Guild Wars 2

Why won’t they even mention why or at least give a reason why you cannot remove your credit card information.

It’s almost a shady money grab.

No it isn’t! there has been people that have been compromised already through the account being hacked and the CC stored has been used to purchased more gems to buy more gold coins,that’s the point you are missing.

Bluest.5123:

No it isn’t! there has been people that have been compromised already through the account being hacked and the CC stored has been used to purchased more gems to buy more gold coins,that’s the point you are missing.

If you’re not happy (which quite frankly if you want your CC info removed, that request should be fulfilled.) Then you should cancel your card (issue a new one) and do a charge back on any payments made to ArenaNet.

My guess they are well aware of what’s happening to accounts being hacked and what the hackers are doing through the stored CC info,it’s more money in the bank for them.

That’s why I call it shady,I forget the term when a company does this but there is a definition for this type of practice.

GaileGray.9587:

Bluest.5123:

Why won’t they even mention why or at least give a reason why you cannot remove your credit card information.

It’s almost a shady money grab.

I can offer a partial answer, and then get more info for you later.

The purchase sites are extremely secure. And from what I recall, on our end the CC number is encrypted and not retained in it’s visible state. So if you can see it, I believe that we cannot see it, it just looks like **** to us.

Will get you more information if this remains a concern, but I really feel you’re ok.

My good lord Gaile, how is this even vaguely ok? You should never, EVER have to save your card details. Most times you are given a choice. While the card can’t be used for out of game purchases, it CAN be used for in game purchases, and the EULA clearly states that no refunds will be given for gem store purchases under any circumstances, and that you are susceptible to being banned if you request a charge back from your bank. If someone’s account is compromised, those details can’t be used for outside purchases, but they can sure be used for a HELL OF A LOT of in game purchases. It has happened to people with hacked accounts already.

You should never, EVER have to save your card details on any online services without being offered a choice to do so. I’d rather enter them new each time personally.

You are breaking the law by retaining information pertaining to a personal account when the individual has decided that they no longer want you to hold that information.

Now, fix it.

There is nothing left to say and no lawful argument to be had on your part. Your system is broken and it is leading to financial harm for your users.

GaileGray.9587:

Bluest.5123:

Why won’t they even mention why or at least give a reason why you cannot remove your credit card information.

It’s almost a shady money grab.

I can offer a partial answer, and then get more info for you later.

The purchase sites are extremely secure. And from what I recall, on our end the CC number is encrypted and not retained in it’s visible state. So if you can see it, I believe that we cannot see it, it just looks like **** to us.

Will get you more information if this remains a concern, but I really feel you’re ok.

What Anet is doing storing that info with no way for the user to remove the details is illegal. It has, as said already, caused people who stored their info and had their accounts hacked fraudulent actions taken against their credit cards. Someone lost £200!!! Thats $320 USD because of Anet storing the 3 digit CVV/CVC code which is also illegal to do.

I have requested that I get a refund on everything I have on my account (old GW titles are requested at todays prices the cheapest I could find) as your system is unsafe and Anet is not bothered with the way it illegally holds information, thusly I am not happy with my information being stored on Anet servers.

That is before the storm comes and Anet is fined massively for illegally holding information they should not have (cvv/cvc and start and expiration dates) and also not allowing people to manually remove it quickly. IT IS DISGUSTING.

IMHO Anet will be lucky to make it christmas.

That’s great and all that it looks like “****” on ANet’s end. That’s hardly not the issue here, though.

The problem is when an account is compromised with CC details saved after purchases.

And we all know how absurdly inconsistent support has been trying to fix email/account name change issues.

I sincerely hope many of you did not purchase anything through the store.

I purchased the CD key through a cheaper 3rd party and do not plan on buying any micro-transactions items unless it is offered through google wallet or some other 3rd party gateway. After all this, me… who hasn’t even entered my info to anet, would never trust them with my card details after knowing of these practices.

