An 11-year-old boy has landed his mother in debt , after splashing more than £1000 on Xbox Live, without her knowledge. Mum-of-two Dawn Matthews entered her debit card details into the console to buy her son, Brendan, an Xbox Live membership to play against buddies online. The 37-year-old went about her business, blissfully …
Normally in these cases I struggle to have any sympathy. However, the way that many web-sites now automatically remember your credit card details without any obvious authorisation will make this type of situation more and more common. If the mum didn't realise that her details were remembered, and the son didn't realise how financially screwed his mum was, you can easily foresee this sort of thing happening. Personally, I think credit card purchases should move to a 2 form factor system. Using a secure-id type system with a crypto-secure random number sequence to authorise individual transactions explicitly would reduce fraud potential to pretty much zero, for only a little extra hassle (and certainly less hassle than Verified by Visa etc.)
If you set it up as a child account, you have to reenter card details to buy MS points.
And she's supposed to know that because?
Nope sorry, Microsoft could easily and clearly state when buying stuff on Xbox live that your credit card details will be remembered and used to make purcahses in the future at the touch of a button,
Make it so that you have to choose to have your details remembered rather than it be the default choice.
But of course Micro$oft doesn't want that do they? Oh no, they'd rather engineer things so that you present youself for explotation.
She's supposed to remember this because...
...She's supposed to be a responsible parent.
Anyone who gives their children any product that they don't know how to use themselves is irresponsible. She allowed her son to set up a social networking account - paying for it - without checking first what she was paying for.
If she had have done she would have noticed the differences between a normal account and a child account. She would also have realised you can buy MS Points and that there was no need to keep her card details saved.
I bet she would have happily let her son on the internet without supervision, then complained when he downloaded porn or got groomed.
"Anyone who gives their children any product that they don't know how to use themselves is irresponsible."
Guess I'd better cancel the kid's violin lessons, then.
You're overgeneralising, and denying people the opportunity to give their children opportunities they were denied... though an Xbox isn't what I'd consider an valuable opportunity.
A fool and her money...
For once I can't blame Microsoft, the tools are in place to prevent your little darlings spending all of your money. It's in all credit card Ts&Cs that you should be responsible for the use of your card. Plain stupidity. I hope she gets laughed out of court, otherwise the rest of us are gonna have to put up with some more stupid levels of notices on cards and payment screens. Is anyone else buying this bullshit she's running about not checking her online account/never reading statements? I feel sorry for the kid, what kind of example is this if when you do something utterly stupid you just blame everyone else for it!
A fool and her money?
A commentard and his comment?
a troll and his tool
"she failed to notice the debts because she had no access to online banking and was busy sorting through numerous letters about her direct debits bouncing."
Phone banking? Walking into the local town and actually speaking to someone? The fact that she was sorting through 'numerous' letters about bounced direct debits wasn't *bit* of a clue?
Sorry, but I'm with Microsoft and the bank here
She entered and saved her card details, then went to the parental control settings and authorised her son to access xbox live. At what point did Microsoft do anything wrong here? You do not require card details to have a live account, you can just buy an annual membership code over the counter from any game store and use that.
It's obviously a problem but she can't just expect to get all her money back when her son has purchased and spent several months using the content.
I don't think she should get her money back,
but I would like to see Microsoft (and everyone else) change their practices so that you cannot make repeat purchases on a saved credit card without some further authorisation.
I had money taken off my debit card (by my own father!) after failing to realise that Amazon doesn't have a log off function. I know better, now (my debit card stay off-line, and I put nothing through his malware infested PC), but how many people know about clearing their cookies, etc.?
Standard rant about an unsupervised child having access to an online account, naturally, but can't she just send it all back for a refund?
Why do people...
... always try to blame someone else for their own stupidity?
Bank charges, credit card overruns, the kids using your details - 1 cause = lack of attention on behalf of the account holder.
According to the original article this happened over a period of 6 months. Did she not get any bank statements in that time? If so, why didn't she read them, particularly when her direct debits started bouncing?
I only get 1 statement every 6 months on my account.
Re: Err.... (mhoulden)
"Did she not get any bank statements in that time? If so,..."
Did she not get any bank statements in that time? If not so, ...
Did she get any bank statements in that time? If so, ...
Not Credit cards
It's law that you get a Credit Card bill every month if there is a balance on it.
She would have received one.
I'm exactly the opposite
Me & the wife have a joint account with Santander with access to online banking yet we BOTH receive a paper statement EVERY month in serperate envelopes individually addressed. We have no way to opt out of paper statements (none that I can see anyway!)
not the first and wont be the last
The amount of friends whose kids have done similar is amazing to me, with all the supposed security around credit card details most of them thought it would be impossible to put a payment through without some sort of confirmation required by the card holder, ie enter a pin number or confirm the security code etc.
