back to article UK bank blames fraudsters for World of Warcraft ban

Frequent use of stolen credit cards to pay for World of Warcraft subscription has prompted UK bank Halifax to block payments to the game's publisher, Blizzard Entertainment. In a statement, the bank said its decision to block payments was not a reflection of the integrity of Blizzard or its billing systems. "We have seen a …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Black Helicopters

    The banks are all spooked

    but Halifax hmm I might tippy toe out and remove my funds from them if I had any that is.

  2. Solomon Grundy
    Black Helicopters

    Cashless Society

    This is a good example of why cashless societies are bad news. At the end of the day you are placing your ability (right?) to spend your money how you choose. Analysts, consultants, politicians, etc. can (and obviously will) refuse to let you spend how you want.

    It's my money damn it!

  3. Dave Bell

    How many "inside" jobs

    Teenager playing WoW--how does he make payment?

    And, once he has the card details, how does parent stop him paying again, short of reporting some sort of fraudulent use?

    And how many parents would report the card lost or compromised, rather than blame the bills on a family member?

    I wonder a little if the high fraud rate is all that high as a percentage of payments to WoW: just a lot higher than fraud rates for other online sales.

  4. Anonymous Coward
    Thumb Up

    Banks need better system to deter fraud

    This report shows that government's data protection and bank's Chip and PIN systems are failing to deter fraudsters and hence fraud will continue to grow until they exploit ID KEY system described on website www.xwave.co.uk to make signature and PIN systems reliable and foolproof.

  5. Steve Lupton

    Overreaction?

    They will still process the payments - you just need to let them know first...

  6. DrXym

    There is a solution here.

    Wow does sell prepaid cards in most game outlets. Just buy and use one of those. Not hard really is it?

  7. Anonymous Coward
    Alert

    You think it's your money... it's theirs

    you pay tax to use the money supply. basically.

    all money is created out of debt. no debt = no money.

    yes a cashless society is on the horizon, i'm just not sure how you can tell the masses to hold on to their paper money when plastic cards are more convenient.

  8. Anonymous Coward
    Anonymous Coward

    Ex-WoW GM

    As an ex game master for WoW the amount of compromised accounts that I encountered was astounding. So many people play WoW with no clue about securing their pc, they get keylogged, trojans, you name it, and their credit details get swiped due to it. Halifax is doing those idiots a favour who have no clue about security. Unfortunately those who do will have a bit more hassle about it.

    And yes it might be your money, but if you don't know how to take care of your computer, it'll all get nicked on you anyway, so it wont be yours much longer.

  9. si
    Thumb Up

    what about other fraudulent uses?

    Hopefully this will apply to paypal as well someday........

  10. Ian Ferguson
    Paris Hilton

    Verified by Visa / Mastercard Securecard

    I wonder if anyone who subscribes to Blizzard's services can tell us if they have to fill out a Verified by Visa / Mastercard Securecard password box when they enter their details?

    The banks are currently proclaiming this as the answer to all internet fraudster woes. Lloyds have told me that if I don't install it on our transaction server, they'll put up their processing rates.

    I'm not entirely convinced though - I notice while using the process that a) it is not mandatory to use, you can decline having to sign up, and b) if you forget your password it'll give you another one if you enter your date of birth. Hardly ultra-secure.

    Paris 'cos all her passwords are probably the same.

  11. John Bayly

    Re: Cashless Society

    Whilst I do agree that it's a probem not being allowed to access your own money (I left Natwest for exactly that reason) in this case the bank are perfecty entitled to. It' a credit card so it's not your money, it's theirs.

  12. Adam

    How would you do it in a cash based society then?

    ...sending your monthly subscription in the post? I thought PBM died out in the 80's?

  13. Duncan

    No comment?

    "Blizzard representatives didn't reply to emails requesting comment."

    If you played the game that is sort of like a statement of the bleeding obvious!

    They never reply quickly.... give it a few weeks.

  14. Sampler

    @ Soloman Grundy

    Since when did Visa & Mastercard CREDIT cards become your money - you're spending the banks money with an agreement to pay it back - if it's a fraudulent transaction I'm sure you'd be up in arms about having to pay for it.

    Plus it doesn't say you can't pay for it - you just have to give the bank a bell to ensure it's you - or you could always use a debit card which the article doesn't mention as being stopped.

  15. storng.bare.durid
    Thumb Down

    New RAID dungeon

    To ease the transition into Frozen throne, we at blizzard have decided to open up a new 25 man raid dungeon. Helleefex. Includes the master raid boss, KreditKuntrulus with shocking new abilities like 'drain gold' and 'reposess epic'

    Those of you who succeed in slaying the raid boss could be in for ph4t l3wt like the legendary credit card of inifite expenses. You loot that, you don't ever spend any gold again. Ever.

  16. JK
    Coat

    The REAL reason

    Howard got ganked.

