We anticipate that even with this update, third parties will continue

[KremlinKOA]

Is this one though?

The money they were losing from the chargebacks was magnitudes higher than the amount they would lose by implementing this solution in the short term. And if the multiple sources about Visa looking into them are true, they didn't have much time to work on a proper solution and effectively needed to get one out the door ASAP, thus had to go with the solution that would be quickest to implement without having to meticulously go over every single potential loophole. From a pure business standpoint, they can afford to temporarily annoy people in their fanbase for a short bit in order to crush the RMT vendors outright while they work on the actual solution.

Regardless of how players feel about it, the current solution is literally the furthest thing from a mistake to Square.

Especially since you fail to realize.that consumers, by far and large, are extremely forgiving and in the moment. 'Oops, we messed up! tee-hee' from Square in a few days/weeks time when they have the proper solution built and tested will instantly restore favor to 99% of annoyed people. Even in your new coke scenario, the moment coca-cola brought back the old recipe, their sales skyrocketed. and everyone forgave them as though nothing happened. New coke wasn't even a mistake for the company, it was literally one of the best marketing campaigns in history, completely by accident. If you wanted to cite a corporate mistake that had actual negative effects, I would have personally gone with Subway's 'not actually footlong' or 'their bread is classified as a desert in Ireland due to the amount of sugar in the recipe'.

If nothing else, just take a look at Blizzard's track record and how the vast majority of their consumers keep coming back to the new shiny thing, when every single game they've released lately has just been riddled with controversy.

"Diablo Immoral was ultra bad in its monetization, but Blizzard has totally learned their lesson and will make Overwatch 2 totally fair, right guys? I'm gonna buy day 1!"



*Que sad trombone*

You are wrong.
It IS a mistake
You spoke about the 'easiest ti implement solution.
But they took down the shop while working on this solution. Which means they paused the issue to give themselves time.
Hell, In my response to Ikara Greydancer below I will repeat a solution I mentioned earlier in this thread. A solution other game companies have used, and that had better results.
So, other, just as easy to implement, solutions exist, that woulds have had a better impact. They chose a poor one.

So then what's the solution since you're so smart? How does SE deal with this issue of charge backs n such?

And I don't want hear the typical "not my job to figure it out".

Oh and before you twist this (as you do often) I've never once stated their current course of action is good or bad. So I don't want to see another "oh yur defending everything" lie here either

A better solution?
Here is one of my earlier posts.

I am saying their error is choosing the wrong solution.

In this case. Consider instead simply restricting the ability to purchase gifts to those accounts that have had a OTP for at least 30 days.

Sure, new accounts are restricted from gifting. But the ability for Streamers, Content Creators, FC leaders and RP social hub operators to continue their prize systems, and other use of gifts, would continue unhindered.

It would also solve the 'account got hacked and used for RMT' issue

As OTP and 2FA have proven the single most effective defense against such things.

SE chose a poor solution that carries negative effects, both for them, and for the players.

That solution requires less coding ti implement, and would provide superior protections to SE against hacked accounts being used for RMT

[IkaraGreydancer]

You are wrong.
It IS a mistake
You spoke about the 'easiest ti implement solution.
But they took down the shop while working on this solution. Which means they paused the issue to give themselves time.
Hell, In my response to Ikara Greydancer below I will repeat a solution I mentioned earlier in this thread. A solution other game companies have used, and that had better results.
So, other, just as easy to implement, solutions exist, that woulds have had a better impact. They chose a poor one.



A better solution?
Here is one of my earlier posts.


That solution requires less coding ti implement, and would provide superior protections to SE against hacked accounts being used for RMT

Maybe I'm understanding you wrong but how does that put a stop to exciting longstanding accounts from doing this?

[KremlinKOA]

Maybe I'm understanding you wrong but how does that put a stop to exciting longstanding accounts from doing this?

Okay, fair question, as I didn't make that part explicit.

It works in 2 parts.

