<p>From the subject: Can I disable marketplace on my account to prevent hackers from using my credit card?</p><p>I am not going to go complete a purchase to see if it requires explicit authorization but from what I've seen so far, the game is already aware of credit cards I have on file. I don't want someone having any chance of hacking my account make purchases through the marketplace.</p><p>As a part of that question, are all items on the marketplace guaranteed to be NOTRADE, NOVALUE to dissuade hackers from doing just that?</p>

<p>If thats your concern its already a feature in game, you can go through LON and purchase booster packs already using the credit card on file.</p>

<p>Good point. I guess I need to add that to my concern. Also, I'd think this is a major concern for people with kids that play. It's their responsibility to make sure their kids don't abuse the credit card, but there should be some parental controls to disable purchases, no?</p>

<p>There is, its called canceling your account.</p>

<p>You must be joking.</p>

<p><cite>Ulion@Befallen wrote:</cite></p><blockquote><p>Good point. I guess I need to add that to my concern. Also, I'd think this is a major concern for people with kids that play. It's their responsibility to make sure their kids don't abuse the credit card, but there should be some parental controls to disable purchases, no?</p></blockquote><p>Your kids shouldn't have the 3 digit security code on the back of your credit card. That's required during the purchase. If they do then that's a parenting issue.. not an SOE issue.</p>

<p>If you need the 3 digit code then great. Thanks for the info. Like I said, I wasn't going to complete a purchase just to see how this thing is secured.</p>

Surely there is a way to limit daily purchases.

<p>Be on the lookout for hackers getting your username and password - and there are plenty of "sniffers" out there looking for data tied to your account...and oh yeah - don't EVER use the same password for your email server as you do for your user account - that makes it too easy to hack it ALL   <img src="/smilies/3b63d1616c5dfcf29f8a7a031aaa7cad.gif" border="0" alt="SMILEY" /></p>

<p><cite>Ulion@Befallen wrote:</cite></p><blockquote><p>From the subject: Can I disable marketplace on my account to prevent hackers from using my credit card?</p><p>I am not going to go complete a purchase to see if it requires explicit authorization but from what I've seen so far, the game is already aware of credit cards I have on file. I don't want someone having any chance of hacking my account make purchases through the marketplace.</p><p>As a part of that question, are all items on the marketplace guaranteed to be NOTRADE, NOVALUE to dissuade hackers from doing just that?</p></blockquote><p>While we don't have a way to disable it on your account, someone would need the security code on the back of your card to purchase station cash.  They would have to enter that information on every purchase, which should prevent children/others from buying stuff without your permission.</p><p>All of the items are notrade/novalue so hackers wont be able to gain anything by purchasing things on your account.</p>

Wow, so a kid that's savvy enough to play EQII is not expected to be savvy enough to obtain and remember the number 452 off the back of mom's Visa. Riiiight.

<p><cite>Grumpy_Warrior_01 wrote:</cite></p><blockquote>Wow, so a kid that's savvy enough to play EQII is not expected to be savvy enough to obtain and remember the number 452 off the back of mom's Visa. Riiiight. </blockquote><p>So this savvy kid with mom's credit  card security number is going to use it to buy a slimy pet on eq2 and not an ipod or some other tangible item   RIIIIIGHT.</p>

<p><cite>Hawgwar@Lucan DLere wrote:</cite></p><blockquote><p>don't EVER use the same password for your email server as you do for your user account - that makes it too easy to hack it ALL   <img src="/eq2/images/smilies/3b63d1616c5dfcf29f8a7a031aaa7cad.gif" border="0" /></p></blockquote><p>This should be common sense these days.. unfortunately.. it isn't. People want convenience.. any compromise to their personal information after that is somebody else's fault. <img src="/smilies/8a80c6485cd926be453217d59a84a888.gif" border="0" alt="SMILEY" /></p>

I'm too busy coordinating my station cash shopping list to correct your illogical retort. *scribbles* 452

<p>I do not if this will help but what I do is have a credit card with a low limit that I use for online. It has a $500 limit. If it happens to be clear, they can't get to much.</p>

<p>Processing transaction over the internet, there's always a balancing act of security vs convenience.  I think we do a pretty good job of making sure that we accomodate for both.</p><p>We do extensive verification on every card we receive including but not limited to the security code.  If you subscribe for another player, whether it's your child or friend, please do not give them your card information.  Enter the information for them or call our customer support line so that we can process your transaction as a buddy gift.</p><p>If someone you know/live with is sneaking away with your card information then that is serious fraud and I would contact the local authorities.</p>