  17. Anonymous Coward
    Anonymous Coward

    RE: Cashless Society

    No doubt you keep your life savings in a bundle under your mattress...

  18. Geoff Thompson

    Sensible

    This seems odd, but if it is correct, I can see why they would do this. I recently paid a largish sum to a building society. I offered to do it by switch, but I was advised that the transaction would probably not be approved, because it would be very unusual. (Not a human decision, just automated detection), so I used a cheque. A few weeks ago I paid for a meal in my local pub by switch. Their card machine was down, so it was done on paper. The next morning I got a call asking me to confirm my last few switch transactions; obviously because the none PIN transaction was unusual. I thought this level of scrutiny was very positive. This contrasts with a couple of years ago, when my new switch card was stolen before it was posted to me, and some clown used it eleven times in four days to buy small items from the same garage, with £20 cash back every time. Obviousy I got all the money back eventually, but it caused a lot of hassle and a period with no switch card while one was cancelled and another issued.

  19. Anonymous Coward
    Stop

    Just contact the bank

    It isn't a ban. It's an automatic refusal to authorize

    without customer approval.

    Of course, what they should do is publish a list of automatically

    refused transactions so that customers know to contact them

    in advance. Bet they won't though.

  20. Anonymous Coward
    Thumb Up

    but they're right.

    Having recently been saved money by the Halifax's anti-fraud department, I agree with this move.

    If an innocent company is attracting fraudulent use of stolen details then why not block all payments unless separately authorised?

    How hard is it to one time authorise payments?

  21. Leo Davidson
    Stop

    Halifax are on *my* blacklist

    Anyone with a Halifax account is duty bound to change to another bank.

    Not because they think it's easier to cut fraud by denying huge numbers of completely legitimate payments (rather than, oh I don't know, phoning you up to check whether you intended to pay Blizzard money or not?). That is bad, but if you are still banking with Halifax right now then you deserve it.

    Having an account Halifax funds their criminally annoying advertising. Stop it. Withdraw your money and change to someone else.

    And don't try to say that you're massively overdrawn and thus costing them money. You know they'll claim it back in the end and make a profit from you. STOP FUNDING THIS SICK FILTH.

  22. Chad H.
    Unhappy

    @ ian

    I dont remember any varified by visa when I signed up.

  23. Dr Wheetos
    Thumb Up

    @Leo Davidson

    Let's get back to the point shall we? If your card was being used, I guess you'd be on the phone to them straight away. At least their actions are saving you a call.

  24. Ian

    Hi, my name is captain obvious

    Let's just look at this situation for a second:

    1) Stolen cards are being used to pay for accounts

    2) Accounts connect to Blizzard's servers

    3) Accounts hence display their IP address to Blizzard

    So what do Halifax do? They stop stolen card payments to Blizzard. What would any sensible company do?

    GET BLIZZARD TO REPORT THE FUCKING FRAUDULENT TRANSACTIONS AND THE IP ADDRESS TO THE POLICE SO THEY CAN FUCKING SUBPOENA THE ISP FOR THE PHYSICAL ADDRESS ASSIGNED TO THAT IP WHEN THE CREDIT CARD THEIF CONNECTS TO THE SODDING GAME!

    Basically Halifax are saying "Yeah, we don't actually mind you continuing to use that stolen card, you just can't pay for WoW with it" when in fact they should be saying "lol you idiot now we can trace you to the address you're playing from and arrest you so you can't actually use that stolen card anymore and get punished for doing so in the first place".

    Sure they could be routing through a proxy to Blizzard's servers but I'd bet the majority wouldn't be.

    Does it really have to be so difficult? I'm really bothered that a bank would have this attitude to the security of people's money rather than just deal with the fraudsters outright. They're letting them get away to commit fraud with my card another day and in another potentially more costly manner!

  25. Solomon Grundy
    Black Helicopters

    Interchangable Terms

    My comment was about cashless societies in general. I apologize for my failing to recognize that English banking may not view debit cards the same as credit cards. In the States a debit card can be used anywhere a credit card is used (depending on the card it can be both) it may not be the same over there. My bad.

    Irrespective of banking system nuances, my initial comment is still valid. If the bank has seen fit to issue me with a card, then they should leave me and my purchases alone. I review my statement each month and if something is wrong I can invoke my buyer protection privileges and the charge will be refunded. If people aren't reviewing their statements that's their problem. If banks can't implement a better system than having to call them to authorize a purchase, that's their problem. There are already plenty of systems in place to protect consumers.

    Disclaimer: Solomon Grundy has never, nor will he ever, participate in WoW. His comments were made based on principal.

    Can we get a penguin in a black helicopter icon? It'd just be cool.

