IRC log: discussion of the billing issues with Danu

[LaughingOtter]

They had issues with the current system that were causing double charges and pre-charges etc.

As Ophelea noted, those issues resulted from the actions of iPay and had almost all been resolved. An update to the game client which would have resolved those issues altogether was ready, but due to the sale, it never had a chance to go live. So, while that may have been a factor, I don't think that's the whole story.

Addendum: I was looking over EI's site to see if there was anything posted regarding this issue, and this caught my eye:

Michael currently operates E I Interactive's game subscription systems, provides billing support of E I's game subscribers, handles direct collections of receivables, and has implemented a unique collection management system, which provides direct contact with players from with in the game, while they are playing. We believe this is in-game billing-account support and collections process is unique to E I Interactive.

From http://www.eiinteractive.com/team.htm

'Handles direct collections of receivables' - this statement makes it sound like Mr. Gallegos does this himself; in other words, he IS the billing department. The part I find interesting is the 'in-game billing account support and collections', done by 'direct contact with players from within the game'.

Is this seriously stating that Mr. Gallegos chases down past-due players in-game and duns them personally?

[AA0]

As stated by Ophelea, the reason why this had to happen on August 1st was that Pay by touch would not let them continue to use their services without major changes to meet some standards. It is apparent that EI isn't/wasn't capable of meeting that in it, so they rushed out an extremely insecure and down right dangerous version.
Ophelea explains why in that thread, although its scattered a bit.

[Mairynn Nalnair]

and I do believe, that Danu stated it was being worked on.

No need to incite......................

Sorry to say so but irc is a chatting tool no more no less.
What has been said there dosnt realy matter.
If they want to communicate with us do it in the forum.
If they want to tell all the players about important issues do it on the log in page.-

[Peaches]

at least irc is a tool, and gets posted over to here, on the boards.

[Theolaerynn]

I am satisfied that this was not something that was done out of laziness or spite or even total ignorance.

So which is better, doing it out of total ignorance, or doing it with some semblence of understanding?

The entire customer-facing appearance of EI and their actions to date reminds me altogether too much of little kids being caught playing Dress Up in their parents cloths. I just hope they get a clue before we all are the ones who get the spanking.

[Jayne]

Ummm sadly there was a security problem for X amount of hours and still no official response on the forums??? I dont like that. And to say we contact people in game on MP. Sorry, but that doesnt include the whole player base either.

Wouldnt you send an email to all customers stating the situation. And at the very least tell people in game, on boards and IRC? And anyother form of communication..........

[Tokoz]

Ummm sadly there was a security problem for X amount of hours and still no official response on the forums??? I dont like that. And to say we contact people in game on MP. Sorry, but that doesnt include the whole player base either.

Wouldnt you send an email to all customers stating the situation. And at the very least tell people in game, on boards and IRC? And anyother form of communication..........

It was my understanding that that was what was going to happen. In a little while I'll need to be calling my bank. I suggest you get word to as many people as possible and tell them the same.

I promised I would give time. I certainly did not promise on behalf of the player base.

[Jayne]

well luckily I did no updating of any of my accounts. I figured due to the history of paying services that I would wait for the storm to clear. if its not fixed by time my account is due then I guess I wont be playing.

And since I am at work I have no way to notify anyone till this after noon. Hopefully EI notifys them, thats there job and they are able to notify way quicker then we can

[Machivelli]

Isn't there a law that you have to notify customers by X amount of time, that there information may have been compromised? Not sure, but if there is, then EI really, really needs to follow through on this, so they don't land in larger trouble.

"May have been" is extremely vague. Not defending EI in any way shape or form, but was there actually a breach where information was compromised? Having personal/confidential/billing information collected and stored in an unencrypted manner is not in and of itself a breach. It's a dangerous practice that should be avoided at all costs, but it doesn't prove anything.

One more note ... some people around here are saying https (the use of SSL certs) means a site is safe, and that without SSL it is not ... HOGWASH!!! Don't for a second believe that an SSL cert protects your information ... what about the application server, has it been compromised??? SSL only encrypts the data being sent over that puffy little cloud on a network diagram ... it doesn't protect it from being lifted off of the server itself. And there are other ways of achieving encryption at an application level, so don't buy into the notion that https is always secure ... RESEARCH the company and their billing methods before giving them the keys to your money.

