Credit card security

Something that wasn't mentioned in the Open Letter, but which I would really like to see 'fixed': can there be a little more attention for credit card security?

When I created my account five months ago and verified payment information, I was rather unpleasantly surprised that this gave my account more or less a carte blanche (within trading limits) to use my credit card without verification. In other online games I've played (like Project Entropia) each purchase of ingame money required verification of my credit card: expiration date and however that number on the back is called. And that is how it should be. The way it is now, anyone who successfully steals the account info of an SL resident automatically gets access to their credit card. This poses a far greater risk to security than is necessary.

If proper verification methods were in place, an identity thief can only fuck up someone's in-world finances, which is bad enough. But at least they wouldn't be able to buy linden dollars as well, hurting someone's RL finances. At first I didn't think to much of that possibility, but only this week we had a report on the forum from a girl who had exactly this happen to her: Her account was stolen, and the thief used her credit card. If she hadn't found out pretty soon (by seeing her own avatar running away from her sister's) the consequences might have been even worse, she assumed it was just a bug when she wasn't able to log in after the update (who wouldn't assume that?).

Can something please be done about this serious security leak? Identity theft can and does happen, even to people who are careful never to give out their account info. It would make me a lot less nervous if being the victim of identity theft didn't mean enabling someone else to clean out the limits on my credit card...

Bumped for truth.

It does worry me that someone could, if they obtained details, go on a buying spree, although I think it would be possible to track down serious fraud, since each transaction is tracked. It would be difficult for someone to, for example, hack someone's account, pay themselves several hundred thousand lindens and then transfer that amount back out again without leaving a trail that could easily be followed.

But yes, I do agree that some kind of verification should be used in-game rather than just click the blue $ circle and choose the amount.

The security of credit cards in internet always scares me. It puzzles me too That in SL there is no verification, but i use a credit card that is only for internet and has a very low credit limit. At least if i'm robbed it will not be that much

Users in the UK are often stuck with Debit cards (visa electron and switch Solo to name the main ones) and the banks cheat those customers on a regular basis.

Although those accounts theoretically can't go into the red, in practice it's quite possible to use the cards to overdraw, and then end up with a huge charge. The banks will not want to know because they will blame the internet company - in this case Linden Labs - for the security.

Unfortunately, in this case they do have a point.

You think that's bad...my card company (the one that issued the card; which, btw is a large company) has blocked payments to Linden Lab. Reason, too much fraud.

It's the first time I've heard of that happening, but I have to say I'm afraid it doesn't surprise me.

CC companies are now tightening up on online usage. An example of this is where the first time I used my new visa card to buy things online on a site I regularly use and trust, it asked me for details I wouldn't know if I didn't own the card, such as the postcode, my middle name in full (not just the initial) and my date of birth. Each time I now use this site, it asks me two of these questions as well as a security question when I go through the checkout procedure. Credit card companies are doing this to move the onus away from themselves for refunding customers, and onto the companies concerned.

This is another reason that Linden Labs need to look at the security issue - because if other CC companies start to do what yours has done, then LL won't be able to get paid because their company is on a blacklist amongst credit card companies... and that could kill Linden Labs off if they don't address it with some haste.