Hi everyone,

We are aware of player concerns over payment security on gamesas.com.

Rest assured that all financial transactions and sensitive data on gamesas.com use an approved, PCI-compliant, fully-secure payment technology including HTTPS/SSL inside the store frame, regardless of the parent URL displayed in the browser.

Please also note that, per PCI standards and industry best practices, our payment partner GameSpy never stores your credit card details, but instead securely registers them with one of the largest and most secure credit card gateways and card issuers in the world, so there is no opportunity for ‘hacking’ this data from either Crytek or GameSpy.

Thank you,
EA/Crytek

That sounds great, but it would be even more secure if there was nothing to steal. Having the option not to save credit card information on the server would make a lot of people feel better.

Thank you for that well needed explanation about security. We do, however, need an option to remove the info if one wishes to do so.

I prefer Paypal. Or simple just be able to buy these packs on Steam, for example.

Thank you for that well needed explanation about security. We do, however, need an option to remove the info if one wishes to do so.
Exactly what he said xD

That does not change the fact that there is currently no option to refuse gamesas from retaining my credit card info, and no matter how secure you feel your system is, that will never replace the peace of mind that I would have when I know that I did not allow the site to retain my payment info. Further more you should want to put an option in there to allow for that, because if something were to happen it would put us the customers in a VERY actionable position. It would be a shame if EA or CRYTEK were on the receiving end of a lawsuit just because you wanted to save a few dollars and refuse us the option of not saving our credit card info. Until this is changed I have altered my saved info to prevent any hacker wannabes from using my info.

Yours truly,
Daffy D Duck
8675309 Crytek Blows Ave
EA SUX CO, 80203

Thank you and have a crappy tomorrow!

Hi everyone,

We are aware of player concerns over payment security on gamesas.com.

Rest assured that all financial transactions and sensitive data on gamesas.com use an approved, PCI-compliant, fully-secure payment technology including HTTPS/SSL inside the store frame, regardless of the parent URL displayed in the browser.

Please also note that, per PCI standards and industry best practices, our payment partner GameSpy never stores your credit card details, but instead securely registers them with one of the largest and most secure credit card gateways and card issuers in the world, so there is no opportunity for ‘hacking’ this data from either Crytek or GameSpy.

Thank you,
EA/Crytek

I have to disagree!
PCI DSS 2.0 Requirement 4.1.e Testing Procedures says clearly:
"For SSL/TLS implementation: *Verify that HTTS appears as a part of the browser Universal Locator (URL)."

That means any Website that has no HTTPS in the URL cannot by PCI DSS 2.0 compliant!

The idea behind that requirement is: that the cardholder can verify by himself, on which website his data is send to. If you use frame technology a customer does not see where the data is going and whether this is done on a secure way or not. This opens a weakness in the security chain. It is very simple to attack a HTTP site rather than a HTTPS site!

Just for the understanding: I worked now for more than 3 years as a certified PCI DSS auditor.

Best regards

L1belle

So in other words, "its a secure payment method...trust us" Right? Sorry I dont know you, and there are people in my own family I wouldnt trust with my credit card info!

sorry tom, i verify again now.

When ask "add a credit card", website mode is HTTP only.

sorry, but open your eyes.

I can't write my card number if no encryption.

say it's secured is very bad for you, learn security https before say such nonsense

http://www.gamesas.com/addcard/ url when i want add a card, this url work fine, but not https, sorry

Why this adress exist in http if need https ? learn about it cry_tom. clic on it and search why.

try https://www.gamesas.com/addcard/ , don't match, sorry, it's not secured and all paiement are not
secured, number card wanders freely on the net

Still don't trust it in any way - if the creditcard is the only payment-method, I'll NEVER trust it. Add Paypal and a few other ways to pay and THEN we can talk about purchasing DLC.

So in other words, "its a secure payment method...trust us" Right? Sorry I dont know you, and there are people in my own family I wouldnt trust with my credit card info!

I've had a look, the frame is secure but what's outside it (the actual page and other stuff) isn't.



This means a hacker can attack the page and bring it down or manipulate it, but won't be able to get your card details too easy as that's what's encrypted.

However it is a slight security issue, full https for the entire store page would be a much better reassurance however it's not as bad as the scaremongers are making out.

thanks for sharing that n00binator.

No PayPal, no DLC for me...

we don't wanna give ya money

Just to add to my last post, you can run the frame itself in it's own window as https

Example:

https://crysis2pc.d2gstore.gamespy.com/Cards/Cards.aspx

The only problem is you will still get an only partially encrypted error in your browser due to the fact the images are not encrypted (which is fault of direct2drive). If you block all images from being displayed and restart your browser you get a fully secured connection.

Not everyone has a creditcard. I think it's stupid just to offer one payment method.

sorry tom, i verify again now.

When ask "add a credit card", website mode is HTTP only.

sorry, but open your eyes.

I can't write my card number if no encryption.

say it's secured is very bad for you, learn security https before say such nonsense

http://www.gamesas.com/addcard/ url when i want add a card, this url work fine, but not https, sorry

Why this adress exist in http if need https ? learn about it cry_tom. clic on it and search why.

try https://www.gamesas.com/addcard/ , don't match, sorry, it's not secured and all paiement are not
secured, number card wanders freely on the net

Can t you understand this adress is just the global page adress ???? If you re looking code, all the store data are into an Iframe calling an HTTPS adress.

No way I give away all these informations for 4 cards, which are too expensive btw. I would go to the store and buy it there, but that's not possible. Great! I really wanted to buy that dlc =(

crytek, would you kindly.,. make this DLC purchasable in EA store?

like other EA games as BFBC2 and MOH map packs?

It would be much more accessible for me and lot of others alos.

I added my credit card to 2 different accounts and still cant purchase the DLC!!!

I also would love the option to erase my credit card from the store.

As for now i just modify the expiry date my name and address after any transaction to protect my identity !

Yeah, it's even worse for people that have/use "Debit Cards" .. Unlike Credit Cards, you could have your account wiped clean, regardless of your security options, "NOTHING" is 100% full proof, nothing! I don't use CreditCards, I only use my Debit Card.

I guess the ONLY secure thing to do is go purchase a "pre-paid credit card" and put $10.00 on it, that way it does'nt matter, but some online sites won't accept them and some do. Problem with the "pre-paid" ones is "filling in the shipping/billing address info", you have to call them first and setup that all up, then use it, and thats a big hairy pain in the arse.

yeah it's safe when no hackers leak the server )

So you reply to this, but not to the people who cant purchase it?

Nice Priorities their Crytek.. round of applause anyone? no good.

.
. ITS DEJA VU ALL OVER AGAIN
.
“We know that some people have been playing with an unfair advantage in the Crysis 2 demo. Rest assured that although the demo does not have these features installed, our team has been working for some time on various anti-cheat measures that have been introduced for the retail release of Crysis 2.”

"We are aware of player concerns over payment security on gamesas.com. Rest assured that all financial transactions and sensitive data on gamesas.com use an approved, PCI-compliant, fully-secure payment technology including HTTPS/SSL inside the store frame, regardless of the parent URL displayed in the browser."

Feel secure?