Menu
What's New
By:
Filters

More secure goldcard

ufcfl

ufcfl

Dominant
Joined
May 6, 2005
Posts
380
Location
Nangis, France
Society
Federation of Free Wanderers
Avatar Name
Kylie Kylie White
We've seen some cases of people having a goldcard who were hacked because of the EU website that only asks for the password. Then the thief can fill a support case asking do disable the GC.
I see a simple thing that would fix this. When someone asks in a support case for a GC disable, MA should first ask the player to enter one (or more) GC code(s). The code would have to be a not used one yet, so the player wouldn't login until support answers. That way, MA could verify if the person is really the owner of the GC.

What do you think?

PS : Sorry for the bad english
 
just had to gratz...why on earth there is a gratz button on security forum ?
 
ufcfl said:
We've seen some cases of people having a goldcard who were hacked because of the EU website that only asks for the password. Then the thief can fill a support case asking do disable the GC.
Click to expand...

i hope it is not that simple!. i was under the impression that, if you order to disable the GC form the web site, you must fax/mail MA some kind of identity proof.... are you sure MA will disable your GC just by filing a support case?
 
jdegre said:
i hope it is not that simple!. i was under the impression that, if you order to disable the GC form the web site, you must fax/mail MA some kind of identity proof.... are you sure MA will disable your GC just by filing a support case?
Click to expand...

im pretty sure that is the case, jdegre, but have no verification
 
I guess the grats is for not understanding how it works ?
Nobody with a gold card can have someone log into the EU website and request the card be disabled without providing the same documentation needed for limit increases. IE Color Goverment Issued ID, Utility bill in your name, birth certificate etc. These measures are in place to prevent such incidents from happening and yes they are a pain in the arse but they are for your protection.
I'd really like to see an example of someone with a GC being hacked, that 1) Didnt give someone the next number in the sequence or 2) didnt give someone the GC itself.
I do internet banking security in the states and the GC system is surprisingly better then most US banks.
GREAT JOB MINDARK!:wtg:
 
MA will've definately protected against this.. I remember reading somewhere if you want the GC disabled you have to fax them a goverment issued ID signed by someone or other (Can;t remember who)

Oh and Grats ;P
 
GC security on website....

ufcfl said:
We've seen some cases of people having a goldcard who were hacked because of the EU website that only asks for the password. Then the thief can fill a support case asking do disable the GC.
I see a simple thing that would fix this. When someone asks in a support case for a GC disable, MA should first ask the player to enter one (or more) GC code(s). The code would have to be a not used one yet, so the player wouldn't login until support answers. That way, MA could verify if the person is really the owner of the GC.

What do you think?

PS : Sorry for the bad english
Click to expand...

A couple thoughts, I paid $20 for a gold card, what do you mean they will disable it from a support case, without proper identification!!!
YOU GOTTA BE KIDDING

If an account gets hacked and the gold card gets subverted because MA does not follow it's own procedures MA should FULLY reimburse player for all lost items.

On the idea of using the gold card on the website; what if my GC is broken :)

I think that when the goldcard is registered as being received, one of the codes should be entered into the website WITH the serial number of the gold card. With this combination you should be able ( and only able to) cause a broken gold card to be replaced, sent to the current address on record.

In the case that the above mentioned code and serial number are unavailable, the only solution I would find acceptable is the photocopy of passport being sent to MA and then a new GC being sent out to the address of record.

There should be the only 3 ways to get a broken card replaced, passport, personal visit to MA with passport or with the above mentioned registered gold card code and gold card serial number.

Obviously the GC should be used for address changes. And no address changes without a proper GC code.

Of course in the US the postal authorities ( almost a separate police department in themselves ) take a VERY DIM view of people using the mail to further any type of crime.

Yes I know a lot of people will say "I FORGOT", well put the info on a scrap of paper and put it in your ( or your parents) safe deposit box, or hide it under a floorboard in your house.


Art.
 
Hmm, it seems i forgot the first reason why someone would want his GC disabled : a not working goldcard. So how could MA ask the person a valid GC code to verify his identity?
Sorry for the useless thread
 
ufcfl said:
We've seen some cases of people having a goldcard who were hacked because of the EU website that only asks for the password. Then the thief can fill a support case asking do disable the GC.
Click to expand...

please do tell us about these cases! new to me :)

they ask for RL id. which is why nobody will ever be able to hack u.
 
nice try at sarcasm

ufcfl said:
Hmm, it seems i forgot the first reason why someone would want his GC disabled : a not working goldcard. So how could MA ask the person a valid GC code to verify his identity?
Sorry for the useless thread
Click to expand...

If you noted I suggested that you REGISTER a valid GC code + GC serial number for future use in an emergency. I also mentioned that SOME people would forget/lose it and therefore:

MA already has policy that requires passport or other reasonable id copy required for turning off gold card.

