More secure goldcard

[ufcfl]

We've seen some cases of people having a goldcard who were hacked because of the EU website that only asks for the password. Then the thief can fill a support case asking do disable the GC.
I see a simple thing that would fix this. When someone asks in a support case for a GC disable, MA should first ask the player to enter one (or more) GC code(s). The code would have to be a not used one yet, so the player wouldn't login until support answers. That way, MA could verify if the person is really the owner of the GC.

What do you think?

PS : Sorry for the bad english

[Rednexi]

just had to gratz...why on earth there is a gratz button on security forum ?

[jdegre]

Quote:

Originally Posted by ufcfl

We've seen some cases of people having a goldcard who were hacked because of the EU website that only asks for the password. Then the thief can fill a support case asking do disable the GC.

i hope it is not that simple!. i was under the impression that, if you order to disable the GC form the web site, you must fax/mail MA some kind of identity proof.... are you sure MA will disable your GC just by filing a support case?

[onyx oZ Zombie]

Quote:

Originally Posted by jdegre

i hope it is not that simple!. i was under the impression that, if you order to disable the GC form the web site, you must fax/mail MA some kind of identity proof.... are you sure MA will disable your GC just by filing a support case?

im pretty sure that is the case, jdegre, but have no verification

[Vap0r]

I guess the grats is for not understanding how it works ?
Nobody with a gold card can have someone log into the EU website and request the card be disabled without providing the same documentation needed for limit increases. IE Color Goverment Issued ID, Utility bill in your name, birth certificate etc. These measures are in place to prevent such incidents from happening and yes they are a pain in the arse but they are for your protection.
I'd really like to see an example of someone with a GC being hacked, that 1) Didnt give someone the next number in the sequence or 2) didnt give someone the GC itself.
I do internet banking security in the states and the GC system is surprisingly better then most US banks.
GREAT JOB MINDARK!

[Alien]

MA will've definately protected against this.. I remember reading somewhere if you want the GC disabled you have to fax them a goverment issued ID signed by someone or other (Can;t remember who)

Oh and Grats ;P

[Art Ludgren]

Quote:

Originally Posted by ufcfl

We've seen some cases of people having a goldcard who were hacked because of the EU website that only asks for the password. Then the thief can fill a support case asking do disable the GC.
I see a simple thing that would fix this. When someone asks in a support case for a GC disable, MA should first ask the player to enter one (or more) GC code(s). The code would have to be a not used one yet, so the player wouldn't login until support answers. That way, MA could verify if the person is really the owner of the GC.

What do you think?

PS : Sorry for the bad english

A couple thoughts, I paid $20 for a gold card, what do you mean they will disable it from a support case, without proper identification!!!
YOU GOTTA BE KIDDING

If an account gets hacked and the gold card gets subverted because MA does not follow it's own procedures MA should FULLY reimburse player for all lost items.

On the idea of using the gold card on the website; what if my GC is broken

I think that when the goldcard is registered as being received, one of the codes should be entered into the website WITH the serial number of the gold card. With this combination you should be able ( and only able to) cause a broken gold card to be replaced, sent to the current address on record.

In the case that the above mentioned code and serial number are unavailable, the only solution I would find acceptable is the photocopy of passport being sent to MA and then a new GC being sent out to the address of record.

There should be the only 3 ways to get a broken card replaced, passport, personal visit to MA with passport or with the above mentioned registered gold card code and gold card serial number.

Obviously the GC should be used for address changes. And no address changes without a proper GC code.

Of course in the US the postal authorities ( almost a separate police department in themselves ) take a VERY DIM view of people using the mail to further any type of crime.

Yes I know a lot of people will say "I FORGOT", well put the info on a scrap of paper and put it in your ( or your parents) safe deposit box, or hide it under a floorboard in your house.


Art.

[ufcfl]

Hmm, it seems i forgot the first reason why someone would want his GC disabled : a not working goldcard. So how could MA ask the person a valid GC code to verify his identity?
Sorry for the useless thread

[andyzammy]

Quote:

Originally Posted by ufcfl

We've seen some cases of people having a goldcard who were hacked because of the EU website that only asks for the password. Then the thief can fill a support case asking do disable the GC.

please do tell us about these cases! new to me

they ask for RL id. which is why nobody will ever be able to hack u.

[Art Ludgren]

Quote:

Originally Posted by ufcfl

Hmm, it seems i forgot the first reason why someone would want his GC disabled : a not working goldcard. So how could MA ask the person a valid GC code to verify his identity?
Sorry for the useless thread

If you noted I suggested that you REGISTER a valid GC code + GC serial number for future use in an emergency. I also mentioned that SOME people would forget/lose it and therefore:

MA already has policy that requires passport or other reasonable id copy required for turning off gold card.

Nice try at sarcasm but it just shows you did not read the post

Quote:

Originally Posted by Art Ludgren

<Stuff deleted>

On the idea of using the gold card on the website; what if my GC is broken

I think that when the goldcard is registered as being received, one of the codes should be entered into the website WITH the serial number of the gold card. With this combination you should be able ( and only able to) cause a broken gold card to be replaced, sent to the current address on record.

As a general statement "Anyone with a Gold Card would NOT want it disabled". Yes there may be exceptions, but MA seems to have it covered by policy. If MA breaks their own policy that is a different matter although EULA seems to cover that by our agreeing that even if we suffer losses by MA negligence we hold them harmless.

As far as useless thread, it is useful in showing MA how much of their documentation/EULA/FAQ people actually read.



Art

BTW: fDid not mention, pushed publish instead of preview

You actually mentioned that people use a not yet used GoldCard code yourself in first post?????