Jump to content

why tell hackers when we have payment info on file?


tish Celt
 Share

You are about to reply to a thread that has been inactive for 2574 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

One things about SL that upsets me is that it advertise to every one when I have payment info on file its like telling hackers to hack me to gain access to my cards I strongly believe this info is a not need to know for the public and should be removed from are profiles to help keep us safe.....

I truly beleave this follows under giving out persinal information its telling others that I have my payment info on file

Link to comment
Share on other sites

no other games you can't convert the ingame money  to RL$ and its harder to move it from 1 account to another 

all some one needs to do is get your password log into your account buy a **bleep** load of L$ transfers the L$ to another Avatar then sell it to a buyer for RL $ 

Link to comment
Share on other sites

seems you are still one of the many that really think accounts getting hacked.

This is simply nearly never happening.

It is always phishing people who spread their accountdetails everywhere, use the same logins for forums, blogs, facebook and so on... yes they ask for it....please take my account.

 

Next to that, the payment info doesn't mean there is a active card/option attached. Once its done, it stays there.

Link to comment
Share on other sites


tish Celt wrote:

no other games you can't convert the ingame money  to RL$ and its harder to move it from 1 account to another 

all some one needs to do is get your password log into your account buy a **bleep** load of L$ transfers the L$ to another Avatar then sell it to a buyer for RL $ 

That's true: other games and apps (mostly) don't provide such an easy way to transfer in-game currency between accounts and then cash it out for RL money. It's my understanding that, in practice, large transactions trigger some anti-fraud measures, so I'm not sure it's quite as simple as described, but no doubt it does happen when SL accounts are compromised.

As Alwin suggests, SL accounts are probably more often phished than brute-force hacked -- so I guess the question is whether an account designated "Payment Info On File" makes it more subject to phishing. Such schemes seem likely to just spam everybody, but I guess they could be targeted.

Alwin also makes the very good point that "Payment Info On File" does not provide a very reliable signal: I can't guess what percentage of PIOF accounts are still linked to valid payment sources, but at this point it must be very low, even for still active accounts.

Link to comment
Share on other sites


Qie Niangao wrote:


tish Celt wrote:

no other games you can't convert the ingame money  to RL$ and its harder to move it from 1 account to another 

all some one needs to do is get your password log into your account buy a **bleep** load of L$ transfers the L$ to another Avatar then sell it to a buyer for RL $ 

That's true: other games and apps (mostly) don't provide such an easy way to transfer in-game currency between accounts and then cash it out for RL money. It's my understanding that, in practice, large transactions trigger some anti-fraud measures, so I'm not sure it's
quite
as simple as described, but no doubt it does happen when SL accounts are compromised.

As Alwin suggests, SL accounts are probably more often phished than brute-force hacked -- so I guess the question is whether an account designated "Payment Info On File" makes it more subject to phishing. Such schemes seem likely to just spam everybody, but I guess they
could
be targeted.

Alwin also makes the very good point that "Payment Info On File" does not provide a very reliable signal: I can't guess what percentage of PIOF accounts are still linked to valid payment sources, but at this point it must be very low, even for still active accounts.

This got me a little curious.  I have no documentation but my understanding is that this feature was introduced mainly to give Land Owners further control over who had access to their land.  It was essentially considered an anti-griefer tool.  The logic was that with the introduction of Free Accounts that griefers would just use throw away accounts and never put PIOF on them.  Land owners wanted the ability to restrict these accounts.

The feature was added with Second Life Version 1.10.5, June 2006.  There probably was a lot of discussion leading up to it but I didn't dig that far.

I am guessing that even if it wasn't publicly broadcast in the Profile, it would still need to be accessible by script for it to work.

Maybe the info does create a target for hackers and phishers but really every phishing scheme I have seen has been promulgated through group chat with an offer of a freebie.  I've never heard of one where individual accounts received PM's but I guess that is still possible.