<p><cite>TSR-DanielH wrote:</cite></p><blockquote><p>If someone you know/live with is sneaking away with your card information then that is serious fraud and I would contact the local authorities.</p></blockquote><p>Unless it's your g/f and she's sneaking over to victoriassecret.com   o_O</p>

<p>Actually, I find the security that SoE uses a bit too strict, in the sense that I can't even use a couple of my *own* credit cards.  It's actually quite annoying to tell you the truth.  I have one mastercard that it flat out tells me has an invalid credit card number, but I can use it on other sites just fine.  I have another one that has to go through verified by visa, but for the life of me I can't get it to ever work, despite the fact that I can log into verified by visa just fine so I know it's not a password issue. LoL.</p>

<p><cite>Grumpy_Warrior_01 wrote:</cite></p><blockquote> Wow, so a kid that's savvy enough to play EQII is not expected to be savvy enough to obtain and remember the number 452 off the back of mom's Visa. Riiiight. </blockquote><p>This sounds like a parenting issue, not a responsibility of SOE.  Honestly, people too often blame others and ask that safeguards be created to protect their shortcomings, when the solution lies with them.  Why do your kids have access to your numbers anyway?  What values have they obtained from the people around them that would make them want to steal money?  What have they seen, heard, or witnessed while you have been raising them, that would lead them to steal?</p><p>Pin numbers, security codes, etc were designed to prevent someone ripping you off if your card is stolen or lost.  To prevent your kids from ripping you off, subject them to some values and parenting.</p>

<p>I'll skip past the whole "rabble rabble rabble!!" /torch /pitchfork...</p><p>To you people saying that it's a parenting issue what's to stop anyone from just brute-forcing it? We're talking barely a thousand possible combinations on that 3-digit code with no lockout after a few incorrect entries. I just tried it and went through 10 combos in about a minute. Put a determined kid in front of that and he'll have the 3-digit code in under 2 hours. </p><p>How is that taking security into account in the slightest sense?</p><p>B</p><p>Edit: And no, I didn't know that my CC info was kept on file in this way. I do a lot of purchasing online and every single checkout that I've gone through asks me whether I'd like my info stored for faster purchasing later. I always choose no because of how easy it is to figure out the 3-digit code on the back. I just looked through the CC info page on my account and could not locate this option. Question to an SoE employee: where can I take my information off of file so that my account could not be used to purchase either cards or SC with only an easily obtainable 3-digit code?</p>

<p>Let them run it up. </p><p>The flurries of charge-backs will destroy any profit involved pretty quickly.</p>

<p><cite>Barrison@Everfrost wrote:</cite></p><blockquote><p>I'll skip past the whole "rabble rabble rabble!!" /torch /pitchfork...</p><p>To you people saying that it's a parenting issue what's to stop anyone from just brute-forcing it? We're talking barely a thousand possible combinations on that 3-digit code with no lockout after a few incorrect entries. I just tried it and went through 10 combos in about a minute. Put a determined kid in front of that and he'll have the 3-digit code in under 2 hours. </p><p>How is that taking security into account in the slightest sense?</p><p>B</p><p>Edit: And no, I didn't know that my CC info was kept on file in this way. I do a lot of purchasing online and every single checkout that I've gone through asks me whether I'd like my info stored for faster purchasing later. I always choose no because of how easy it is to figure out the 3-digit code on the back. I just looked through the CC info page on my account and could not locate this option. Question to an SoE employee: where can I take my information off of file so that my account could not be used to purchase either cards or SC with only an easily obtainable 3-digit code?</p></blockquote><p>I was replying to the notion of a son or daughter trying to use the parent's credit card.  Hopefully they will not be using brute force as you suggest.  As for someone outside the family taking the card by this brute force, that is what the phone is for...cancel the card. </p><p>I still feel that if you have to create some security against your kids over a credit card use, then there is something wrong at home.  IT HAS NOTHING TO DO WITH SOE.  They are not raising kids, and perhaps the parents aren't either.</p>

<p><cite>Hawgwar@Lucan DLere wrote:</cite></p><blockquote><p>Be on the lookout for hackers getting your username and password - and there are plenty of "sniffers" out there looking for data tied to your account...and oh yeah - don't EVER use the same password for your email server as you do for your user account - that makes it too easy to hack it ALL   <img src="/eq2/images/smilies/3b63d1616c5dfcf29f8a7a031aaa7cad.gif" border="0" /></p></blockquote><p>In other words - take the standard steps required to secure you personal equipment from trojans, keyloggers and malware. Something that an end user should have been doing no matter what from the very start. Might want to add - don;pt give your logon information to guildies so that you can be assured of getting the sword of uber destruction that drops when you are at work.</p>