[Sledge99]

I guess I fall into that group that believes that EI should do absolutely nothing to any accounts until such time that they deliver a secure, reliable billing process.

Until that happens, all current Horizons should enjoy the world as as expense paid customers.

This change was not of our doing, the billing they put together will most likely cause more harm than good and should they start to cancel accounts due to non-payment, they may wind up with 3 empty worlds.

As the lifeblood of most MMOs is the flow of cash, the due diligence that should have been performed inside the purchase of Horizons appears to have been absent. Free play time for all accounts until this issue is resolved will be a great incentive for EI to get hustling..........

I just recently returned and this situation doesn't give me the warm fuzzies. Perhaps I should have returned to Saga of Ryzom.

[walkerglassmire]

at least irc is a tool, and gets posted over to here, on the boards.

Not that I'm trying to start or even continue any possiable arguements, but:

Yes, IRC is a tool. A communications tool that allows real time conversation. How much information that is vital to every player is NOT posted here on the boards? I can not be in IRC, and have no time to log in and then read the logs later as others have suggested in the past. I admit, yes, IRC is a good tool for some real time conversations. The problem is, the vast majority of the community does not/can not/will not use it. Does that mean that they should not be privy to vital information like this?

Furthermore, I know a LARGE portion of the community, for whatever reason does not read the boards. They are not a viable communication for either for announcemnts of this magnitude. I've been here over 2 years, and it has been only recently I started reading more than the Dragon and Order sections of the forums. I know many that won't even read that much.

Again Peaches, and others, this is not an attack against anyone. I truly admire the work you do here Peaches keeping the forums readable by those of us that don't care to deal with flame wars and such. But, in all honesty, the ONLY place game announcements, ESPECIALLY ones of this magnitude should be, is in Official Release version on the login areas (be it Patcher or the Web Login) and the main community page. Those are the ONLY places that EVERY player would be required to look. If someone ignores an announcement there, it's their own fault.

And as a parting "shot" (definatly not directed at you Peaches), but trying to tell us ANYTHING while in game is, well, I can't actually say what I want to, I'd get banned. Not everyone is in chat rooms, and even using the main system won't get to everyone. I miss main messages all the time when crafting or fighting. And honestly, I'm part of the night crew. Noone official is ever on when I am, and there are people that start later than I do, and STILL are gone again before "regular business hours", so in-game announcemts are worthless.

I think this the longest coherent post I've ever made. I'm going to flee before I start to ramble like normal.

[Hiko]

Not that I'm trying to start or even continue any possiable arguements, but:

Yes, IRC is a tool. A communications tool that allows real time conversation. How much information that is vital to every player is NOT posted here on the boards? I can not be in IRC, and have no time to log in and then read the logs later as others have suggested in the past. I admit, yes, IRC is a good tool for some real time conversations. The problem is, the vast majority of the community does not/can not/will not use it. Does that mean that they should not be privy to vital information like this?

Furthermore, I know a LARGE portion of the community, for whatever reason does not read the boards. They are not a viable communication for either for announcemnts of this magnitude. I've been here over 2 years, and it has been only recently I started reading more than the Dragon and Order sections of the forums. I know many that won't even read that much.

Again Peaches, and others, this is not an attack against anyone. I truly admire the work you do here Peaches keeping the forums readable by those of us that don't care to deal with flame wars and such. But, in all honesty, the ONLY place game announcements, ESPECIALLY ones of this magnitude should be, is in Official Release version on the login areas (be it Patcher or the Web Login) and the main community page. Those are the ONLY places that EVERY player would be required to look. If someone ignores an announcement there, it's their own fault.

And as a parting "shot" (definatly not directed at you Peaches), but trying to tell us ANYTHING while in game is, well, I can't actually say what I want to, I'd get banned. Not everyone is in chat rooms, and even using the main system won't get to everyone. I miss main messages all the time when crafting or fighting. And honestly, I'm part of the night crew. Noone official is ever on when I am, and there are people that start later than I do, and STILL are gone again before "regular business hours", so in-game announcemts are worthless.