 

Link to comment
Share on other sites


tish Celt wrote:

no other games you can't convert the ingame money  to RL$ and its harder to move it from 1 account to another 

all some one needs to do is get your password log into your account buy a **bleep** load of L$ transfers the L$ to another Avatar then sell it to a buyer for RL $ 

Other scams exist, e.g.

http://forum.worldoftanks.com/index.php?/topic/314161-beware-when-you-accept-a-gift/

Also, the part about "all someone needs to do is get your password"... and they're doing that how?

(The follow up posts have told you)

Link to comment
Share on other sites

1. Thats not personal information. It only says that at one time you had some sort of payment info attached to your account. And thats it. It doesn't say what that was or if its still there.

2. You are not more safe if it isn't there or more at risk if it is there. People do not get hacked. And what people refer to as "getting hacked" is not a magic trick that the evil hacker did. Often they are not even a personal target. Most people (here and in many apps/games) lose their money because of phishing.

In SL the most common forms are:

- fake links, that lead you to websites that pretend to be legit and want you to enter your login information

- allowing objects to acess your LL balance

- giving your login information to someone else

 

 

Link to comment
Share on other sites


Syo Emerald wrote:

In SL the most common forms are:

- fake links, that lead you to websites that pretend to be legit and want you to enter your login information

- allowing objects to acess your LL balance

- giving your login information to someone else
 

In terms of percentages I would put copybot viewers at the top of that list. It's always funny to watch stupid people who thought they were ripping off others, only to discover the joke was on them all along. Honor among thieves and all that.

Link to comment
Share on other sites

In my opinion casual profile peepers do not need to know that info. However there ARE conditions where it must be known. If it is available to scripts (LSL) then it is also visible to anyone willing to write a script. That means it cannot be private. So if it's not private, why not put it on the Profile too?

I agree, it doesn't NEED to be there. But it is, and it's not private info. So just like your UUID, it's pointless to hide it.

Now .. my question to you: What harm does it do to be displayed? We've already determined that it does not infer you have money, only that you have at some point in time purchased Linden Dollars. So what exposure does it create that concerns you?

Link to comment
Share on other sites

  • 2 weeks later...

I agree with you tish.

It totally as if someone wanted accounts with financial data to be publicly identified to anyone #&$^ Why did they think there is such a need to expose everyone wholesale?

When a transaction is processed, the information is already checked by the system. Why expose everyone more than that?

Misguided policy.

Link to comment
Share on other sites


Ackley Bing wrote:

I agree with you tish.

It totally as if someone wanted accounts with financial data to be publicly identified to anyone #&$^ Why did they think there is such a need to expose everyone wholesale?

When a transaction is processed, the information is already checked by the system. Why expose everyone more than that?

Misguided policy.

You have been told why: it is an anti-griefing tool. Throw away alts are not likely to have given their real life info to LL.

Link to comment
Share on other sites


Ackley Bing wrote:

I agree with you tish.

It totally as if someone wanted accounts with financial data to be publicly identified to anyone #&$^ Why did they think there is such a need to expose everyone wholesale?

When a transaction is processed, the information is already checked by the system. Why expose everyone more than that?

Misguided policy.

Times change and situations change.  My google-fu is failing me and I can't turn up the original discussions that led to this.  But at the time of the decision it was a judgement call and the call favored the Land Owners in SL.

If you or anyone wants it changed then file a JIRA.

https://jira.secondlife.com/secure/Dashboard.jspa

Me personally, I don't really care one way or the other.

Link to comment
Share on other sites

As pointed out, even if it were removed from your profile it still is information available through a simple script, so it is no way private.

Aside from being a tool to keep griefers out, LL itself requires PIOF to to go gaming islands.  So everyone on a gaming island has PIOF.

I've been in SL since 2006 and have never heard of an account being truely 'hacked'.  Everyone that claimed this happened to them, in further conversation it comes ou that it is always a case that the account owner was careless in keeping their account secure. 

If it bothers you so much remove your payment information.  or use PayPal and remove the ability to buy Linden in the viewer.  This way you will have to enter your PayPal password to buy any $L's as a second level of security.  You can also use a credit card that protects your liability if the account is used for fraud, as long as you report it as soon as you find out.

Link to comment
Share on other sites

You are about to reply to a thread that has been inactive for 2574 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...