<p>how about some way to disable it so I don't have to look at this disturbing piece of crap system???  I don't care if it is secure, I DON'T want it, PERIOD!  Give us a way to disable it or get rid of it.</p>

<p><cite>Jalathan@Antonia Bayle wrote:</cite></p><blockquote><p>how about some way to disable it so I don't have to look at this disturbing piece of crap system???  I don't care if it is secure, I DON'T want it, PERIOD!  Give us a way to disable it or get rid of it.</p></blockquote><p>I'd just prefer it not be spammed endlessly on every chat window.  LoN I despise more for that than anything.</p><p>Maybe they should put billboards along the main roads in each zone instead and post their spam there.</p>

<p><cite>fawdown wrote:</cite></p><blockquote><p>Hopefully they will not be using brute force as you suggest.</p></blockquote><p>Really? The security of this transaction method relies on "hoping" that a child can't figure it out? I realize that both the Marketplace and LoN are probably here to stay. But keeping CC info on file in a quick-use format without notifying the CC holder is completely irrisponsible for any business. SoE needs to have this be something that you can opt-in for (the default for this should without a doubt be disabled) or require that the CC info be entered every time a purchase is made. I would much prefer the re-entry requirement but the ability to have it disabled would be acceptable.</p><p>Question for a Dev: How does this system work when using the game time cards?</p><p>B</p>

<p>As far as Security goes, since the credit cards only use 3-digit security numbers there are only 1000 different combinations to look thru. So, get a person's account info, spend a little time phishing the right number, and you're in! Sure not a lot of people will want the fluff items, but when the Plat Sellers get hold of this, after SOE puts in the AXP and EXP potions, you'll have a flood of those, too!!</p><p>All-in-All - Sony sucks!</p>

<p>I am wondering when EQ2 is officially going to be Freeware? </p><p>Pay for expansions, pay to play, now..pay for in game items.  There are quite a few people I know on my server quiting due to this station cash.  Doesn't really bother me other then my CC being on file.  As stated wouldn't take someone long after a few attempts to figure out the security code.  I know I wont purchase anything.  Rather get a cup of coffee for a buck.</p><p>Guess if the cow isn't giving enough milk in the companies eyes, put a vacume on it and suck it dry. <img src="/eq2/images/smilies/0320a00cb4bb5629ab9fc2bc1fcc4e9e.gif" border="0" /></p>

<p><cite>Kasar wrote:</cite></p><blockquote><p><cite>Jalathan@Antonia Bayle wrote:</cite></p><blockquote><p>how about some way to disable it so I don't have to look at this disturbing piece of crap system???  I don't care if it is secure, I DON'T want it, PERIOD!  Give us a way to disable it or get rid of it.</p></blockquote><p>I'd just prefer it not be spammed endlessly on every chat window.  LoN I despise more for that than anything.</p><p>Maybe they should put billboards along the main roads in each zone instead and post their spam there.</p></blockquote><p>I agree with both on this.  I am sick of getting EQ spam.  We get spam from gold farmers, we are notified its spam and even have the ability to block said spammer.  I would love to /Ignore SoE in game.  The longer I play EQ2, and have been playing sence release and beta, I feel I am on a never ending telemarketing call.  Its a game we pay to play to get away from reality and have fun with our online friends/guild members.  Not get reminders SoE wants more money.  I have thought about it so much  I cancelled my account.  And whats with the pages of questions of why are you cancelling?  How about, sorry your leaving can you send us feedback?  Best part, the question...would you play/pay for LoN if not on EQ2....  I dont play it on EQ2, and I wouldn't anywhere else.  They probably spam players during LoN games about EQ and EQ2. </p><p>Then Station Cash comes out, icing on the cake.  I know there will be people that like it for one thing or another.  I think these items could have been better used for live or GM events to show the player base SoE takes an active role in keeping players interested with fun and new things to do. </p><p>I have played alot of MMO's and this one is the only one I can really recall the company spaming players more then gold sellers. </p>

<p><cite>Eldooberino@Lucan DLere wrote:</cite></p><blockquote><p>. So, get a person's account info, spend a little time phishing the right number, and you're in! <span style="font-weight: bold;">Sure not a lot of people will want the fluff items,</span> </p></blockquote><p>Now hold on a sec. This right here is part of why I'm so concerned about this. The 3-digit code is also the only thing preventing someone from buying a few boxes of LoN boosters too. And those are very tradeable and very in demand.</p><p>B</p>