1: Those RMTers who acquire their dodgy codes through hacked accounts will be stopped immediately, as OTP/2FA accounts don't get hacked readily enough for it to be practical.
2: As for those using stolen Credit Cards on their own account. Being able to track where the gifts went, means as soon as a chargeback occurs, the account gets banned. Which means to get a new account going, they need to
--A: Buy a new copy of FF14.
--B: Buy a new phone SIM card (Yeah we can link phone numbers to accounts, after all)
--C: C buy a month of Subscription time
--D: Wait 30 days before being able to send out new gifts.
These costs, and delays, are designed to move the setup from 'profitable' to 'unprofitable' and encourage the RMT CC faudsters to use another game as their laundry.

In the end, it's all about making friction to discourage people from using FF!$ as their method to clean their stolen money.

But best solutions will putr more friction on the fraudsters than on honest players.

[IkaraGreydancer]

Okay, fair question, as I didn't make that part explicit.

It works in 2 parts.

1: Those RMTers who acquire their dodgy codes through hacked accounts will be stopped immediately, as OTP/2FA accounts don't get hacked readily enough for it to be practical.
2: As for those using stolen Credit Cards on their own account. Being able to track where the gifts went, means as soon as a chargeback occurs, the account gets banned. Which means to get a new account going, they need to
--A: Buy a new copy of FF14.
--B: Buy a new phone SIM card (Yeah we can link phone numbers to accounts, after all)
--C: C buy a month of Subscription time
--D: Wait 30 days before being able to send out new gifts.
These costs, and delays, are designed to move the setup from 'profitable' to 'unprofitable' and encourage the RMT CC faudsters to use another game as their laundry.

In the end, it's all about making friction to discourage people from using FF!$ as their method to clean their stolen money.

But best solutions will putr more friction on the fraudsters than on honest players.

Huh I see. That does sound like a solid choice to make. Ofc we wouldn't know 100% that it'd do the trick but I'd say it's worth a shot. The current move feels more like a placeholder decision til they have a more solid plan. Can't say I'd like to be getting hit with chargebacks like that lol

Also I meant to say existing not exciting xD

[KremlinKOA]

Huh I see. That does sound like a solid choice to make. Ofc we wouldn't know 100% that it'd do the trick but I'd say it's worth a shot. The current move feels more like a placeholder decision til they have a more solid plan. Can't say I'd like to be getting hit with chargebacks like that lol

Also I meant to say existing not exciting xD

Not 100%, but this wasn't me being insightful or original.
I cribbed this idea from things other game companies did that was effective.
So it should be effective here.

[Jojoya]

Okay, fair question, as I didn't make that part explicit.

It works in 2 parts.

1: Those RMTers who acquire their dodgy codes through hacked accounts will be stopped immediately, as OTP/2FA accounts don't get hacked readily enough for it to be practical.
2: As for those using stolen Credit Cards on their own account. Being able to track where the gifts went, means as soon as a chargeback occurs, the account gets banned. Which means to get a new account going, they need to
--A: Buy a new copy of FF14.
--B: Buy a new phone SIM card (Yeah we can link phone numbers to accounts, after all)
--C: C buy a month of Subscription time
--D: Wait 30 days before being able to send out new gifts.
These costs, and delays, are designed to move the setup from 'profitable' to 'unprofitable' and encourage the RMT CC faudsters to use another game as their laundry.

In the end, it's all about making friction to discourage people from using FF!$ as their method to clean their stolen money.

But best solutions will putr more friction on the fraudsters than on honest players.

The phishing scams exist precisely to have a way to get into accounts protected by OTP/2FA. We see players fall victim to those frequently.

I don't know if it's still required but at one time the cash shop was requiring account verification to get entered twice - once to select items to be purchased then again to make the purchase. As annoying as it is to players trying to make a purchase, it does prevent fraudulent purchases from being made on a compromised account with OTP. The thief might get in the first time but the OTP would no longer be valid by the second time it has to be entered.

Without a second verification needed, it's easy for the thief for load up a cart, move to the account verification page and wait for the dumb player to enter their information into the phsihing website to capture and enter into the purchase website.

