Aren't those on the card though? Yup, so it's a pretty dumb thing to ask for security screening (as long as it's the only real security question), but I think the reason why they ask that is because more details like credit card numbers get stolen online rather than physically, so under such circumstances, the thief would have you card number, but (perhaps) not the security code. I still stand by my opinion that asking dumb questions like that is bad form (as far as validating ID anyways). EDIT: just had an idea. Why don't they ask one or two of your recovery questions as a security measure for credit card payments? That's a much stronger proof of ID, combined with the current questions. Does Jagex even have recovery questions anymore? I think they use e-mail for account recovery now.