<p><cite>Eldooberino@Lucan DLere wrote:</cite></p><blockquote><p>As far as Security goes, since the credit cards only use 3-digit security numbers there are only 1000 different combinations to look thru. So, get a person's account info, spend a little time phishing the right number, and you're in! Sure not a lot of people will want the fluff items, but when the Plat Sellers get hold of this, after SOE puts in the AXP and EXP potions, you'll have a flood of those, too!!</p><p>All-in-All - Sony sucks!</p></blockquote><p>So you are going to submit the transaction 1000 times and hope you have the 3 digit CVV code right?</p>

<p><cite>Wingrider01 wrote:</cite></p><blockquote><p><cite>Eldooberino@Lucan DLere wrote:</cite></p><blockquote><p>As far as Security goes, since the credit cards only use 3-digit security numbers there are only 1000 different combinations to look thru. So, get a person's account info, spend a little time phishing the right number, and you're in! Sure not a lot of people will want the fluff items, but when the Plat Sellers get hold of this, after SOE puts in the AXP and EXP potions, you'll have a flood of those, too!!</p><p>All-in-All - Sony sucks!</p></blockquote><p>So you are going to submit the transaction 1000 times and hope you have the 3 digit CVV code right?</p></blockquote><p>Actually someone would only have to enter it <=999 times. As I posted earlier in this thread, it's possible to go through every single combination manually in less than 2 hours. </p><p>Once again, it's not just the marketplace that all you need is the CVV code. The checkout for the LoN store is exactly the same. It's absolutely ridiculous that SoE doesn't give me the option to not store my CC info when the Sony Store has that feature. </p>

<p>You can actually go into your station account and remove any payment sources from the list. That way there will be zero sources for anyone to see on your account.  Of course this can only be done if your not set up on monthly auto pay.  I'm much more comfortable with buying say 6 months of game time, then removing my info for payments, then putting it back in when my time is up and removing it again.</p>

<p><cite>Barrison@Everfrost wrote:</cite></p><blockquote><p><cite>Wingrider01 wrote:</cite></p><blockquote><p><cite>Eldooberino@Lucan DLere wrote:</cite></p><blockquote><p>As far as Security goes, since the credit cards only use 3-digit security numbers there are only 1000 different combinations to look thru. So, get a person's account info, spend a little time phishing the right number, and you're in! Sure not a lot of people will want the fluff items, but when the Plat Sellers get hold of this, after SOE puts in the AXP and EXP potions, you'll have a flood of those, too!!</p><p>All-in-All - Sony sucks!</p></blockquote><p>So you are going to submit the transaction 1000 times and hope you have the 3 digit CVV code right?</p></blockquote><p>Actually someone would only have to enter it <=999 times. As I posted earlier in this thread, it's possible to go through every single combination manually in less than 2 hours. </p><p>Once again, it's not just the marketplace that all you need is the CVV code. The checkout for the LoN store is exactly the same. It's absolutely ridiculous that SoE doesn't give me the option to not store my CC info when the Sony Store has that feature. </p></blockquote><p>They do give you multiple methods</p><p>1. Refillable Credit card</p><p>2. game time cards</p><p>3. cancel monthly reocurring, pay for the subscription when it comes due, then cancel reoccurring again</p><p>I fully suspect that they have stop gap methods in place for something like this, if they don;t the online authorization for the credit card purchase does, when you complete the billing request for a purchase you are NOT submitting the cc authorization to SOE, the authorization and validation to purchase is being gatewayed to the orginzation that will ultimately approve or reject the transaction for payment to SOE - this is standard proceedure on any online retail market. The approving companies DO have stop gap methods in place to prevent the blue senario that you are putting forth. The transaction will be rejected and the card flagged as possible stolen, then locked by the issueing entity way before you come up with a valid CVV code</p><p>Other online companies do the exact same thing - amazon.com stores your CC information for later purchases, newegg.com, tigerdirect.com, walmart.com, target.com - so where is the exact difference?</p>