  26. Tony Paulazzo
    Paris Hilton

    ID theft, ID's lost and the internet

    Wow, I'd be happy to hear my bank was doing something about fraudulent claims coming thru their system, and I'd rather that little bit of extra hassle of contacting the bank to setup an account. The real problem about this particular cashless cow is there's no physical product, you pay for the service, download what's required and play. the only bits of info required are a card number, a name and address which could probably be found in local restaurant bins. As long as you play in public wifi spots you're pretty much untouchable...

    I love the fact the government are so keen to crack down on piracy, peer to peer (which the BBC online service BBCi utilizes) and free internet, yet seem utterly impotent in the face of identity theft, email scams or, you know, keeping records of their own people safe.

    Paris Hilton, just, because...

  27. Mike Roantree

    If they cared about their customers

    They would stop making those tedious adverts that bombard us with wannabe singers and spend the money on something more useful.

    Like helping retailers etc incorporate the verified by visa/mastercard system to help cut down card fraud

  28. Mr B
    Coat

    A side effect of the subprime stuff

    Halifax is attempting to reduce its exposure to the possible burst of the World of Warcraft hut-ing bubble.

    Unless it's the World of CardCraft they are worried about.

  29. Hans Mustermann

    What makes it really stupid...

    What makes it really stupid is that they're doing something without first trying to understand what the problem _is_. And unsurprisingly come up with a "solution" that's only annoying, but doesn't actually solve the problem.

    There is fraud in WoW, there are keyloggers aimed at stealing WoW passwords, etc. Yes.

    But:

    1) If a fraudster got your details that way, he's not going to use it to buy you another month of WoW. He'll try to transfer your money somewhere else, buy something with it, etc.

    So blocking transfers to Blizzard is blocking the only thing that a fraudster _won't_ do with your account. But allowing everything else. Heh.

    2) There is no indication (so far) that any customer details have been lost by _Blizzard_, nor that any fraudulent transaction has been done through Blizzard. Some people just get scammed into giving someone else their details, or into installing a keylogger.

    So basically even blocking people from giving Blizzard their details at all, still solves the wrong problem. That's not how they lose their details. Even if people couldn't physically enter anything on Blizzard's site, those keyloggers and phishing sites would still do the same job anyway. In fact, by virtue of _not_ being Blizzard, the phishing sites are completely safe from this.

    3) Requiring people to go through loops each month to get their subscription renewed, actually _lowers_ the security there.

    In the normal case, you gave Blizzard or their bank your credit card number, and they'll automatically get some money each month from your account. But that's the important part: there's only one time when you give your credit card number, and only at that time it can be intercepted. if you force users to go through loops each month, you create extra opportunities for that to happen. You also create more opportunities for phishers and the like to masquerade as services that can automate for you, what a stupid bank tried to block. You create opportunities for phishers to pretend they're Blizzard's support checking credit card details, when someone finds their subscription expired because the bank stopped paying, and they haven't yet figured out why. Etc.

    Now I'm not saying that it's the end of the world, nor that everyone will get scammed that way. But I can see a few extra people getting scammed... because their bank tried to protect them from the wrong threat.

    I don't know... I find it just bloody sad. I know a lot of people are muppets who fake fixing a problem they don't even understand, just to look like they're doing something. But I'd expect a bit more responsibility from a bank. If that's how they respond to security or privacy problems... let's just say, I'd get my money out of there ASAP. I'd want my money handled by less clueless monkeys.

  30. Seán

    Halifax rock

    Any company which discriminates against wow losers is doing something right.

  31. Mark Ford

    Halifax - funny money banking

    Halifax is a strange bank to say the least...

    http://noise.alwayspages.com/Halifaxfunnymoneybanking

  32. Ben Norris

    what savings?

    It doesn't save you anything. Fraud is covered by your bank anyway. All it does is cause you inconvenience.

    Also game cards for wow are not an alternative because they cost about 3 times as much as paying directly.

    There is no reason at all for your bank to decline transactions willy nilly, what they should be doing is putting a decent verification process in place. Verified by visa and mastercard securecode have huge obvious flaws. What we need is for them to put some decent protection in place rather than all these measures to hoist the blame/liability for fraud onto cardholders.

  33. David Webb

    Halifax correct

    it isn't the fact that people are stealing your credit cards to pay for your account, its the fact that WoW accounts are compromised regularly, the credit card details are then used to purchase WoW accounts for RMT (who mostly are in China, so are outside US/UK legal channels).

    Halifax have an obligation and a duty to protect their clients financial details and to do whatever they can to protect them from fraud, so just adding a hoop to jump through to ensure you are not the victim of fraud is a good thing. Sure it won't stop stupid people having their accounts stolen through keyloggers, but it may help prevent them from having fraudulent transactions.

  34. Hans Mustermann
    Dead Vulture

    @Ian

    Not going to disagree with what you wrote, but I'd argue that (partially _because_ of that), the ban is even more stupid and ineffective than that.