It’s that kind of negativity and bad vibe, no trust from consumers that lead to company down falls. I hope Anet make the right decisions on this one. Good luck to all of you who are at the mercy of them holding your card info, I’d flip my lid if i was in your situation, I’d personally cancel my card at my bank though and get them to re-issue you a new one.

Thor.4580:

I purchased the CD key through a cheaper 3rd party and do not plan on buying any micro-transactions items unless it is offered through google wallet or some other 3rd party gateway. After all this, me… who hasn’t even entered my info to anet, would never trust them with my card details after knowing of these practices.

It’s that kind of negativity and bad vibe, no trust from consumers that lead to company down falls. I hope Anet make the right decisions on this one. Good luck to all of you who are at the mercy of them holding your card info, I’d flip my lid if i was in your situation, I’d personally cancel my card at my bank though and get them to re-issue you a new one.

That’s what I’ve done. I decided it was safer to have a new card, so now it doesn’t matter that the old card details can’t be deleted. There is absolutely no way I’m entering my new card details in to the system though.

GaileGray.9587:

The purchase sites are extremely secure.

The security of the CC system is the security of the weakest link. In this case the security of game accounts. Accounts are being hacked by gold sellers. So I can’t see how you could call the system secure.

When a gold seller gets hold of a GW2 account with saved CC details, what is there to stop the gold seller from maxing out the saved credit card buying gems, converting the gems to coin, then selling that coin ?

Sure, you’ll probably ban them before they sell all the coin. The gold seller won’t care, they already have the cash from the sale. But that does nothing about the fraudulent credit card charges the gold seller ran up.

So what is the account owner meant to do then ?

I’ve asked for my info to be deleted and it was not done so when I submitted a ticket for my card being declined. We should have an option to delete the info on our end as we had the option to save it in the first place.

I said in beta, that entering CC details ingame was a bad idea waiting to happen :/

GaileGray.9587:

Bluest.5123:

Why won’t they even mention why or at least give a reason why you cannot remove your credit card information.

It’s almost a shady money grab.

I can offer a partial answer, and then get more info for you later.

The purchase sites are extremely secure. And from what I recall, on our end the CC number is encrypted and not retained in it’s visible state. So if you can see it, I believe that we cannot see it, it just looks like **** to us.

Will get you more information if this remains a concern, but I really feel you’re ok.

Yep. Further charges are done by referring to the original transaction identifier. “Reference transaction” is what it tends to be called.

The payment software I support does this, at least, and it’s used in lots of places

If they are storing the 3 digit CCV code that is contrary to mastercard and visa policy, if they are not using CCV codes for processing then they are idiots.
I have as sneaky suspicion they have technical issues with their payment gateway in that it is not terminating the sessions after x amount of time. You might have noticed on your CC and bank accounts online as well as payment gateways that after a certain amount of time they autolog you out, if this is not done then your card is “live” all the time and all you do is type in how much you want to buy without going through security checks, it has happened before on payment gateways.

Pictish.3410:

If they are storing the 3 digit CCV code that is contrary to mastercard and visa policy, if they are not using CCV codes for processing then they are idiots.
I have as sneaky suspicion they have technical issues with their payment gateway in that it is not terminating the sessions after x amount of time. You might have noticed on your CC and bank accounts online as well as payment gateways that after a certain amount of time they autolog you out, if this is not done then your card is “live” all the time and all you do is type in how much you want to buy without going through security checks, it has happened before on payment gateways.

They are not allowed to store the CVV2. It is not required to be sent for recurring transactions, as these would be classified as – only the original. Even then – if it’s not classified that way they can still omit it… though the transaction might be downgraded (resulting in a higher processing fee for the merchant)

Disclaimer: I am a subject-matter expert here. My job is to support a few payment processing gateways. I happen to be good at this job. My group is the last support group prior to the developers themselves.

ANet – if it puts anyone’s mind at ease, your IT people should be able to find this out from the company who wrote the gateway you’re using for this.