The credit card and retail industries together need to step back and see what can be done to get compromised payment methods under control. So much gets done online today that it's hard to say if any of them are properly identifying anyone. Should all payment methods themselves now requires OTP/2FA for all online transactions? The 3 digit CVN they tend to rely on for credit card transactions is not truly a form of identification. It's merely confirmation that someone knows the number for that particular credit card number and not that they have possession of the card or are the card's actual account holder.

That brings up the question of how all these fraudulent credit card transactions are occurring in the first place (assuming it's credit card and not other payment types at the root of the problem). While databases are storing the payment information, they should not be storing the CVN. How are payments getting initially approved for online transactions if the correct CVN isn't being submitted?

[KremlinKOA]

The phishing scams exist precisely to have a way to get into accounts protected by OTP/2FA. We see players fall victim to those frequently.

I don't know if it's still required but at one time the cash shop was requiring account verification to get entered twice - once to select items to be purchased then again to make the purchase. As annoying as it is to players trying to make a purchase, it does prevent fraudulent purchases from being made on a compromised account with OTP. The thief might get in the first time but the OTP would no longer be valid by the second time it has to be entered.

Without a second verification needed, it's easy for the thief for load up a cart, move to the account verification page and wait for the dumb player to enter their information into the phsihing website to capture and enter into the purchase website.

The credit card and retail industries together need to step back and see what can be done to get compromised payment methods under control. So much gets done online today that it's hard to say if any of them are properly identifying anyone. Should all payment methods themselves now requires OTP/2FA for all online transactions? The 3 digit CVN they tend to rely on for credit card transactions is not truly a form of identification. It's merely confirmation that someone knows the number for that particular credit card number and not that they have possession of the card or are the card's actual account holder.

That brings up the question of how all these fraudulent credit card transactions are occurring in the first place (assuming it's credit card and not other payment types at the root of the problem). While databases are storing the payment information, they should not be storing the CVN. How are payments getting initially approved for online transactions if the correct CVN isn't being submitted?

Those Phishing sites you mentioned? They can be designed to get CVNs

The scams are usually around falsely claiming debts and guiding the victim to the phishing site to 'pay what you owe' by credit card.
Since such transactions would expect the CVN they can put a request for it in the website. BTW am Providing this level of detail about the scams to help readers defend against them but hopefully not enough detail to let someone run one.

Interestingly, my suggestion provides a defense against that, because it gives the card owner 30 days to realize they were scammed, and report their card stolen.

[Shibi]

I'm curious how gift cards work? I've use time cards and sent the code to a friend and have done that quite a bit but with gift cards it seems they want the persons email to send it directly to them. Are there gift cards where you simply get a code like a time card that you can dm in game or on discord etc. I prefer not to be asking for personal emails and so on.

Paysafecard maybe. You can paste a 16 digit code to someone, and they can redeem the code and get the cash.

I say maybe, as I have to try it and see if the unregistered account can buy on the store.

I don't know if it's still required but at one time the cash shop was requiring account verification to get entered twice - once to select items to be purchased then again to make the purchase. As annoying as it is to players trying to make a purchase, it does prevent fraudulent purchases from being made on a compromised account with OTP. The thief might get in the first time but the OTP would no longer be valid by the second time it has to be entered.

Yes, you are asked for the password again, but it's more...

Unless it's different for NA players, there is no option in the cash shop to save a card number. Every single buy you need to manually enter your credit card, name, expiry date and cvv. This is verified by the payment processor in an Interstitial screen - In my case, I see my own bank's falcon site appear after I enter the details and press continue

[DPZ2]

Unless it's different for NA players, there is no option in the cash shop to save a card number

NA mog store is the same.

[Shibi]

NA mog store is the same.

ty

So, it seems the suggestion "using phished FF accounts to buy codes" and "there was a hack on ff accounts using common passwords" are moot for code buying. (although valid for gil stealing)

Leaves it as stolen credit cards from Gramps Jones in Tennessee who believed the nice man from microsoft was going to fix his computer online - or companies like AT&T being hacked and their payment databases being stolen.