    Ok, let's say I were an asshat haxx0r (I'm not, but just for reductio-ad-absurdum argument sake), I stole your identity and (of all the stupid things) all I want to do with your credit card is buy a WoW subscription. Blocking transfers to Blizzard is going to help... how?

    For the exact reasons you wrote, my directly giving your credit card number to Blizzard would be the dumbest thing ever. Plus it would buy me about a month of WoW, because after that you see the charge on your bank statement and block it. Blizzard would then probably ban my account too, when the bank tries to reverse the charge as fraudulent. So that's one char which probably won't get to level 70. Bummer.

    No, what I'd want to do then is buy a 3 months game card from Amazon with that credit card. Which (A) isn't blocked by any bank, and (B) doesn't link that WoW account to a stolen credit card.

    But again, that assumes that someone would go into the fraud line of work just so they can play WoW. A dozen or so bucks a month isn't worth the risk even by third world standards. If someone got a bunch of credit card numbers, they're going to want to get more expensive stuff with them.

  35. Ross
    Flame

    El Reg crowd not understand banking?

    1. That blog link by Mark Ford shows nothing wrong with the Halifax. They are free to choose what overdraft (if any) facility they offer their customers. If you don't like what they offer you there are plenty of other banks on the high street/internet.

    Cash is quite expensive to handle, and coins more so. Banks therefore have limits on how much they will take in any given transaction, or more commonly now - in any given day. Again, if you don't like it, change banks.

    And anyone walking around with an unsigned credit/debit card should be removed as a customer at once - they are massive risk. Fraud losses are covered by the bank, who get their money from you and I. I don't want to be paying for his stupidity. An unsigned Chip and Pin cards security is easily circumvented with a hammer and a biro. Walk into a Sony Centre, card a 44" Brava, oh the chip doesn't work? I'll just sign...

    2. Asking banks to request ISPs give them IP addresses used in fraudulent transactions is a joke yeah? No?! First of all, this should be a criminal matter, as cross border civil matters are so easy to ignore. That means it's down to the POLICE to do that work, not the bank. Given the relatively small amounts of money taken by paying for WoW the Police really aren't going to go through the expense and hassle of working with foreign Police forces etc. Hell, my lady had £600 taken from her account by someone in Italy a couple of years ago and the Police weren't interested, so £10 for a month of WoW isn't going to get any attention. Now here's the important bit :

    *** which is exactly why ppl do it! ***

    The Halifax are making it a pain to use stolen cards for WoW, but legit users only have to auth it once with the bank and they're back to normal. If you want to throw a hissy fit and blame someone there are plenty of other ppl further up the queue before you get to the Halifax...

  36. g e
    Alert

    Data breach ?

    Perhaps the reason only the Halifax is doing this is because they've had a data loss or breach that they've not disclosed...

  37. Keith Langmead

    @Hans, Ian and Solomon

    @ Hans Mustermann

    Try reading the actual article! It doesn't say that WoW users are the ones who are having their credit card details stolen, it's saying that stolen credit cards (from anywhere) are being used to pay for WoW subscriptions.

    @ Ian

    "So what do Halifax do? They stop stolen card payments to Blizzard. What would any sensible company do?

    GET BLIZZARD TO REPORT THE FUCKING FRAUDULENT TRANSACTIONS AND THE IP ADDRESS TO THE POLICE SO THEY CAN FUCKING SUBPOENA THE ISP FOR THE PHYSICAL ADDRESS ASSIGNED TO THAT IP WHEN THE CREDIT CARD THEIF CONNECTS TO THE SODDING GAME!"

    OK, lets have a reality check shall we? 1) Halifax have direct control over which transactions are and are not paid out. 2) Halifax do NOT have control of Blizzard's servers, so rely on contacting them in each case to get the information that's required. 3) Hiding your IP address is relatively simple these days, so getting the IP address that the fraudster connects from doesn't ensure they can track it to the actual criminal. 4) Every one of these fraudulent transactions gets paid for by Halifax, since the end user claims it back. 5) I dread to think how much money it would cost them in man power and legal fees to track down and presecute every single fraudster individually.

    @ Solomon

    "If the bank has seen fit to issue me with a card, then they should leave me and my purchases alone. I review my statement each month and if something is wrong I can invoke my buyer protection privileges and the charge will be refunded."

    So what you're basically saying is that you want to have your cake and eat it!?! You don't want the bank to stop transactions they feel are dodgy when they are made, yet you expect them to pick up the tab and clear the charge from your card when you find out that they were fraudulent?

    I'm certainly not a big fan of many banks, but in this case I have to agree with their actions.

  38. Antony Pearce

    @Solomon Grundy

    Not sure about in the UK, but in Australia one of the major banks tried to implement a more secure payment method by issuing chipped cards and giving (yes giving) their customers card readers so it could do a secure signature on the transaction and relied on you having the physical card for your online transactions.

    People decided it was all too hard and the bank ended up with several thousand USB card readers in storage.

    Ant.