I think this the longest coherent post I've ever made. I'm going to flee before I start to ramble like normal.

Now, I used to be in IRC all the time. It was fun, learned stuff, met people etc. However I have a different job nowadays and can't log on. Does it bother me? No. certainly a small portion of the community uses IRC. It should still be used however, because it is an excellent way to communicate. It should not be the only way though I do agree.

(to all people) stop focusing on IRC as if that were the only problem. Not everyone uses the forums either yet you think that should be how information is conveyed?


{Sorry for the horrible rambling post - in a hurry}

[Steelclaw]

One more note ... some people around here are saying https (the use of SSL certs) means a site is safe, and that without SSL it is not ... HOGWASH!!! Don't for a second believe that an SSL cert protects your information ... what about the application server, has it been compromised??? SSL only encrypts the data being sent over that puffy little cloud on a network diagram ... it doesn't protect it from being lifted off of the server itself. And there are other ways of achieving encryption at an application level, so don't buy into the notion that https is always secure ... RESEARCH the company and their billing methods before giving them the keys to your money.

Having an SSL encrypted http session is a NECESSARY factor in having a secured web transaction. Agreed, the server-side security is an issue as well, which is why an https url is not SUFFICIENT for a secure transaction.
(actually, if we define the transaction as "the exchange of financial data between the client and server", then yes, ssl with a valid, signed cert will suffice) That being said, not many companies will divulge the inner workings of their billing infrastructure because they feel it may compromise its security.

Yes, there are other ways of achieving encryption at the application level, however they are not as good as https, which provides endpoint verification (so you know the server you're sending your info to is the one used by the people you want to send it to) and has security checks performed integral to the browser. Yes, you can write a java app or (egh.) javascript, 3rd party plugin... whatever, and encrypt the info over a normal http connection. I will tell you that I've yet to see an implementation like this that I'd trust with my financial info.

Anyway. My idea of a secure system is one which, given the knowledge of how it works, remains secure. Yes, there is no such thing as 100% secure, but the idea here is to make it extremely difficult to get at the financial and personal data -- either so long that the data is no longer valid, so expensive that it costs more to get the data than what its worth, or hard enough that attackers will go somewhere else. Oh yeah. It also helps in the case there is a server breach if the people running it can prove that "we took every precaution to protect your data". (hint: appending my credit card to an unencrypted text file is not 'every precaution')

[walkerglassmire]

Now, I used to be in IRC all the time. It was fun, learned stuff, met people etc. However I have a different job nowadays and can't log on. Does it bother me? No. certainly a small portion of the community uses IRC. It should still be used however, because it is an excellent way to communicate. It should not be the only way though I do agree.

I never said to NOT use IRC, just give the rest of us the same info. While I can poke at the forums a bit at work, I can't IRC.

(to all people) stop focusing on IRC as if that were the only problem. Not everyone uses the forums either yet you think that should be how information is conveyed?

<tries to pull out of the all people group> Nope, login page. That's the ticket right there.

{Sorry for the horrible rambling post - in a hurry}

heh A LOT more coherent than mine usually are. You didn't forget your train of though half way through like I normally end up doing. Dang slow fingers.

[LaughingOtter]

Using only one method of communication, no matter what it is, is bad. This conversation happened in IRC. It could have been conducted on the forum, or taken place in-game, the content would still be the same.

I do not think EI should rely on any one method of communication; they should use them all in an appropriate manner. The only option I consider unacceptable is continuing to remain silent.

[Jayne]

True as I stated in another thread all available modes of communication should be used and if its a real important issue then we should be emailed directly. But as said by all mens use game, irc, and Boards. And even still not everyone would get those three modes

[Theros Ironfeld]

Due to the diff time zones those of us who reside on the southern half of the world are unable to join irc conversations ( these take place between 2-4 am our time ) same goes for the in game talk.
As it stands the only way to communicate issues with us is email or here on the forum and/or news/login page.
As I stated in another thread a bit of P.R and customer relations goes a long way which so far is sadly lacking.
While is was a nice touch being able to communicate with one user via landline that option is also closed to us.
We need to hear this information first hand from the powers here ( forums/login/news page) and via email and we need to hear it soon.

