Junior Member
Join Date: Aug 2017
Posts: 1
|
This is the 3rd time I ask this question and it somehow always vanish into the ether, without even a moderator response, if one is warranted.
In case I don't see my post nor have a response I would have to consider this is silent censorship and post elsewhere with a description of what happened. I have seen on your CC card payment page all the things you don't want to do (PayPal etc ) and you ask a LOT of personal information (personal phone X and such) on top of asking about the credit card details. You don't give any information about how these informations are processed or secured : - Who is your credit card processor ? - Do you store credit card information on your systems ? - If yes are you PCI compliant (https://www.pcisecuritystandards.org) - Are all payment and personal informations encrypted and salted ? Thanks a lot for your answers |
#1 |
Senior Member
Join Date: Oct 2011
Posts: 6,793
|
Sorry man, first posts require mod approval and lots of folks were gone for GenCon. It's normal for us to take a couple days rest after, too. I'll flag your question for someone more knowledgeable than I to answer.
|
#2 |
Senior Member
Lone Wolf Staff
Join Date: May 2005
Posts: 8,232
|
As we posted prominently here on the forums and elsewhere, nearly the entire company spent the past two weeks scrambling to get ready for GenCon, at GenCon, and then digging out after returning home from GenCon. So nobody has been actively monitoring the forums for new members that required approval of their first post. Due to major issues with spammers in the past, we long ago switched to requiring that first posts be approved by a moderator, but there was nobody to see and approve your posts this past week. Your timing was just right - in the exactly wrong way.
To answer your questions... Our bank and credit card processor are both among the largest in the US. We've been with both for almost 20 years now, and we've never had any issues with either during that time. Your credit card information gets captured and transmitted by our server, but it never actually gets stored on our server. We pass it directly through to the credit card processor and only store transaction codes given to us by the processor. So there's nothing kept on our server that can be compromised regarding your credit card details. Even though we don't keep any credit card details on our server, we still strive to maintain PCI compliance. Just out of an abundance of caution. You mentioned phone numbers, so I'll comment on that. We ask for a phone number so that we can resolve any issues that may arise for users during the purchase process and immediately following. Either a work or personal number will suffice - we only need one of them. Over the years, having the phone number has been invaluable on a regular basis, especially with chargebacks. The number of wives/mothers that I have personally spoken to regarding the uncommunicated purchases of our products by their husbands/teenagers is astounding. Once they realize it's for "those games they play", everything is fine, and it avoids the complications of terminating licenses/accounts for everyone involved. Information like names and order history are neither encrypted nor salted, as we need to be able to quickly look up account information using those details for support queries and the like. None of that information is typically considered sensitive, so I assume that's not your concern. You're probably referring to identifying information that is typically captured with credit card payments, which we don't store anywhere. That said, passwords and similar types of information are absolutely encrypted and salted. Hope this helps! |
#3 |
Senior Member
Join Date: May 2013
Posts: 1,458
|
Asking for a phone number is not uncommon. Several other sites through which I've made purchases have also required phone numbers.
|
#4 |
Senior Member
Join Date: Oct 2014
Location: Chicago, IL
Posts: 1,690
|
I've coded quite a few ecommerce sites. Asking for a contact phone number is considered a best practice. Even sites where no physical good is being sold there might be a problem with the transaction after the payment is processed that requires contacting the purchaser.
Anyone worried about identity theft based around giving out of their phone # is a tad paranoid. my Realm Works videos https://www.youtube.com/channel/UCZU...4DwXXkvmBXQ9Yw |
#5 |
|
|