  39. Steve Roper
    Flame

    @ Antony Pearce

    The idea of using bank-supplied card readers in the home was a fantastic one, and I never understood why it didn't take off. And it was because "People decided it was all too hard?"

    What? Let's see:

    Normal online transaction: I have to type my name, address, card PAN and CVC number, expiry date, and the cardholder name before submitting the transaction. Any fraudster can bang in details copied from a card along with a fake address.

    Card-reader transaction: I swipe my card through a reader, key my PIN, and the bank does the rest. Far more secure, and it ensures that any goods ordered are delivered to the address the cardholder has registered with the bank, not some arbitrary address specified by a fraudster.

    Anybody who thought this system was harder than the usual online formfest needs to be dragged out into the street and clubbed to death for the good of humanity.

  40. Andy Worth

    Look out......

    ....for the next "criminally annoying" (as another reader put) Halifax advert to be a bunch of dwarves and elven clerics dancing around singing.

    I am ashamed to say that about 6 years ago, I used to live next to some guys who knew "Howard" and he popped around to their house. It was actually just after the first advert, when he'd become a bit of a celebrity. That's not the part I am ashamed of though, I'm disappointed in myself that I missed the opportunity to knock him off then and there, and save us all from years of shit adverts.

    So, Reg readers, I apologise for my failure.

  41. Anonymous Coward
    Unhappy

    @ Hans Mustermann

    ok, you missed a vital thing, they DO use the cards to buy another months subscription, they use lots of cards have lots of accounts and run bots all over the place farming items and gold which gets sold on in the real world,

    It happened with Diablo; it happened with runescape, hell any game that you can trade with other players on it going to happen with

    It’s happening on credit cards too, so they can’t just transfer cash to another account, they have to buy things, which if you buy real world items will get your address traced

    It’s basically the ability to launder money off you, they spend a relatively unnoticed amount each month, use the subscription to get sellable items receive money from those items,

    Large amounts of cash in hand taken using your card, with no way to trace them

  42. Webcrawler2050
    Alert

    Interesting

    I find this highly interesting..

    What I found happens alot, a user orders something, a few weeks later - realises they dont want it - so instead of going down the root of speaking to the company to get a refund, they issue it as a chargeback / fraud.

    What i expect is happening -

    Teenages are using their parents cards, with or without consent - the user realises "Jesus thats a rob" and then issues the charge back - thus the bank sees this as fraud.

    Halifax, is just "trying" to show some responsibility, but we all know - that if a hacker really wants to wipe you clean, they will do more than just order WoW I mean - hell, surely they would know the IP is traceable or atleast the range is - especially if they are on dynamic, it would be a little harder to trace but do -able

    Personally, I dont think there should be any contact with the ISP to a certain extent, its not their fault, is it? Or is it?

    I think its just the case of the public / users trying to bend the rules to make it work in their favour - ive seen it happen so many times on a day - to - day basis. Its crazy.

    I think halifax could of done something a little more than declining transactions to WoW, what about the current users, that are real, what happens then? Its not ideal!

    Again, it all falls back to control - if a normal person can't access their own money and pay for things with their own money at places they wish - then why give us a card then?

    It probably, falls back to the government - big brother is watching.

  43. Jason Dean
    Unhappy

    I'm glad Halifax decided to tell their customers...

    This is the first I've heard of this. No one from Halifax has actually informed me that this is happening. I take it I'm supposed to guess after they reject the payment as to why this is happening.

    I have had fraud done with my card in the past, they way they seemed to test the card was to buy some music tracks from a place in Brazil and then a few days later started going for the big stuff from all over the world. I found out what happened when I checked my on-line account. Nothing had arrived in my recent transactions by all my money had gone out of my account. This was before chip and pin (And a local garage I frequented was shut down around 8 months after due to credit card irregularity's).

    I can't see how blocking transactions to certain companies (Unless the company were actually responsible for the card details theft) is going to help. Surly they would just use the details to buy something else.

    It sounds like a bean counters reaction to a problem. "Hmm, most of the fraud is done on these types of transactions, so lets just block them, that will solve the problem, and to save even more money, lets not tell them, let them find out for their selves."

    Jas

  44. Anonymous Coward
    Thumb Up

    Who would play WOW anyway,

    WOW has 8 million teenagers and kids, no wonder it's rife with people nicking daddy's credit details.

    Must be bad for a bank to do this. LOL

    Being from halifax and knowing most of their IT deparments through social drinking, I am shocked at how large it is and how each section of the bank doesn't talk to each other.

    So customers not knowing isn't much of a shock.

  45. Malcolm McLachlan
    Flame

    Bottom Line - They're Crap!

    Halifax Bank that is. If I wasn't currently in dispute with them I'd have left long ago

  46. Ben Cross
    Thumb Down

    @ Ian Ferguson, RE:Verified by Visa / Mastercard Securecard

    Regarding when you pay for the account/few new months or whatever using a Visa/Mastercard i can assure you that there is not verifed by visa popup meaning you need to input another password.

