Jump to content

I guess I'm paranoid, but why does Second Life have to have us re-verify our credit information?


Rufferta
 Share

Recommended Posts

I've been getting warnings about 'phishing' scams on Second Life, so when I got an email that said it was from Second Life and that I needed to go in and update my credit information I thought it was a scam. Then I saw that the Second Life Blog said the same thing...

One thing that made me think it was a scam was the comment "small amounts will show up on your credit charges, then disappear..." bit...  I'm sorry, but that doesn't make sense to me.

Can someone please explain?

Link to comment
Share on other sites

I find this to be a bit odd too. Okay, so they have a new payments processing organization ... but why does that mean that we have to reenter the same information? The information is there in their database(s), so why wouldn't LL simply supply that to the new company? Perhaps there is some sort of law or regulation of financial institutions that prevents this? If so, why not tell us that instead of simply demanding that we reenter the data?

And why the sense of urgency? It said "Update Your Second Life Payment Today" ... why does it have to be done all of a sudden TODAY? And obviously if this was the message sent out to all people in Second Life, there are going to be a great many who won't read the message right away or who are on vacation, etc. So what happens to those people? Do they have to jump through a bunch of bureaucratic hoops before they can get back into Second Life again? What kind of slipshod planning is this? Why wasn't the message sent out as of the 7th of July with the request to update "before the end of September" or somesuch? It all seems rather strange to me.

Link to comment
Share on other sites

The message wasn't sent out to all people.  I use PayPal and didn't get it.

I'm not sure why it needs to be done, but I imagine it concerns your privacy and you may have to confirm you want the new company to have this info by doing this.

They want you to do this 'today' so your account can be charged when you need it and you don't forget to do this. 

It is important if your premium or pay tier.  If you don't update this in a timely manner you could fall behind on your premium fee or tier payment if your Credit card won't go through.  Depending on how long it takes you to correct the problem your account could be suspended.

If you don't owe anything to LL on a regular basis, it will certainly be an inconvenience if you need to buy L's to pay rent or buy something in a hurry.  Again, you will have to do this before a transaction can go though.

This isn't slip shod planning.  They are giving you a timely warning to avoid any problems you may have if you don't update promptly.  I think you are over reacting.

Link to comment
Share on other sites

I find it very strange as well.

I've carried out transactions recently with the credit card details as they are entered in the system, so I know that they have the correct details, and LL know they have the correct details.

If there is a valid reason for me to delete an existing functional payment method and enter exactly the same details again, the blog posting fails to provide it.

As the OP noted ... phishing scams are rife. My initial reaction to the email was that this was a phishing scam. The lack of information in the 'official blog post' didn't reassure me. I had to come to the forums to see a post from LL to actually believe that this was a real request.

And Amethyst ... failure to properly communicate with your customers IS slip-shod. As you noted, you don't know why it's being done, so your post wasn't terribly constructive and the last line can be construed as insulting. I would expect better from someone who's been around as long as you.

 

 

 

Link to comment
Share on other sites

I stand by my statement.

You can sign in to the official web site youself rather than clicking a link if you think it might be a phishing scam.  That's the number one recommended way of avoiding ANY phishing scam purporting to take you to an official SL or MP web site. 

I may not know the exact reason, but I am pretty sure LL isn't doing this just to see if they can make you do something or just for grins.  I'm sure there is a legitimate reason to do this. I've had to do it on other web sites that I use my card to make bill payments when they have changed their payment system.  So it isn't that uncommon.

If you have to know the reason, call billing.  You don't have to be premium to do this.  If you don't like their reason, just don't do it and take the risk of having a purchase of $Ls or an automatic charge go through.

Link to comment
Share on other sites

Thanks Wayne, I appreciate your comment. The thing is, Amethyst occupies two of the rental parcels on the mainland sim that I own. Therefore, if I should have any problems with Linden Labs getting their precious tier payment on time, her own interests could be threatened as well. This may account for the tone of her reply. A great deal of people's behavior depends on "whose ox is being gored". In any event, she's been renting from me for years and I'm not about to get upset over one comment. At my age, it seems to me that the things people SAY matter a whole lot less than the things people DO.

Also perhaps due to my age, I like to be cautious, and that may well be why I have never been the victim of any kind of scam, phishing, virus, trojan, or what have you, even though I've been online for twenty-five years. I would say that being cautious is generally a good thing; that's why I made my initial comment in this thread and it's why I'm watching developments very carefully before I comply with this request from Linden Labs.

