips

Passwords and PINs protect your personal information against unauthorised access. That’s why it’s so important to use strong combinations of letters, symbols and numbers to protect your privacy.

  • Passwords and PINs should be kept secret, difficult to guess and be more than 10 characters long. You should also use a mix of upper and lower case letters, numbers and symbols. Also, try creating a unique password for each site to help protect your accounts in case your password is compromised.
  • Did you know that criminals use automated software that can guess thousands of passwords per minute? That’s why it’s important that you don’t use recognisable words or names in any language, repeated characters, personal information and anything you have previously used.
  • A great way to remember your password is to think of a phrase and then change some of the characters to make it a strong password. For example: 'I like Australian red wine' can be modified to Ilike0zzieR3dwine. For more tips on remembering strong passwords, visit www.staysmartonline.gov.au.
  • Just like passwords, PINs need to be strong and unique to you. PINs should be a random mix of numbers, letters and characters. You should avoid using obvious patterns like 1234, postcodes, birthdays or other significant dates and numbers.
  • Remembering all of your passwords or PINs can be tricky. That’s why installing a password manager could be an option. This handy piece of software generates and remembers secure passwords. However, one disadvantage is that if the password manager is breached, all your information is accessible.
  • The first step is to change your password for all sites or accounts where you use that password. Depending on the circumstances, you may also need to contact your financial institution or other services. If you believe your personal information has been put at risk, you can contact IDCare on 1300 432 273 or via www.idcare.org for support.

Two-step verification

Qantas Points are valuable, and we've noticed a rise in the number of attempts by cyber-fraudsters to access Qantas Frequent Flyer accounts. As part of our commitment to protecting the data of our members, Qantas Loyalty is phasing in a Second Factor Identification Process - more commonly known as two-step verification.

How two-step verification works

Two-step verification offers you an extra level of security, by helping to ensure your account isn’t accessed without your authority. You may be asked to provide a one-off, randomly-generated secure code when you login to your account. This will be sent to the mobile phone number you've registered with us, so please make sure all your details are up to date. Alternately, you can answer three out of four security questions.

Frequently asked questions

Why am I receiving an SMS when I want to access my Qantas Frequent Flyer account?
Cyber security is a priority at Qantas. That’s why we’ve introduced an added step to our security protocol. You’ll now be sent an SMS with a verification code when you attempt to log in to your Qantas Frequent Flyer account. You’ll only need to enter this verification code once every month, provided you always log in from the same device. After one month, you’ll be sent another SMS and given a new verification code. You’ll need to repeat this process if you log in to your Qantas Frequent Flyer account from a different device.

What will this message look like?
Once you've entered your membership number, surname and four-digit pin, and selected ‘Log In’, a popup will appear to advise you that an SMS with a verification code has been sent to the number you have registered with us. We’ll remind you which mobile number this is, with a few digits masked for security purposes.

How long will the SMS be valid for?
Once you receive your verification code, you’ll have 10 minutes to enter it and log in as shown in the window below. If you don’t use this code within 10 minutes, you can either reload the page and generate a new verification code, or follow the steps outlined in Question 4.

I don’t have my mobile with me or have recently changed my mobile number. Can I still log in to my account?
If you cannot access your mobile or the verification code for any reason, simply select ‘I need to verify another way’, as shown in the window below. You’ll then be taken through a series of security questions, allowing you to log in.

What happens if I enter the verification code incorrectly?
If you enter the verification code incorrectly 3 times, you’ll be automatically taken through a series of security questions. Please note that you’ll need to answer at least 3 out of the 4 security questions in order to log in, and this must include your mother’s maiden name. After filling in the fields for at least 3 questions, simply click on ‘Verify’ to continue.

Catching a Phish - staying alert

Phishing is when scammers deliberately create an email designed to trick you into sharing your security and personal information - this can include information that could give them access to your Qantas Points.

Incidents of phishing are on the increase and are becoming more sophisticated and targeted. They may even appear to be from a company such as Qantas or Qantas Frequent Flyer, and could use your name, along with logos and disclaimers that look familiar. So pause before opening every email and stay safe with our top tips.

Tip 1: Stop before you click and think Suspect, Search, Ignore!

  • Suspect - the scammers’ strategy is to create emails that appear to come from those we trust.
  • Search - a quick web search usually reveals whether it’s authentic or a trick.
  • Ignore - don't click on or respond to anything suspicious.

Tip 2: Look for the signs it’s a trick

  • Is the email address it’s from genuine?
  • Is the website they’re sending you to genuine?
  • Is the company’s logo genuine?
  • Does it contain poor grammar or spelling errors?
  • Has it no content except for a hyperlink?
  • Has it asked for any personal details?
  • Has it asked for details the authentic company never asks for, such as PINs, passwords and bank account details?

Tip 3: Be prepared for cyber-attack

Be secure by making sure your computer’s firewall, anti-spyware and anti-virus software is kept up to date. Stay alert, to steal from you, scammers pretend to be those you trust.

For more information, go to www.staysmartonline.gov.au, which provides online guides and information to protect yourself and your computer from cyber security threats.

Tip 4: Qantas and Qantas Frequent Flyer red flags

Qantas will never ask for details including bank account, credit card, PIN or passwords on email or surveys.

Be aware of email domains with additional numbers or variations. Genuine e-mails will always come from an e-mail address ending in @loyalty.qantas.com, @qantas.com, @e.qantas.com and @qantas.com.au such as the address frequent_flyer@qantas.com.au.

If you think your personal Qantas Frequent Flyer details have been compromised then call the Qantas Service Centre on 13 11 31.