    For Domino's Pizza though, there is..but then for something like Amazon, there isn't. Depends on the site really, some do, some don't.

  47. Risky
    Thumb Up

    Not surprised

    My wife has some froaud on her accoutn the other year and sure enough it was someone paying for Warcrack. All refunded after reporting of course.

    Naturally if a bank finds one particular destination for a lot of fraudulent payments they're goign to crack down. I'm sure a load of porn sites get blocked like this every month. No issue with their action at all.

  48. Anonymous Coward
    Boffin

    BitTorrent Updates

    One of the weaknesses that Blizzard enforce on the WoW community is periodic updates via BitTorrent, using an Updater that shows the IP addresses of your fellow updaters. I'm sure this information must be of use to those criminally minded - a person is currently online on a PC with this IP address... check is they've got up-to-date PC protection, if not install keylogger...

    The subscription process doesn't trigger SecureCard - it didn't for my card this weekend - no call from India. I guess Blizzard store the details at the time of subscription and then issue their monthly, quarterly or six monthly request.

    You only have to set up a sub once per life of your creditcard. Maybe Blizzard should suspend accounts where the payment card changes monthly, and restrict each card to a single person (or registered family) account.

  49. passerby

    Re: 8 million teenagers

    Que?

    The average age of the WoW player is like 28. Women players are on average older than male players, but are fewer in number (bored housewives probably). There have been quite a few demographic surveys, older players perfer alliance chars, younger ones horde, and so on. Interesting in itself.

    WoW broke out of the teenage geek niche that confined other Online Multiplayer Massive Thingmajigs (or whatever they are called), thats why its so successfull.

  50. Ivan Headache

    @Solomon Grundy

    "I apologize for my failing to recognize that English banking may not view debit cards the same as credit cards. In the States a debit card can be used anywhere a credit card is used (depending on the card it can be both) it may not be the same over there. My bad."

    I would imagine that in the US (as it certainly is in the UK) a DEBIT card is not the same as a CREDIT card. A debit card takes money from your bank account straight away. Whereas a credit card takes money from the bank's account. The bank then passes that charge on to you to pay 30 days later.

    A not very subtle difference.

  51. Ash

    The day ANYBODY tells me...

    ... I can't spend my money how I want is the day I start dealing in gold.

    If my money's no good as the currency of the nation, then it's pretty damn fine as sparkly things.

  52. Kane
    Paris Hilton

    some clarification....

    @ what savings?:

    "Also game cards for wow are not an alternative because they cost about 3 times as much as paying directly."

    No, a prepaid 60 day gamecard costs about £17.99, whereas a credit card subcription costs about £8.99 per month (30 days or thereabouts).

    So, credit card subscription (£8.99 pm) x 2 (for 60 days of play) = £17.98 which is only a penny less than buying the prepaid card. Not "3 times as much" as you say. (where did you get that idea from....??)

    @Who would play WOW anyway:

    Well, I do. I'm not a kid, nor am I a teenager who has access to daddy's credit card. But I am married, (the wife also plays WoW, we regularly PvP together....) and I am 30 years old. And to save you asking, yes I do know what sex is like.

    Paris, cos I bet she plays WarCrack.....

  53. Shawn Bender
    Stop

    Dont be so fast,,

    I have had 2 cards scammed by WOW player.. one was never used and was for emergency only. On the other I had to fight to get back over 500$

    No I dont play WOW.. and never will.

  54. Lyndon Hills

    Happened to me

    when trying to book a flight. I think it was Ryanair and my card kept getting refused. I rang the bank who told me they'd seen a lot of fraud with the site and were blocking it. 5 minutes later they let my transaction go through. I think I've flown with them since and never had it happen again.

  55. Law
    Paris Hilton

    this sucks

    I bought a TV from Dixons a few months back with my hard earned cash... then for the next week my Abbey card was declined at everywhere apart from McDonalds.... when I rang and asked why they told me I had suspicious behaviour on my account... when I asked what was suspicious about me buying a TV from Dixons once every 10 years they said it wasn't part of my usual purchases, so protect me they blocked me card. No letter, no phonecall, nothing. So now I have to have two bank cards with me at all times incase Abbey are unhappy with me buying an apple pie from tesco instead of my usual flapjack and block me?!?!

    Idiots... about 6 months before they miss-arranged an overdraft and then charged me about £300 worth of fees when I was spending what I thought was available for my wedding. One of the charges was a £35 fee for stopping a £3 payment to Asda?! WTF!!! How can they claim they are trying to protect our money, when they are the biggest scammers of all.

  56. Dave Bennett

    @Ian (Verified by Visa / SecureCode)

    Hi Ian,

    Speak to your acquirer again and get confirmation of the rate change. Find out how that affects your monthly charges and then see if it's worth spending the money to set up 3D Secure.