I just WISH they had had the courtesy to be more forthcoming with reasons and explanations and in general would be a little more concerned with us and how we feel about things. However, I've been in Second Life long enough to have seen other instances where LL have acted in a similarly cavalier fashion. As Kurt Vonnegut said, "so it goes".

Link to comment
Share on other sites


Amethyst Jetaime wrote:

The message wasn't sent out to all people.  I use PayPal and didn't get it.

The blog post says you won't (although maybe that text was added after your post?).

Credit cards are payment info for several of my accounts. So far, only one got the email, and that was just last night. Not sure why that particular one first (or only); it's neither the most nor least active, although come to think of it, it might be the one for which I most recently updated payment info before now.

Personally, I would have much preferred that the email only give instructions for updating the info, with no clickable links in the message at all. The links looked moderately scary -- some encrypted message traceback, I suppose -- but they are to hosts in the secondlife.com domain. (Not very smart, though, as the super-secret link code still takes you to whichever account your browser is currently logged into, not the one the message is about.)

The real problem is that LL should not be training folks to click on email links. Especially now, they should know better -- and I suspect they do. That is, I suspect they simply contracted-out to the lowest-cost payment processor, and this is just how they do.

Link to comment
Share on other sites

Like anyone else commenting here, I don't speak for Linden Lab, but I do deal with corporate billing systems from the other side, so maybe I can shed some light. All of the below is hypothetical and any similarities between this post and reality are purely accidental.

Oftentimes when a service (like LL) uses a payment processor (company x), the processor holds onto the 'keys'. Most of the functional liability regarding billing is storing customer payment information securely. Depending on locale, transmission of payment data may be done under very strict regulation and international service providers have to meet all of these region-specific rules, as well as a whole pile of legal obligations (detection of fraud, money laundering, etc etc).

When payment processors change (from company x to company y), it can be prohibitive (for legal, technical or cost reasons) to transfer this secure data between systems. It can open up additional risk or add extra opportunities for bad guys to sneak through without being detected (has the original data been scrutinised to company y's standards?). The result is that the old data can be safely disposed of, and new data can be vetted 'one at a time' as users re-submit their data. At no point in time does company x have to figure out how to transmit a whole tonne of highly sensitive data to company y, and no new liability or responsibility is assumed, while the safety of customer data is preserved.

It would be highly unusual for any company to go into high levels of detail about their financial systems, I don't know where this expectation comes from. All it would do is give additional ammunition to people who might seek to exploit the userbase and your data would not be more protected even if you were able to understand in detail.

Take precautions, and never follow Emailed links. Check and verify certs as you go, and only hand over data when you're happy to assume the potential risk - this is all Internets 101 and does help, whereas the explanation does not.

Off-topic: I don't see anything overly personal in Amethyst's posts, her tone matches most of the other posts I've seen here when she's being informative and would find it quite out-of-character for her to have deliberately included personal negative commentary to her response to you. Just my thoughts. :)

Link to comment
Share on other sites

I am HIGHLY suspicious of ANYTHING Linden Lab does. What it comes down to is are you going to listen to your feelings and make your mind up yourself or listen to Linden Lab's sheep on this forum, most I trust less than Linden Lab. Luckily for me my quarterly membership just got renewed last week, so I have until after Thanksgiving to decide to update my info. My real hope is that when the cluster abombination called Sansar is released, most of the sheep will wander over there.

Link to comment
Share on other sites


Qie Niangao wrote:

The real problem is that LL should not be training folks to click on email links. Especially now, they should know better -- and I suspect they do. That is, I suspect they simply contracted-out to the lowest-cost payment processor, and this is just how they do.


I agree.

I've received e-mails from my bank and from my credit card providers stating that they will NEVER post links in their e-mails, so if I get an e-mail from them with a link in it, it's a scam.

This is just poor form on LL's part.

Link to comment
Share on other sites

I jus did not  get  any notice about,  I  ONLY KNOW  IN  ONE  DAY    THEY SOLD  my land   in an  auction:(((((

and  MORE, i can't  log in,    it is  show..... my  account is  in HOLD:(              what  does  means>> IF  I  CAN'T ENTER, HOW  I   caN    do  what    THEY  WANT????  PLUS   I  HAVE  A  LOT  MONEY THERE,       SHOULD O  LOOSE    it???

 were   7  years, I     HAD  premium  account,............ so not   so  fair    WHICH  THEY  DID

  so.....   LINDEN,    stolen  my  money?????

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...