• The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 30 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 30th anniversary: Happy 30th Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Free memberships for every 50 subscribers!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $21,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $21 Million dollars
  • Sign up to get the TUG Newsletter for free!

    60,000+ subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!

Security in accessing an MVC account

Saintsfanfl

TUG Member
Joined
Mar 7, 2012
Messages
8,844
Reaction score
630
Points
399
Location
Central Florida
I've been thinking about this since it has been a hot topic lately and it has occurred to me that MVC does not have any account information that is confidential in order to verify the true identify even if they wanted to. The name and address are on the deed and available to any person on the entire planet. The email address or phone number can be had pretty easily and sometimes show up with cross reference background searches. What else is there? I am pretty sure those four items are all they have. It would be pretty easy for someone to call and pose as another owner, book a reservation, and then and add their own name as a guest. I think the only reason it doesn't happen is it would be extremely difficult to get away with since the true owner would get an email and maybe see the reservation on marriott.com. The scammer could probably change the email address but the old one would hopefully get an alert.

I think they should use a verbal code word or something less accessible for verification when you call. My mom had her identity stolen and utilized recently and she now has verbal code words on all her bank and credit card account for when she calls in.
 

SueDonJ

Moderator
Joined
Jul 26, 2006
Messages
16,612
Reaction score
5,778
Points
1,249
Location
Massachusetts and Hilton Head Island
Resorts Owned
Marriott Barony Beach and SurfWatch
With marriott.com accounts you can definitely ask them to start using a code word when telephone attempts are made to access your account. This has been allowed since before the timeshares were spun off but I'm not sure if you could have asked for the same security protection with my-vacationclub.com accounts when the timeshares came under the Marriott, Int'l umbrella.

After the two breaches this past week it's certainly something that MVW should consider allowing us for our owners.marriottvacationclub.com accounts - I'd sure take advantage of that extra level of protection.
 

Old Hickory

TUG Member
Joined
Dec 10, 2007
Messages
1,458
Reaction score
1,001
Points
523
Location
Tennessee
With marriott.com accounts you can definitely ask them to start using a code word when telephone attempts are made to access your account. This has been allowed since before the timeshares were spun off but I'm not sure if you could have asked for the same security protection with my-vacationclub.com accounts when the timeshares came under the Marriott, Int'l umbrella.

After the two breaches this past week it's certainly something that MVW should consider allowing us for our owners.marriottvacationclub.com accounts - I'd sure take advantage of that extra level of protection.

I only read through the two threads. Has it been determined that these were deliberate actions to break the rules?
 

Saintsfanfl

TUG Member
Joined
Mar 7, 2012
Messages
8,844
Reaction score
630
Points
399
Location
Central Florida
I only read through the two threads. Has it been determined that these were deliberate actions to break the rules?

By who? Marriott or the non-owner making the request? In my case the Marriott rep openly admitted they broke their own rules although he acted like he had some type of discretion to do so. He knows what he did could get him fired which is why he didn't want me following up with any other rep on the matter. My renter who made the request wasn't really trying to do so fraudulently although he definitely twisted the truth in trying to convince the rep. He knew what a pain it was for me to call daily trying to get his date and he knew I wasn't likely to do it so he tried to do it himself.

The other case probably was done intentionally by the requester and someone at Marriott carelessly approved it. Or a new rep approving deposits didn't know you couldn't deposit into a guest II account. Either way it was an oversight.

This thread is a little different because it is more geared towards someone calling MVC and pretending to be an owner. That's not what happened in the two breaches.
 

SueDonJ

Moderator
Joined
Jul 26, 2006
Messages
16,612
Reaction score
5,778
Points
1,249
Location
Massachusetts and Hilton Head Island
Resorts Owned
Marriott Barony Beach and SurfWatch
I only read through the two threads. Has it been determined that these were deliberate actions to break the rules?

In the first instance the II rep confirmed that the II deposit went through without being flagged/stopped by either II's or MVW's systems (that are supposed to safeguard that deposits can be made only with owned Weeks into the owners' accounts by the owners.)

In the second the MVW rep admitted to the Weeks owner that he took it upon himself to change the Owner's reservation at the guest's request, knowing that he was violating the rules while doing it.

In both cases actions were taken without the owners' consent or knowledge so I'd say it's definitely correct to call them security breaches. IMO whether or not they were done with deliberate intent to break the rules or with all good intent doesn't mean anything, except that the protections which should have been afforded to the owners in any event didn't happen. That's reason enough for me to justify more security measures.
 
Last edited:

SueDonJ

Moderator
Joined
Jul 26, 2006
Messages
16,612
Reaction score
5,778
Points
1,249
Location
Massachusetts and Hilton Head Island
Resorts Owned
Marriott Barony Beach and SurfWatch
Top