    It isn't a case of insisting your customers use it, but you have to give them the possibility. I had this from CardNet a few months ago and since then it has been turned-around. Visa were increasing their charges to the banks for non-secure transactions, but I believe they are holding fire at the moment - probably because the infrastructure / support is almost non-existent.

    My payment service provider have only just gone live with their service.

    My advice is to work out how long it'll take to pay for itself, then speak to other acquirers and see what their rates are - your current provider might take notice if you think about moving suppliers!

    Dave

  57. steogede
    Black Helicopters

    Re: Interchangeable Terms

    >> My comment was about cashless societies in general. I apologize for my failing to recognize that English banking may not view debit cards the same as

    >> credit cards. In the States a debit card can be used anywhere a credit card is used (depending on the card it can be both) it may not be the same over there.

    >> My bad.

    Solomon, your failing wasn't in understanding the UK banking system, it was in failing to understand the US banking system. In both countries a credit card uses the banks money (which you later reimburse them for) - a debit card uses your money. They are interchangeable terms in the UK too, but only amongst people who don't know better - I presume the same can be said for the US.

    >> Irrespective of banking system nuances, my initial comment is still valid.

    No it isn't.

    >> If the bank has seen fit to issue me with a card, then they should leave me and my purchases alone. I review my statement each month and if something

    >> is wrong I can invoke my buyer protection privileges and the charge will be refunded.

    No the charge won't be refunded, notice the key phrase "buyer protection". The bank will remove the charge from your account, however the bank still loses money, unless they can reclaim it from Blizzard. This is the fundamental difference between debit and credit cards - with a credit card fraud, it is the bank's money and the bank's liability, you never have to pay for the fraud - unless the bank can show that you were negligent or in some way responsible for the fraud. With a debit card, it is your money and you have a lot less protection as ultimately you are liable, unless you can show that the bank or vendor's security let you down (or you have some sort of insurance).

    At the end of the day, someone ends up paying for the fraud whether it is yourself, the bank, the retailer or some other entity. Halifax are absolutely right to take any measure to reduce fraud, it is just a shame they are stuck with payment systems that are so open to fraud (but then that is down to the whole industry, not just Halifax).

    The real question is, if Halifax feel Blizzard are such a target for fraudsters, why aren't the protecting their customers by blocking debit payments too?

  58. Anonymous Coward
    Anonymous Coward

    3D Secure and WoW

    I'm kind of confused by the Halifax's stance on this one; I'm pretty sure WoW isn't using 3D Secure, which means, as far as the banks are concerned, all transactions are treated as "cardholder not present" which means Blizzard take all the fraud risk and attendant chargebacks, so why do the Halifax care? If WoW was using 3D Secure then I could understand their concern (not least because it would show up the inadequacies of the 3D Secure protocol) as the incentive they offer merchants for using it is that the bank takes the chargeback risk. Biggest problem with 3D Secure at the moment is that the banks have done a lousy job of communicating it to the customer, so most people when presented by the VbV or SecureCode page don't understand what it is, and it hurts retailer sales conversion (which is probably why Amazon don't use it and take the chargeback risk instead). There's more to the Halifax's stance than meets the eye here.

  59. Steve McGuinness
    Thumb Down

    Halifax = Profit

    Considering that there has never been a bank that Ive known where profit and cutting costs is treated as the be all and end all before anything remotely resembling customer service, this provides absoloutely no shocks whatsoever that rather than fix a problem, they just choose the cheapest solution.

    Even with those Glasses, Howard would have seen this coming.

  60. Robert Farr
    Black Helicopters

    There goes the first Domino

    Actually, I'd say don't be surprised if this is just the beginning of a larger shift towards several banks taking this decision.

    Nevermind simple economics. Banks have a LOT of power and even with that power they find themselves unable to find an effective electronic solution to the problem so its only natural they go for a less technical one.

    I also won't be surprised if this spreads to other MMOs where this kind of activity is taking root.

    Its also a legal issue, in that its extremely hard for a british/european/american company to pursue criminals in east asia, extradition probably isn't an easy option and thats assuming that they can get past IP hiding and using random wi-fi networks in the first place.

    This is just the beginning, of that I am fairly sure.

  61. Anonymous Coward
    Flame

    Halifax != logic

    About nine years ago, I got a mortgage with the Halifax. I had a current account with another bank. The transfer between banks took three days. As I got paid very near the end of the month, and it took wages from my company three days to enter my account as well, some of my mortgage payments were late. As all these bank transfers took them six days.

    After a few nasty letters, I figured the best thing to do was to change my current account to the Halifax, cutting three days of the transfer period.

    So I arrange a meeting with the Halifax. I tell them the situation and say I want to open an account with them. The person I saw thought is was a good idea and I filled out all the forms. All I wanted was a current account with a cheque book and a DEBIT card.

