This morning I was greeted by a peculiar email, one that even now I must say has me feeling like one of Raymond Stantz's fictitious peers whilst I ask: "What did you do now, Ray?" The email, was simple enough as it was a sort of digital receipt for Blizzard's various character services. The specific service in question was a paid character transfer to another realm complete with a faction change. In short, they had moved a character to a separate server and enabled an option of changing it's race.
Now, I'll admit it is a legitimate service, one many people take advantage of all the time. The crux of my problem was that I never placed the order to move my character, never would have and that I never received any form of request for authorization/permission. I recently logged into my account from a different machine on my home network and my account was temporarily locked and I was prompted to change my password as a security precaution. A minor inconvenience that I believed meant Blizzard was serious about protecting player's accounts. Even when I changed my password I received an official email to confirm the matter.
How is it then that a secure account, only used on a secure dedicated machine is not only accessed but able to purchase character services like server moves etc. without even a prompt for approval or so much as a flag for logging in from a separate ip(not to mention mac address)? Is this a company who's only interest in security is the illusion thereof and placing the blame on players? Cause all I generally see on the issue is a firm finger of blame citing a player must of compromised their account. Seriously, every possible explanation they cite revolves around a user either being insecure, ignorant, or partaking in questionable practices. At no point have I found anything that speaks to situations like myself and some peers have encountered where secure and careful folks are finding their accounts compromised somehow through no fault of their own.
All I know is that I try to keep my account as secure as I can, and with all I know about such matters I can only see a few ways this sort of thing can happen. Either somehow account names are being found or generated randomly and then their passwords somehow cracked. Or, and this may paint me somewhat paranoid, somehow accounts are being compromised from the other end.
No matter how it happens, security is a big deal, especially when some of these accounts mean years invested in a game and characters. Not to mention the amount of money spent buying software, equipment, game time or even internet bills. What good does it do for a customer to invest in an account and establish safeguards if it is apparently so easy to circumvent, or rather that the company will ignore their own rhetoric and allow anything as long as it is paid for without even establishing where the money is coming from.
I dunno who's credit card was billed in the wee hours this morning for a mysterious $55.00 charge but the only glimmer of hope I can offer is the fact that at least I managed to get the transaction reversed. Even if as the rep suggested it probably was a stolen card. But if company's like Blizzard hope to continue to grow they have got to start not only listening to the people paying them money, but also keep their interests safe and in mind. Otherwise more people's faith will end up faltering like my own.