Nice try at sarcasm but it just shows you did not read the post
avatar775_1.gif


Art Ludgren said:
<Stuff deleted>

On the idea of using the gold card on the website; what if my GC is broken :)

I think that when the goldcard is registered as being received, one of the codes should be entered into the website WITH the serial number of the gold card. With this combination you should be able ( and only able to) cause a broken gold card to be replaced, sent to the current address on record.
Click to expand...

As a general statement "Anyone with a Gold Card would NOT want it disabled". Yes there may be exceptions, but MA seems to have it covered by policy. If MA breaks their own policy that is a different matter although EULA seems to cover that by our agreeing that even if we suffer losses by MA negligence we hold them harmless.

As far as useless thread, it is useful in showing MA how much of their documentation/EULA/FAQ people actually read.:wtg:



Art

BTW: fDid not mention, pushed publish instead of preview :(

You actually mentioned that people use a not yet used GoldCard code yourself in first post?????
 
ufcfl said:
We've seen some cases of people having a goldcard who were hacked because of the EU website that only asks for the password.
...
Click to expand...
No we haven't seen any cases like that.

I think someone misinformed you.
 
MA will not disable a gold card without proof from the person asking. In fact after the one incident I am aware of where a person obtained a persons password and used it to change the website password and email MA immediatly made changes.

(If I remember right they locked the persons account by trying to guess GC numbers, but did not ask to have the GC deactivated or have a new GC sent.)

Anyway back to the changes implemented when this happened, I was in the middle of a gold card upgrade when it happened. My new gold card had been shipped with instructions on how to activate it when it arrived.

When it was received and I followed the instructions from support I was notified that security had changed and I now had to submit proof of who I was as well as info from my old gold card before they would activate the new gold card. Even though my email address and home mailing address etc had not changed for 2 years I still needed to provide this information.

I thought it was very proactive of MA to make that change so fast, even though it took a bit extra time to activate the new GC. Will post the support in a bit so you get their wording.

I for one and happy with MAs actiosn relating to GC security.
 
Support case starting with the shipment of the new card and reader on October 18. At this time all that was required was me to let them know when it was received and what the number on the card was.

On October 27th Nebu posted that he accidently was infected with a trojan and his password was compromised. The hacker gained access to his account via the web but did not gain access to his in game account. They wrote a support case requesting a new gold card, but Nebu was able to reactivate his account and cancel that request.

I recieved the card that was shipped to me and did the activition as directed on November 2nd. I was then informed that I not only had to give them my identification, but I had to send them an image of my old gold card for verification as well!

I felt this protected me even more than it had in the past.


18 Oct 2007Entropia Support:
Hello,
Replacement items will be shipped today. Please confirm when you have received the parcel. You need to contact support when you want to start using the new card. We will then update the ID for you.

Kind Regards,
Entropia Support

02 Nov 2007You wrote:

I have received my new card. The number on the card is XXXXXXXX.

Thank you

02 Nov 2007Entropia Support:

Hi,

In order for us to be able to update your gold card id you need to fax us a copy of your ID together with a copy of your old gold card where the ID is clearly visible. We need to take this extra security measure since we have received concerned reports from users regarding the security of our system. Our fax number is +46-31-136016. You may also scan these documents and send them attached to an email to entropia_support@mindark.com. The fax option will be quicker though. Please add the number of this support case as subject to the fax/email.

Kind Regards,
Entropia Support

02 Nov 2007You wrote:

Thank you, I was not aware of this new security measure. I am glad that you take security as seriously as you do.

I just got back in town from a lengthy trip and was happy to see that my new card had arrived.

I will scan a copy of my US drivers license and my cards as soon as I can. I do not have access to a scanner at home and will do so next week when I can access one

I will also send it in via email because I do not have access to a fax machine with international access.

Please be aware that my US drivers license includes my social number. Can I black that out or do you need that visible. If so please ue caution since it can be used for identity theft.

02 Nov 2007Entropia Support:

Hello,
We do not need the social security number. If you feel more comfortable when it is not visible, we have no problems with this.

Kind Regards,
Entropia Support

13 Nov 2007You wrote:

I sent in the required information via email with this support number in the subject line last week. I am just checking on the status.

Thank you

14 Nov 2007Entropia Support:

Hello,
We apologize for this delay. We have updated your id and you may now login with your new card.

Kind Regards,
Entropia Support

14 Nov 2007You wrote:

Thank you, I will test this when I get home this evening. I appreciate your assistance

14 Nov 2007Entropia Support:

Hello,
Thank you for the update. Please let us know if we can close this case now.

Kind Regards,
Entropia Support

14 Nov 2007You wrote:

The new card is working perfectly Thank you for all of your assistance.

16 Nov 2007Entropia Support:

Hello,
Thank you for the update.

Kind Regards,
Entropia Support
 
Last edited:
Again, most of us can agree that Mindark has done an excellent job with the security, but you MUST purchase the gold card. Is $20 worth securing your account, items and skills? 4 out of 5 dentists recommend it...
 
You must log in or register to reply here.
Back
Top