    Roll forward a week, I get a letter saying my application for an account was refused.

    I make another meeting with my local branch. They are as confused as I am as why the application was refused. After half and hour on the phone, the bank bod says "Your application has been refused because of your late payments on your mortgage."

    I say "One, I know my payments have been late, that's why I want to set up an account with you, so the payments will be ON TIME! Two, the Halifax has trusted me with XXXXXX thousand pounds of the their money to buy a house with, yet they wont trust me with a current account and a DEBIT card (if you don't know, a debit card only withdraws money in your account, what you don't have, you can't spend).

    In all fairness the lady did say that was stupid and appealed on my behalf, but the answer was still no.

  62. kain preacher

    Bank of america

    A few years back they would call any one that signed up for any ifriendfinder service. To make sure it was legit then for about a few months they just blocked all payments tos them

  63. Anonymous Coward
    Anonymous Coward

    View from one affected.

    Having had a subscription to the game possibly known as WoW for multiple years, through the same credit card / account. To have my regular payment 'denied' without warning or advance (or subsequent) notice from the Halifax is rather annoying. From this it is clear that there were no historical factors considered in this blanket ban. While there are pro's and con's for the reasoning behind this ban. (From my perspective some checking to see if this was a regular payment wouldn't have gone amiss.) The fact that as a customer of many years with the Halifax, there was not even a whisper of this ban taking effect. No phone, mail or even e-mail notice as given for this transaction refusal. That, I think is what is quite unacceptable. I think I shall be moving my business elsewhere.

    Re: card details, unless I misunderstand what I read when I login to the WoW account control panel, most details are fairly well obfuscated. I fail to see how compromising someones account details leads to the possession of their card details for other purposes. If this is a vein attempt to prevent users details being acquired from generic trojans, perhaps pertaining to WoW then this move would have no real discernible effect, in my humble opinion.

  64. Anonymous Coward
    Anonymous Coward

    Outrageous

    I have just been in contact with the credit card company and was informed that they will not authorise payment under any circumstances.

  65. George
    Unhappy

    The game company's side of things

    There are some excellent posts here from the banker's side of things, and more good ones from a user's side of things. Not many look at the game company's side.

    The fraudulent charges discussed here aren't so much kiddies using their parents' cards to buy an extra month of game time or a new account. Rather, it's organized companies set up overseas, in places like China, well beyond the reach of most law enforcement agencies in the West. These firms employ people to collect as much in-game currency as they can, then they sell that currency to players in exchange for real-world cash. This is referred to as "farming" gold, and the sale is often called real-money transfer, or RMT.

    Random_player_1 is a WoW player. He's not especially good, so he decides to purchase some gold pieces (the currency in the game) from one of these RMT companies. He hands over his credit card info, and a few minutes later, a representative of the RMT firm shows up in game and hands him his gold. Random_player_1 uses that gold to buy new gear, which increases the power of his character and lets him do things that were too difficult before, and he's all happy.

    Now, what happens to that credit card info? Well, without telling Random_player_1, that RMT firm uses his info to open a bunch of new accounts. Those accounts each get a free month, but require a credit card to activate. Each of those accounts is used to farm more gold (to be sold to other players), or to spam advertisements in the game (an offense that can get the account holder banned, which in this case would be our innocent, blissfully ignorant Random_player_1), or to do other nefarious deeds in the game. If the RMT company is nice, they'll cancel the trial accounts before the free month ends, but more likely, they'll let it roll over to a paid account, hoping to get another month or two of service from it before the card holder notices the extra charges, contacts Blizzard, then (when Blizzard refuses to refund the cash) disputes the charge with his bank.

    You see where the problem here lies? It's not with Random_player_1, who didn't do anything illegal. He did something pointedly _foolish_ in trusting his info to the RMT firm, but it wasn't illegal. The fraud happened on the part of the RMT firm, which misused Random_player_1's credit card info. There's no clear evidence that Random_player_1 did or didn't authorize the charges, other than his word against that of Blizzard (note that there's no evidence of the RMT firm's involvement here either). Ultimately, the bank is left holding the bag. They have to refund the cash to the player, and as a result they end up fining Blizzard for excessive chargebacks, even though Blizzard had nothing to do with this whole mess and is as much of a victim as Random_player_1.

  66. Anonymous Coward
    Stop

    verified by visa is a piece of shit anyway

    if you have a stolen card (which means you have the physical card) then then only extra piece of information you need to reset the password is a date of birth, and i feel fairly sure that that isn't the hardest thing to find out if you are hardened criminal gang.

    you can probably google for the account holders name and location in facebook or somesuch.

    its just a sop to reassure tim nice but dim.

    you should start asking how many people you give your card details to have implemented PCI-DSS (supposed to be mandatory for all 18 months ago). Answer: Virtually no company anywhere.

This topic is closed for new posts.