The idea is to only charge for flights upon checkin.
There are a myriad of problems with this, to name two:
- an attacker could easily book many flights without checking in. This would cause the airline to fly at a loss.
- customers do not control when checkin starts, airlines do. An airline could easily play tricks (checking 1hr before boarding).
Wrt the 2nd one: this is easily mitigated by having a mandatory eg 2-week period for checkin... but then we're sort of where we are today, just with more uncertainty if the bookers can actually pay for their flights.
> an attacker could easily book many flights without checking in. This would cause the airline to fly at a loss.
An attacker could easilly ask for many ambulances to random addresses, by calling from different phone numbers. They can do the same with the police and fire department, and as a result real people will die because emergency services are not avaliable.
An attacker can book hotels where you pay on arrival. They can order thousands of pizzas with cash payment on delivery.
They can probably do even order a truck full of cement if they can pull off an act.
There are thousands of possible contrived scenarios, life is full of possibilites. You aren't designing an API
This is like 'men will pretend to be transgender and be hanging out in feemale toilets' - random fictitious scenario divorced from reality.
> An attacker could easilly ask for many ambulances to random addresses, by calling from different phone numbers.
Phone numbers can be traced, and anonymous sources like a payphone are relatively rare. Getting access to more than a few phone numbers is generally going to be difficult unless they all trace to a central source (office, school, etc.) - at which point your odds of getting caught go way up.
> They can order thousands of pizzas with cash payment on delivery.
Um. Really? Is "cash on delivery" even an option where you live? I would certainly expect any sane company to get suspicious here.
There's a huge difference between exploiting a company's lack of validation VS exploiting a legally required lack of validation. The pizza company is choosing to accept cash on delivery, whereas this proposal is to force airlines. That's a huge difference and it's alarming that you don't see the relevance.
> You aren't designing an API
When you force the rule on others, I think you do owe some responsibility to think about the consequences.
> random fictitious scenario divorced from reality.
It seems ridiculous to dismiss concerns about a proposed policy by saying we have no evidence it will happen. Of course we haven't seen it happen yet: the law hasn't passed. Conversely, we have centuries of data on whether men will pretend to be transgender. Again, this is a very big difference.
I'm not against reasoning by analogy, but these are all terrible analogies.
> Um. Really? Is "cash on delivery" even an option where you live?
I can order a fridge with cash on delivery. There is a hundred of other examples.
I can come up with a fictisious 'attack' for any policy you will ever propose. The budgen is on you to argue that this 'attack' makes any sence and would be common, not on me to disprove every scenario you come up with.
You provided no argument whatsoever, why would anyone bother with this 'attack'. It doesnt. make you any money, it does nothing usefull
Swatting someone doesn't make any money. It doesn't do anything useful. And yet it still happens. The notion of people on the internet using tools solely out of malice should not be a novel one.
> I can order a fridge with cash on delivery. There is a hundred of other examples.
But again, that's an example of a corporation choosing to trust you. This is about a policy requiring it. The corporation can trivially stop sending fridges if this becomes an issue, but government policies are a lot slower to react.
I still doubt you can actually meaningfully order a large quantity of anything without providing substantial proof of your identity, to avoid exactly this sort of abuse.
You keep saying you can, but you're not providing any actual concrete examples - what specific store are you ordering these fridges from, and we can compare their policy to this proposed law. If I can really order a thousand fridges, I will happily concede the point, but I somehow doubt they'll let me.
You Can Help By Expanding It. People with user-level access to our systems are becoming less trustworthy. You can tell because abuses used to never ever happen at all.
They could implement some intermediary holding account.
Customer pays inn money, airline gets the money when the customer boards the airplane. If the customer does not board the airplane as scheduled, or and the plane has left, airline still gets the money. If customer does not board due to cancelation or similar event, money is refunded back to customer.
With modern payment systems (at least here in Europe), the transfers are more or less instant.
Yup. And if you think airlines are slow to give refunds, wait until you've chased the general public for payment for services they didn't use and don't want to pay for! Which simply means substantially more expensive tickets, and people with bad credit don't get to fly.
And still the airlines will slowball on mandatory compensation where it's owed
Isn't this what escrow accounts exist for? The airline shouldn't hold your money in the interim, someone else does. If the airline cancels, you get it back, if you fly or otherwise breach the contract (no show, cancel your ticket) then they get it.
It's basically insurance at this point, but someone just has to set up a company that buys your ticket for you and handles the legal cases (eg they pay out to you and start a reconciliation process with the airline) in the event of a default from either side.
I'm generally against making regulations that introduce mandatory middlemen, unless absolutely necessary. It entrenches a type on company into a field while generally failing to allow them to be optimized away if a better solution is later found.
But as a general option that someone could create a company for, it sounds like a good idea if its profitable.
No, having money in holdings between transactions is as standard thing to do in many situations. Fully transferring the money with a “requirement” for a refund in a “timely manor” is what we have now. With some proper committing the money 6 months before takeoff, and not getting it back until the “timely” refund lands in their bank account 6 months after the flight is canceled.
