Account & Credit Card at risk.

Renoaku

http://www.ageofwushu.com/forums/viewtopic.php?f=36&t=5228&p=33068#p33068

1. There is no security on player accounts no IP Verification, no backup, and no secondary password.

2. Whats even more disturbing is the fact that their Order Site doesn't even have SSL for buying gold or Topping up therefore your Credit Card information can be exposed.

3. Customer Service no way to call them and let them know because their phone numbers dont work and their email gets mail delivery failure notice.

4. No Email Verification Require or RL Info required to be used or verified.

rojoArcueid

they havent answered to your post, ill wait for their response, maybe they have some security we dont know about? i hope so. But i dont know. Wait for their answer. And If they dont have any, then yeah, they should do something.

Renoaku

Nope not yet but they never really respond in game either one of my school mates was just compromised too...

I just made the post tried to email support again, and call them neither work also there is so many unanswer posts and no GM's avalable in game either.

Reguardless of what security they have in China or using China billing systems this is the U.S meaning transactions made from U.S companies need SSL or to follow its rules and regulations meaning that the company should be 100% responsible for all fraud charges if it occurs because of their service.

Amjoco

Hmm, all good points. Thank you for alerting us here!

Renoaku

Welcome the post on the AOW forums seems to mysteriously vanish which only means one of two things.

A. The moderator just deleted it.

B. They actually moved it to a more secure area to fix and resolve the issue.

I am not sure which of the two it is but I hope they are fixing it because I already sent an email to the credit card companies and told them about the issue and am about go warn some people I invited to play this game.

This doesn't mean that your credit card if you made a purchase was exposed to the wrong people or anything but I have seen a number of players in game claiming to have accounts compromised, and talking about how they are not getting any customer support.

Also I will be warning the people I recommend this game too and clans shortly I mean I like the game I really do and I hope they take this issue seriously enough to fix it and not ignore it but this issue must be fixed had it not have been for the accounts of others being compromised and talking about it I would have never have seen the issue because I over looked it myself when I purchased gold and VIP from their site.

Thelric

Good catch on the non secure credit options. Definitely not a pro but the game has a few good ideas which can be learned from by the game industry. There's a paypal and game card option available for  purchases amongst others.

Alamareth

The people that had their "accounts compromised" can completely blame themselves.  There's been not one credible report to date - although plenty of people whining about how they got hacked.

As for the non-secure credit card transaction, I don't have the first clue what you are talking about.

1) No IP verification.  Why on God's Green Earth would you want that.  Kiss any sort of proxy ping minimizing software goodbye.  Furthermore, there's a clearly labeled field on character select that shows the IP of the last individual to login to the account.

2) Their credit card page was well within industry standard when I used it two months ago.

[mod edit]

Renoaku

This is AOW's response so far.

http://imgur.com/XyNDpk2

What is IP Verification?

IP verification is a system similar to TERA & Guild Wars 2 when a user logs in from an IP address not saved it asks the user to go to their email and click on an API link which will then allow them to login to the game, along with a Secondary Password if a user chooses to set it up or password for individual characters so each character or account can have a second one if the game supports multiple characters. This prevents keyloggers and hacks.

Now I have not been hacked myself but others have and after finding this flaw it just gets me.

http://imgur.com/DEWHJcw

I do not see any SSL Encryption or PadLock on my browser but I notice this when I pay from other sites?

Now basically this doesn't mean that players can't play from proxies or other IP addresses.

It simply means that each time an account goes to login from X IP address they have to verify by email, or have a secondary password ot enter which can't be logged because its click by mouse and such.

Now there have only been two times that my computer has ever been compromised due to my own fault, but it wasnt my entire computer it was World OF Warcraft, my addon's from curse had a keylogger but they still fixed the account, and they gave me the way to prevent it by buying an authinticator which stopped it completely.

And my Lineage 2 account, another foreign game my account I had since 05, never used an addon but as soon as the game went F2P my account was compromised? Again it was the company's fault on this I would say for making it F2P but not having secure or secondary password they I believe put it in after accounts started getting hacked but refused to fix my account, or anything. Now my data was safe there for over 2 years I did not even play the game until the day it went F2P? And I had two different L2 accounts only one got hacked same password.

I ran multiple checks on my PC it was clean from Keyloggers I also open Cv6 & check for unauthroized connections or data packets nothing sent out that I didn't authroize.

So yes some game companies are at fault while some are not games especially games like AOW need additional security to protect players they are failing to provide us with such.