Lesson to parents really, read what your agreeing too or do as my "tech savy" xbl friends do, pay then login and change a few details so the card payment will fail on any future payments!
If you pay your plastic bill without carefully checking all the transactions then you're a bit of a muppet.
It's a debit card, you muppet. No "plastic bills" to pay.
Times are tight, so extra caution is required....
Then again, if times are so tight and she is finding it difficult to balance the books, you would have thought that a regular check on her bank account would be sensible. In fact, the moment you get all these letters saying your payment has bounced, you would have thought that the first thing she would do is check the balance on her account and try to sort out what has happened.
This whole thing seems to be what seems to be more and more common, where muppets no longer have any responsibility and can blame anyone but themselves. And what about the boy, he was 11, why on earth is it not his responsibility to not actually buy something? These things all have a price.
May I be the first to say
Perhaps what she should be seeking...
...instead of a solicitor is parenting lessons.
She's blaming everyone else but her own kid.
to be fair
the child is, er, a child. If she gave him the card and pin and let him loose in a sweet shop over a 6 month period I would expect similar results. Its her failure for either failing to check what her card was being used for and/or failing to educate the lad about the value of money.
This is Barclays / Microsofts fault how ????
Surely she should be giving her son a little telling off instead.
"The Xbox Live account is now been closed"
was she the one who closed it? if everything is paid for then why close it and lose access to what you bought?
or did MS close it after they got the complain?
as part of the lad's punishment?
It doesn't help that M$ won't allow you to remove a credit card from the gamer account once it's been used. They only allow you to overwrite it with a new (and currently valid) one.
I had let my CC card company know that the card details had been cloned and to get a new number issued when they refused to remove it.
NEVER PUT YOUR CARD DETAILS ON XBOX LIVE!
another option is to use a virtual debit card, the card is limited to what you put on it. You will always have to load it before you can use it, so there won't be any mistakes. You can even set the limit on yourself by making a point of only adding 50 quids every 2 months and no more. (this is what I use on PSN).
but keep in mind that the issuer of the virtual debit card will take their own percentage every time you load the card, in my case they take 4.95%, which is far less then the headache I would get should I use my real card and get screwed. (like this lady)
You can delete a credit card from your account via the xbox.com website, but Microsoft block this if you had a paid Gold account. I'm struggling to think of a non-profiteering reason for this...
In any case, there's a bit more info (and a possible workaround) here:
Would it not be considered illegal in the EU to retain someone's credit card details and prevent their removal?
MURR HUR DURP
I get it, it's "M$" because they charge money for things! Ha ha let me try one. App£e.
When I were a kid, at best this would have received a proper beating, at worst I'd have got the "I'm so disappointed in you" line.
Than my old dear would have worked out a way to pay it off in instalments as she'd know full well it was partly her own fault.
She'd probably throw the xbox in the bin or give it to some kid down the road.
whats a solictor going to do? although annoying, surely she would not have much scope for suing microsoft, seeing as she entered her card details willingly, and did not remove them (and also explaining to son not to buy stuff, assuming she knew this was possible - son must have know what he was doing tho!)
So, let me get this straight...
"When she contacted the bank, she was told everything had been spent on Xbox Live, with 25 payments alone made in the last two months. In one month Brendan spent £350. His entire expenditure totalled £1087."
Presumably the one month in which he spent £350 was the highest spending, else why mention it? So he must have taken over 3 months to spend all the money, and she didn't notice anything wrong with her balance until all the cash ran out?
People really should be checking their credit card statements - what if someone cloned her card and only managed to spend £500 on it. She wouldn't have noticed? How many other people have had fraudulent activity on their cards and haven't noticed?
I could certainly see Microsoft refunding the money to her had she come forward within a month or so, saying that she didn't authorise it - but having let him play with all the goodies for at least 3 months (probably a lot more) I really don't see why they should refund anything. At best, they might offer to refund the last month of transactions as a goodwill gesture.
And didn't the kid realise what he was doing? I'd think he should be in a world of trouble right now...
Can't touch him
"Dawn said she failed to notice the debts because she had no access to online banking"
Ever heard of bank statements printed at the ATM? Going to the bank? Phoning them?
"and was busy sorting through numerous letters about her direct debits bouncing"
And still she didn't get a clue?
"She attributed this to the recession and rising costs of petrol and food"
Yep, once again, it's the society's fault.
I hope the poor little darling is not too traumatised by putting his mum in debt. I was going to suggest a good slap in the face to teach him a lesson, but these days kids are supposed to be educated without touching them. We're also told that it works. Well, you can bet that I wouldn't have done it as a kid as I would have got my head spinning for sure.