The other option they may be using is that the initial transaction uses the CCV code, when it passes the card is deemed valid and any further transactions will use that card details minus the CCV, some payment gateways allow that for things like monthly or reoccurring billing. But to do that on a game where accounts can be accessed by hacking or are a target for hacking(all forms including phishing ect) is a really really safe idea and there is simply no need as there is not a monthly payment and people could very easily make a seperate transaction each time with the CCV for maximum protection. I would really hope that someone considering how many companies have been hacked recently would not go with the no CCV option

Pictish.3410:

The other option they may be using is that the initial transaction uses the CCV code, when it passes the card is deemed valid and any further transactions will use that card details minus the CCV, some payment gateways allow that for things like monthly or reoccurring billing. But to do that on a game where accounts can be accessed by hacking or are a target for hacking(all forms including phishing ect) is a really really safe idea and there is simply no need as there is not a monthly payment and people could very easily make a seperate transaction each time with the CCV for maximum protection. I would really hope that someone considering how many companies have been hacked recently would not go with the no CCV option

I said that. That’s twice I’ve caught you replying without reading the last one or two posts in a thread!

draeath.8536:

Pictish.3410:

The other option they may be using is that the initial transaction uses the CCV code, when it passes the card is deemed valid and any further transactions will use that card details minus the CCV, some payment gateways allow that for things like monthly or reoccurring billing. But to do that on a game where accounts can be accessed by hacking or are a target for hacking(all forms including phishing ect) is a really really safe idea and there is simply no need as there is not a monthly payment and people could very easily make a seperate transaction each time with the CCV for maximum protection. I would really hope that someone considering how many companies have been hacked recently would not go with the no CCV option

I said that. That’s twice I’ve caught you replying without reading the last one or two posts in a thread!

Sorry dog went out for a dump halfway through typing post so your post wasnt up yet I did post that but for some reason that post has been removed

Oh. Well. Sorry

But yes, you were on the money.

For the record: MasterCard has (recently – last few months) mandated that CVV2 codes be provided for card-not-present transactions. Merchants can still go without doing it, at the cost of downgrades – but if they keep doing it they are starting to get some nasty calls from their Merchant Services folks. I believe Visa has jumped on this boat as well. Discover too, but I’m less sure about them.

Sounds like Arena Net is going to have PCI Compliance issues. They regulate the credit card industry and the way that information is stored if at all. Fines start in the ten thousand dollar range if i remember correctly.

noobdestroyer.4271:

Sounds like Arena Net is going to have PCI Compliance issues. They regulate the credit card industry and the way that information is stored if at all. Fines start in the ten thousand dollar range if i remember correctly.

No, they won’t. Scroll up and read some of my post.

I am pretty sure that was the system that Lotro did with turbine points, it is not illegal plenty of companies do it thats why you see that silly little 1 quid fees that are returned that is them checking if the card is valid. Some companies have already moved away from it in the last few years because at the end of the day its them that loses the goods/money in disputed/fraud type transactions.
I think what gailegray meant about how the CCV was used, was the initial transaction in that they can not see it. Not that they are storing it.

There are plenty of examples out there where this sort of thing happens. I know in my home country certain information is retained for auditing. However Anet can easily fix this by requiring users to input the CCV each transaction and include an option to remove the credit card.

Pictish.3410:

I am pretty sure that was the system that Lotro did with turbine points, it is not illegal plenty of companies do it thats why you see that silly little 1 quid fees that are returned that is them checking if the card is valid. Some companies have already moved away from it in the last few years because at the end of the day its them that loses the goods/money in disputed/fraud type transactions.
I think what gailegray meant about how the CCV was used, was the initial transaction in that they can not see it. Not that they are storing it.

I think she was talking about the credit card number, not the CCV.

Pictish.3410:

I think what gailegray meant about how the CCV was used, was the initial transaction in that they can not see it. Not that they are storing it.

Doesn’t matter if he could see it or not, the fact is if someone gains access to the account illegally they can use the hidden details to purchase diamonds to sell back on the market for in game gold which is then syphoned off to good knows elsewhere to be sold for money.

You are allowed to store account numbers and track data. The caveat is you have to do so securely. It’s not terribly hard to do.

The CVV2 is needed for the initial transaction only.