<p><cite>Wingrider01 wrote:</cite></p><blockquote><p><cite>Barrison@Everfrost wrote:</cite></p><blockquote><p><cite>Wingrider01 wrote:</cite></p><blockquote><p><cite>Eldooberino@Lucan DLere wrote:</cite></p><blockquote><p>As far as Security goes, since the credit cards only use 3-digit security numbers there are only 1000 different combinations to look thru. So, get a person's account info, spend a little time phishing the right number, and you're in! Sure not a lot of people will want the fluff items, but when the Plat Sellers get hold of this, after SOE puts in the AXP and EXP potions, you'll have a flood of those, too!!</p><p>All-in-All - Sony sucks!</p></blockquote><p>So you are going to submit the transaction 1000 times and hope you have the 3 digit CVV code right?</p></blockquote><p>Actually someone would only have to enter it <=999 times. As I posted earlier in this thread, it's possible to go through every single combination manually in less than 2 hours. </p><p>Once again, it's not just the marketplace that all you need is the CVV code. The checkout for the LoN store is exactly the same. It's absolutely ridiculous that SoE doesn't give me the option to not store my CC info when the Sony Store has that feature. </p></blockquote><p>They do give you multiple methods</p><p>1. Refillable Credit card</p><p>2. game time cards</p><p>3. cancel monthly reocurring, pay for the subscription when it comes due, then cancel reoccurring again</p><p><strong>I fully suspect that they have stop gap methods in place for something like this</strong>, if they don;t the online authorization for the credit card purchase does, when you complete the billing request for a purchase you are NOT submitting the cc authorization to SOE, the authorization and validation to purchase is being gatewayed to the orginzation that will ultimately approve or reject the transaction for payment to SOE - this is standard proceedure on any online retail market. The approving companies DO have stop gap methods in place to prevent the blue senario that you are putting forth. The transaction will be rejected and the card flagged as possible stolen, then locked by the issueing entity way before you come up with a valid CVV code</p><p>Other online companies do the exact same thing - amazon.com stores your CC information for later purchases, newegg.com, tigerdirect.com, walmart.com, target.com - so where is the exact difference?</p></blockquote><p>Stop gap?</p><p> We are talking about a company that cant keep an automated transfer service running nor proporly update player info on there own website.</p><p>Yea, makes me feel safe and secure, even a little warm and fuzzy inside.</p>

<p><cite>Brook wrote:</cite></p><blockquote><p><cite>Wingrider01 wrote:</cite></p><blockquote><p><cite>Barrison@Everfrost wrote:</cite></p><blockquote><p><cite>Wingrider01 wrote:</cite></p><blockquote><p><cite>Eldooberino@Lucan DLere wrote:</cite></p><blockquote><p>As far as Security goes, since the credit cards only use 3-digit security numbers there are only 1000 different combinations to look thru. So, get a person's account info, spend a little time phishing the right number, and you're in! Sure not a lot of people will want the fluff items, but when the Plat Sellers get hold of this, after SOE puts in the AXP and EXP potions, you'll have a flood of those, too!!</p><p>All-in-All - Sony sucks!</p></blockquote><p>So you are going to submit the transaction 1000 times and hope you have the 3 digit CVV code right?</p></blockquote><p>Actually someone would only have to enter it <=999 times. As I posted earlier in this thread, it's possible to go through every single combination manually in less than 2 hours. </p><p>Once again, it's not just the marketplace that all you need is the CVV code. The checkout for the LoN store is exactly the same. It's absolutely ridiculous that SoE doesn't give me the option to not store my CC info when the Sony Store has that feature. </p></blockquote><p>They do give you multiple methods</p><p>1. Refillable Credit card</p><p>2. game time cards</p><p>3. cancel monthly reocurring, pay for the subscription when it comes due, then cancel reoccurring again</p><p><strong>I fully suspect that they have stop gap methods in place for something like this</strong>, if they don;t the online authorization for the credit card purchase does, when you complete the billing request for a purchase you are NOT submitting the cc authorization to SOE, the authorization and validation to purchase is being gatewayed to the orginzation that will ultimately approve or reject the transaction for payment to SOE - this is standard proceedure on any online retail market. The approving companies DO have stop gap methods in place to prevent the blue senario that you are putting forth. The transaction will be rejected and the card flagged as possible stolen, then locked by the issueing entity way before you come up with a valid CVV code</p><p>Other online companies do the exact same thing - amazon.com stores your CC information for later purchases, newegg.com, tigerdirect.com, walmart.com, target.com - so where is the exact difference?</p></blockquote><p>Stop gap?</p><p> We are talking about a company that cant keep an automated transfer service running nor proporly update player info on there own website.</p><p>Yea, makes me feel safe and secure, even a little warm and fuzzy inside.</p></blockquote><p>Your credit card issuer takes care of transfers of characters?</p><p>SOE just passes the information to the CC clearing house, those are the ones that will have the stop gap methods in place - and yes they do work since I have seen mutiple valid transactions to the same vendor in a short period of time put on hold by the clearing house until they verify things, including multiple purchases of expansions on different accounts that use the same credit card to pay.</p><p>If SOE does not have the stop gap methods in place, the credit card clearing house will for sure.</p>