Doesn't it have parental controls?
The xbox support people are very clear that you are responsible for charges run up on your credit card by your kids.
I mean what was she thinking - giving a child unsupervised access to her credit card?
But I fail to see what a solicitor will do.
I'd sell the xbox and anything else of the kids to make up for some of the cost.
She does seem quite clueless though. Xbox live, but no access to online banking? Even if I didn't have access to it, I'd certianly pop into a branch to see what was going on when the red letters came instead of assuming it was due to the recession.
Only my opinion
All individual payments should have been authorised, they obviously weren't so Barclays shouldn't have paid Microsoft. Additionally Microsoft should not be keeping credit/debit card details to be used at a later date.
Although the woman is a bit lacking in the financial awareness department I feel here the responsibilty falls on Barclays for making unauthorised payments.
Re: Only my opinion
"the responsibilty falls on Barclays for making unauthorised payments."
and how would the bank know that they were unauthorized payments? She entered the details into XBL herself. The _convenience_ of storing your details on a site is enjoyed by many (including myself), it allow a revisiting customer to buy without having to re-type their card details on each visit. If this _convenience_ is abused, it is not the fault of the bank or site owner, it is the fault of the user.
note, stolen card details is not the same as an abused card.
Re: and how would the bank know that they were unauthorized
And furthermore, how would the bank know they were authorised? Or would you expect that if you made a purchase at Asda then your bank should automatically assume that all subsequent purchases from there are being made by you?
Re: and how would the bank know
Isn't that what Verified by Visa and such is all about??? Or does this only apply when it is convenient for them.
I'm glad you think having your card details stored somwhere not under your control and clearly retreivable in plain text is convenient but I doubt you would be so flippant if the server was hacked.
On another point, I recently recieved a new visa card which allows contactless payments, whose fault would it be if I was charged for passing by a rogue reader? I haven't called to enable the card as requested, I suppose if I did so I would be accepting all sorts of conditions that would clear Visa of all liability for anything.
Re: Chris W
calm down a bit,
Verified by Visa: not all websites use it, and not everyone use it (my bank doesn't give it to me as an option). So unless the user ask for it, they won't get it.
AFAIK, this verification is only done if the website asks for it (some do), if the website doesn't ask for and you still enter your details, how is this the bank's fault?
by the way, amazon and paypal (plus many out there) do _NOT_ store you credit card in plain text on an unsecured server. You seem not to be trusting of using your card online, but on the other hand don't mind to physically handing it over to complete stranger at a supermarket. This is strange in itself, if you don't trust a secure server, why do you trust a complete stranger?
Re: Re: and how would the bank know that they were unauthorized
Through the use of the Card Verification Value Code on the back of the card. PCI stipulates that this code must never be stored. Ever. If this number is not present that the card holder has not been verified and therefore the payment should not have been authorized.
Ah, but it isn't
It's not always necessary to authorise every time. I'm guessing Xbox uses Continuous Payment Authority (aka Continuous Card Authority as I used to know it). Some discussion here:
Some companies (there's a few examples halfway down that thread) use it instead of a Direct Debit - Pipex Internet used to use it, which is how I learned about the things when my broadband tax payment couldn't be collected (and I got in a spot of bother over it) because I'd got a new debit card. I'd assumed (oh dear, yes I'm a bit financially illiterate too, or was then) that they were just taking it by Direct Debit.
It has to be said, nearly every search result for the term seems to be much like the above: a consumer discussion about some company abusing it. Maybe it is something that needs a rethink...
You asked how a bank would know if a payment was authorised, I gave an example to your question, If you think that's an overreaction then tough.
The bottom line is, if the kid didn't have to enter any details of the card before purchase then it was un-authorised, and the article tends to indicate that this was the case. I don't have an x-box so I've no idea if this is how it works in reality, I can only go on the information I've been given. However it does seem from other comments that this is indeed how it works.
The "security code"
I've ordered stuff from a few (secure) American sites, who have not asked for this code. Perhaps Americans don't use it as much as Europeans?
I can see someone not noticing the charges like that for a month until their next billing cycle.. but it says that there was 25 payments in the last 2 months alone which hints towards this happened for more than 2 months.
Nobody to blame but herself.. well, her kid mostly but she should check her statements. This is why credit companies will always send out paper statements so she can't use this pathetic excuse. It's always someone else's fault these days.
- NASA boffin: RIDDLE of odd BULGE FOUND on MOON is SOLVED
- Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
- Worstall on Wednesday YES, iPhones ARE getting slower with each new release of iOS
- Pic 7 Amazing Experiments on NASA's 2020 Mars Rover – Including Oxygen Generation
- Plug and PREY: Hackers reprogram USB drives to silently infect PCs