Stolen Credit Card vs Password

[Leoo]

This year, I decided to instead of having to ring every month to renew my remembership, I'd pay by my card not to mention it's slightly cheaper. When entering my details I noticed something...the only form of security detail they request for is the cardholder's DOB - which can be easily attained from other stolen documents that came with the credit card. Not sure if it's the type of card I was using, but nearly every other website I've used to purchase something always askes for my password. What I mean by password is the security password to confirm you are the cardholder which normally requests specific characters of the password - normally provided by the secure system of your Bank. This did not appear when I purchased my membership which I was quite suprised about. Other than the DOB, every detail that is required to be filled can be seen on the card such as the cardholder's name and the expiry date. By adding the passwords to the checkout process, could this reduce the number of membership purchased through a stolen credit card - or even any other product you can buy from the Jagex store.

 

I repeat, I'm not sure if it's the type of card I'm using but I can confirm that my Bank does have a secure checkout system that is promted on all other websites where I've purchased online.

[Omali]

It's been maybe three or four years since I had to enter my credit card details into Runescape's website, so it may have changed, but I remember having to enter in my card number and security code. I don't know why they'd change that.

[Leoo]

It's been maybe three or four years since I had to enter my credit card details into Runescape's website, so it may have changed, but I remember having to enter in my card number and security code. I don't know why they'd change that.

 

Aren't those on the card though?

[Capt_Davy]

It's been maybe three or four years since I had to enter my credit card details into Runescape's website, so it may have changed, but I remember having to enter in my card number and security code. I don't know why they'd change that.

 

Aren't those on the card though?

Yup, so it's a pretty dumb thing to ask for security screening (as long as it's the only real security question), but I think the reason why they ask that is because more details like credit card numbers get stolen online rather than physically, so under such circumstances, the thief would have you card number, but (perhaps) not the security code.

 

I still stand by my opinion that asking dumb questions like that is bad form (as far as validating ID anyways).

 

EDIT: just had an idea. Why don't they ask one or two of your recovery questions as a security measure for credit card payments? That's a much stronger proof of ID, combined with the current questions.

[i_trollz_u]

I didn't even know there were places that required a code from a bank. Seriously which websites are you talking about that have such a thing? The only other code similar is the CSV code, which is also found on the credit card.

[lordkafei]

This sounds like what you are talking about, but I don't think Jagex is using it yet. I also don't know if it's available outside the USA. But I have been seeing it more and more on Internet shopping sites.

[testingsomestuff123]

It's been maybe three or four years since I had to enter my credit card details into Runescape's website, so it may have changed, but I remember having to enter in my card number and security code. I don't know why they'd change that.

 

Aren't those on the card though?

Yup, so it's a pretty dumb thing to ask for security screening (as long as it's the only real security question), but I think the reason why they ask that is because more details like credit card numbers get stolen online rather than physically, so under such circumstances, the thief would have you card number, but (perhaps) not the security code.

 

I still stand by my opinion that asking dumb questions like that is bad form (as far as validating ID anyways).

 

EDIT: just had an idea. Why don't they ask one or two of your recovery questions as a security measure for credit card payments? That's a much stronger proof of ID, combined with the current questions.

 

Does Jagex even have recovery questions anymore? I think they use e-mail for account recovery now.

[gspbeetle]

This sounds like what you are talking about, but I don't think Jagex is using it yet. I also don't know if it's available outside the USA. But I have been seeing it more and more on Internet shopping sites.

 

Vertifly by visa and the similar system on master cards is available outside US, but more importantly its optional. It only shows up if and only if the person has applied for it, unless of cause the site owner demands only card with vertifcation is accepted.

 

Does the card company actually know our DoB anyway?

[mister_moocky]

Considering it's what, $6? I don't think verification is a big issue.

[Big_Stingman]

Considering it's what, $6? I don't think verification is a big issue.

 

And credit card companies will almost always reverse the charges if you report it stolen anyway...

[lordkafei]

Vertifly by visa and the similar system on master cards is available outside US, but more importantly its optional. It only shows up if and only if the person has applied for it, unless of cause the site owner demands only card with vertifcation is accepted.

 

Does the card company actually know our DoB anyway?

 

It's a pretty standard application requirement, on both credit cards and checking accounts (debit cards)

[Vex]

I think for verified by visa, as an example, the company itself has to elect to sign up to the scheme. But due to the small scale payments available on the Runescape site, it's probably not worth it for them.

Having said that, it would of fixed their problems I think they had with people reverse-charging on CC's or stolen CC's in their RWT article a while ago.

 

Another example of relatively dodgy card storing is Amazon. There when you load your card onto your account to buy something, it automatically saves it unless you remove it (your card details).

So all people need is your email address + your password. I found this hard to believe from such a big internet shopping site such as Amazon, but it seems they've elected for convenience rather than security (I can just click something to buy it and off it goes)

 

Verified by Visa is also available outside of the US, at least I have it here in the UK.

[bored321]

Jagex does not handle the payment themselves. Its upto the payment provider to ask (providing its been enabled), and usually for recurring payments they don't. Also did you know, that if someone manages to get your Visa/verified MC/SecureCode and card details you will have more difficulties claiming back (if at all) the money they spend compared to non-verified payments. And another thing, Jagex used to use Worldpay, they were worse than paypal at not investigating chargebacks.

[essiw]

I didn't even know there were places that required a code from a bank. Seriously which websites are you talking about that have such a thing? The only other code similar is the CSV code, which is also found on the credit card.

In the Netherlands you have iDeal which is that you can login at your bank (if you have internet-banking [not sure if that is correct in english]) and then to verify you are the bank-user you have to fill in a code (you get a paper send home with 100 different codes on it) like code nummer 78: 325587

 

Not sure if you meant that, sorry if you didn't.

[Sbrideau]

Considering it's what, $6? I don't think verification is a big issue.

It is to some.

 

You're rich and I dislike rich people.

[obidiah]

It's been maybe three or four years since I had to enter my credit card details into Runescape's website, so it may have changed, but I remember having to enter in my card number and security code. I don't know why they'd change that.

 

Aren't those on the card though?

Yup, so it's a pretty dumb thing to ask for security screening (as long as it's the only real security question), but I think the reason why they ask that is because more details like credit card numbers get stolen online rather than physically, so under such circumstances, the thief would have you card number, but (perhaps) not the security code.

 

I still stand by my opinion that asking dumb questions like that is bad form (as far as validating ID anyways).

 

EDIT: just had an idea. Why don't they ask one or two of your recovery questions as a security measure for credit card payments? That's a much stronger proof of ID, combined with the current questions.

 

Does Jagex even have recovery questions anymore? I think they use e-mail for account recovery now.

 

I think the lost password system is now recovery questions combined with e-mail (i.e just e-mail may not do the trick.) I hope so e-mail accounts can be as easy to steal as recovery questions. It was sold as adding another layer of security, not replacing one with another.

 

The points a but moot though, as I don't think all that many of the stolen credit cards numbers used were connected with Runescape accounts, so wouldn't have associated recovery questions. (Could be wrong, but I didn't hear that many people crying on the forums that their credit card details had been stolen and used to pay for someone else's membership)