Website security

Booking your British Airways tickets online is quick, easy, convenient and safe.

British Airways makes every effort to maintain customer confidentiality when securing an online payment. This includes ensuring the security of your credit card details and other personal information.

All of your personal information is encrypted as it travels over the Internet.

How we secure your payment information when you book online

  • When you buy a British Airways ticket over the Internet, your web browser connects with the website through an SSL ("Secure Sockets Layer").  SSL is an industry-standard protocol for encryption over the Internet.
  • When information is encrypted, it is scrambled between your computer and our server. The information is only unscrambled when it safely reaches us. It's fast and safe, and it ensures that your personal information cannot be read by anyone else.
  • However, as with any standard email, emails containing your personal data sent to or from British Airways will travel in a non-encrypted format.
Once you have made a booking

As you make a booking we need to capture your personal details to go into the booking. At this point the information is encrypted. You can tell this is happening as browsers will display a key or padlock at the bottom left corner of the screen.

Completing the transaction

When you send your personal details to us, none of the information is stored on the website, it is passed straight back to our secure servers at our Heathrow headquarters, where it only exists as part of the record of your transaction.

Security messages

If you see a security message during the booking process it's simply informing you that you are entering a secure area of the site. You will also see this message when you are severing the connection with our secure server, and moving into an open, public area of the site. At this point all of your personal information has been discarded - whether or not you actually completed a purchase. Your browser can be configured to display this message or not, as you choose.

Your personal information

British Airways considers your privacy to be of the utmost importance, and we are governed by the UK Data Protection Act 1998. If you are concerned with how we might collect and use information about you, you can find a complete explanation in our Privacy Policy.

Using Manage My Booking to securely service your booking

British Airways makes every effort to ensure only authorized access is made to your booking when using Manage My Booking. This includes applying different levels of authentication depending on who you are and which services are being used.

If you are not a member of the Executive Club or you are a member but you are not logged into your account, then you will need to provide your booking reference and your surname to view your itinerary, add and change seat and special meal requests, add your Advance Passenger Information (API) or email your itinerary to a friend.

You will need to provide additional information to view details of any special meal previously requested, view or change your API or to print or email your e-ticket receipt. The additional information required is not new; it will already have been provided by whoever made your booking at that time or by you when updating your booking. Information, which may be requested, includes your passport number and associated travel details, or all or part of the credit or debit card number of the card used to make your booking. If such information is not present in your booking, then these second level authenticated services will not be used.

If you are a member of the Executive Club and you are logged into your account, we will recognise the bookings which you have associated to you through your account. We will only request additional information from you (as described above) to view or change another person’s API (on the same booking as yourself), or to print or email your e-ticket receipt.

Note: This information reflects our current security policy. If there are any changes in industry standards, the law or our procedures, the information in these pages will be updated.

Important notice about Internet fraud - "Phishing"

There is an Internet fraud practice known as "Phishing" which is the illegal gathering of personal information by deception. Unsolicited emails are sent to customers from lists illegally gathered by a third party, and ask them to enter or reconfirm bank or password details into a 'cloned' or illegal copy website.

For your protection please be aware of the following facts:

  • British Airways will never ask you to enter personal bank account or credit card details into an email or through a link sent via an email.
  • You will only be asked for your card payment details if you wish to change or refund your booking on ba.com. We require this information specifically to debit or credit your card in relation to your booking.
  • Legitimate emails from British Airways will contain your booking reference and the email will not have been sent from a web-based mail server such as, gmail, hotmail or yahoo.
  • British Airways will never request money payments through a third party, such as Western Union.

N.B. If you have reason to suspect an email claiming to be from British Airways is fraudulent, please forward it to phishing@email.ba.com to investigate its authenticity and take appropriate action.  Please note that we cannot enter into correspondence over emails sent to this address, therefore you will not receive a reply.

Please refer to our FAQs for more information.

Information provided to comply with Immigration requirements

When you travel to a country whose government requires us to provide Advance Passenger Information, you will be requested to give your passport and associated travel details on ba.com, before you fly.

British Airways complies fully with all aspects of the Data Protection Act and, as such, takes all reasonable steps to prevent unauthorised and unlawful processing of personal data.