[Alpion]

Apparently there must be some holiday going on in Butte, Montana because I called every number on their contact list and not one person answered. I left a voice message with my telephone number to have my call returned, and have not received one still. Are they avoiding us? Sure feels like it. I guess I can avoid them too by not paying them if this is how they handle business.

[Shiroc]

(21:41:04) DANU_EI: Plink maybe you should find a nother game

This statement utterly shocks me. You simply do not tell your customers off like that lol. Sure, Plink was acting out of line somewhat but their are other ways to approach that. I dont care if your in IRC or some other "meaningless" chat, you dont tell your customers to play another game. If you say that to a paying customer at any company, you deserved to be promoted to "Customer".

Key word for EI is Communication, and they are failing. If this is not fixed within a week the game is going to lose at least a quarter of its subscribers (due to just frusteration and heartache) and new customers will steer way clear. People are in an uproar and EI HAS to respond quickly to deliver customer satisfaction. Danu should not be allowed anywhere near his customers in my personal opinion, he cannot communicate to people correctly. I hope, hope he apologized to this person and that they hire or have someone else who knows how to give customer service.

I am very disheartened to see what is happening, this is such a great game and the community is one of the best, to see this is just terrible. Horizons was finally starting to see a light and now its heading for a darkness that it may not return from =/

[Velea]

So let me see if I understand this right....

Some people are defending EII for making a "mistake" by potentially releasing their financial information, and personal information such as home address etc, as "give them time" yet crucifying Tulga for trying to work with a system that makes their billing company compliant with federal government standards?

Some people are defending EII for telling a player to "go play another game" because it makes it ok that the company president then called said player and spoke with him by phone for a little while afterwards? (Can no one see that DANU was completely trying to pacify ONE customer who was speaking out for all of us so that this one person would shut up?) I've got a LONG list of issues with EII, and they haven't called me yet.

Some people are forgiving EII for not communicating this massive breach of security to the whole of the player base because they talked about it in game and in IRC? (Course some of these same people are the ones who said that IRC was basically the root of all evil when Tulga developers spent time in IRC.)

You slap Tulga with one hand while the other shakes hands and give flowers to EII all because EII is the "new guy".

Oh, and I'm sure that my post is going to be dismissed as coming from someone who....how was it phrased? Was "bitter and angry for having been fired"? Just to clarify to that person... I was not fired. I never worked for Tulga. I was a player who volunteered to do extra work just like many others who have interned at Tulga at one time or another.

Please note that I am writing this post nearly 24 hours AFTER DANU has said "Oh yes, we know about this problem. We have taken the page down." and yet I literally JUST went the page to find it still active and still unsecure. (http://horizons.eiinteractive.com/account_update.htm)

Any information you submit through there WILL be vulnerable to being intercepted by people who are specifically trained to look for just such information. Your address, your first and last name, your account information ALL is being transfered STILL over an unsecure connection. You follow the links past that and if you chose to pay by credit card, it then asks you to mail by regular mail the form to them. A form which asks for your CCV code. It is ILLEGAL for them to ask for this code. That code is your way of "signing" an online credit card statement. If you are printing out the form and MAILING it to them, you sign something authorizing the charges. When you make a purchase online, the company you are purchasing from should NEVER see your CCV code. It is sent encrypted for verification purposes only.

I am saddened and disheartened that people are defending EII for truly horrendous business practices. Many of these same people that would be the first to condemn the changes mandated by the federal government to bring them in to compliance when Tulga tried to do so simply makes me shake my head in sadness.

Ultimately I urge everyone considering sending ANY form of payment to EII to please do some research on keeping your identity safe online. You will find that even asking for your home address, real name, etc, on an unsecure page is something you should NEVER do. But what EII is asking you to do goes much further than that.

Consider carefully how much respect and trust to give them. I know how I'm answering that question.