Agreed. General consumer protection laws would cover this just fine, with the added benefit of applying everywhere, not just airlines. On the other hand, airline tickets are one of the larger priced things people tend to buy regularly, so maybe it anyways does make sense to single them out.
For most people, my guess is the solution would be credit card payment where at the time of booking they take a temporary hold on the card which is only actually charged once you board. Similar to how typically with online shopping your card is only charged once the item actually ships.
This is how I understood it to work. When you buy your plane tickets now, that money goes into an escrow account and stays there until you check-in for your flight and is not released until check-in happens. This is why airlines like you to do early check-in.
Yeah but you need to provide proof of ID and the like if you book a flight; identity fraud / theft is a big deal, especially when it comes to planes, especially post 9/11. That's Homeland Security / FBI levels of shit the perpetrator would be in. And for the airline, it's just some financial impact.
Re: check-in times, that's easily solved with some legislation.
Did you pay as you boarded? Do not assume the same rules will apply when there is a dramatic change.
If a company isn't going to charge until boarding, and will charge a fee for no shows then you can be certain that they've collected identification and a payment method. Otherwise, how would they charge no shows?
Not in the UK. You can book a Ryanair flight as Mickey Mouse if you want. You just won't be able to check in unless you have a passport under that name.
They have sometimes (in London or San Francisco I noticed that) new boarding processing where you are required to show passport and boarding pass that is automatically scanned.
However everytime I see it, it delays the boarding and they skip the procedure to the default boarding pass only.
Meh not so easily, you would probably need multiple cards / identities. And to do it in a way where they can't find/sue afterward does not seem so trivial to me.
It's not like it would be the first industry where it would apply, made many hotel reservation where the payment is done only when checking.
> an attacker could easily book many flights without checking in. This would cause the airline to fly at a loss.
Yes, an “attacker” could “easily” steal the identity of 20-30 people in order to create fake bookings to disturb the a single flight one time. Though it would be easier to sneak a bomb aboard it.
Agreed with all above. I would add that this won't help customers either as regardless you paid upon check-in or not, this does not address the ultimate point for customers: go to their destination on agreed time.
It helps in two cases: ① The airline closes suddenly, as has happened twice in Germany in the past years (Swissair and Air Berlin both left many Germans with paid tickets and cancelled flights). ② the airline cancels that flight or just that ticket, in which case the airline has to quarrel with its customer(s). It's advantageous for the customers to hold the money during that quarrel.
Point 1 is a complete non-issue with a credit card, especially in the UK, where the Section 75 process is quite streamlined, but either way that liability would fall on the issuing bank/insurer at that point.
2. Also a non-issue with a credit card. If you clear your balance in full, it doesn’t really matter that they might take some extra time in getting that money back to you.
I googled a bit now and found several pages written by people who say that you can do a chargeback in these cases, and also found several pages by people who didn't manage to do it. Guess what I did not find.
I searched in German and Italian about the Swissair, Air Berlin and Alitalia debacles, and I did not find any news articles that said that credit card customers had received their money back.
Come to think of it, there might also be a press release or ad-hoc exchange notice saying "banks had to refund x billions due to visa chargebacks", I could have searched for it, so why not now? I found https://ec.europa.eu/info/sites/default/files/chargeback_rep... now, which appears to imply that if you win the dispute (should be easy), your chargeback becomes a claim against the bankrupt airline and you'll get something or nothing, depending on how much is left in the airline.
> your chargeback becomes a claim against the bankrupt airline and you'll get something or nothing, depending on how much is left in the airline.
No, you get your money back, and the bank now has a claim against the airline.
I haven't been through this exact scenario in my life, but I've been in plenty of non-delivery situations, however, I can't make a good faith claim that they were flat-out chargebacks, because on all of the cards that I made the purchases with, purchase protection or insurance was a listed benefit, namely on the Amex Platinum.
But there must be a card with similar chargeback benefits that's available to everyone in basically every EU country.
Nevertheless, there are plenty of opportunities to get your money back in such a situation.
As customer who experienced this not far than yesterday, my priority was to flight asap. Not to enter in litigation with the company ( which is incredibly painful). Moreover if you pay your ticket peanut ( Ryanair or easyJet in Europe), I doubt you will consolate yourself with that advancement.
It might make airlines a little more punctual if they don’t get paid until later in the process, and if we build in something like automatic discounts for delays.
I know the airline industry is a tough one, but I’ve had some brutal delays in my time and they do play a lot of games. I wouldn’t mind seeing a bigger stick hanging over them for consumer protection.
There are a myriad of problems with this, to name two:
- an attacker could easily book many flights without checking in. This would cause the airline to fly at a loss.
- customers do not control when checkin starts, airlines do. An airline could easily play tricks (checking 1hr before boarding).
Wrt the 2nd one: this is easily mitigated by having a mandatory eg 2-week period for checkin... but then we're sort of where we are today, just with more uncertainty if the bookers can actually pay for their flights.
So, not a big fan.