Diablo 3 Real-Money Auction House: Blizzard Outlines Security Process
Clarifying the conditions of sales and purchases
Blizzard clarifies some of the conditions of sales and purchases in the Diablo 3 Real-Money Auction House.
Blizzard opened the doors to its Diablo 3 Auction House on 12 June and allowed players in the Americas to start selling virtual in-game items for real money.
Players can buy and sell weapons, armour, materials and other loot they find in the game, with a top price of $250 (£159) per item.
Many items were selling for that maximum price early on, causing Forbes.com contributor Paul Tassi to jokingly ask, "Hmm, a virtual amulet or groceries for the month?"
Including an Auction House as an official in-game system - and making it necessary to be always online even when playing single player mode - stops trades taking place on websites such as eBay. Blizzard also charges a 15 percent fee on every transaction, whereas it gets no fee from sales taking place on external sites.
There have reportedly been a few glitches so far, with users accidentally being charged excessive sums for items, causing a Blizzard forum community manager to state:
"We're working to address issues with the auction house that have arisen since the servers were brought back online this morning. In the meantime players may encounter the following issues when attempting to access the auction house."
Issues listed include the disappearance of auction listings that had been live before the maintenance, as well as items that were being bid on no longer showing up under the Auctions tab.
Some gamers also moaned that monsters were not dropping enough high-end items and the only way to get them and proceed into the hardest levels was to pay real money for them.
A hotfix update on 28 June, 2012 increased the drop rates for high-end items for character levels 61-63 in answer to that.
Security
Security is obviously key in any system where real-money is changing hands and Blizzard has put a number of procedures in place to try and protect gamers dabbling in cash sales and purchases.
The system is compatible with a number of approved third-party payment services and those who wish to use PayPal have to sign up for the Battle.net SMS Protect service and enter an additional code sent by text message when making certain transactions.
Players who use the money in their Battle.net Balance to buy and sell items need to attach a physical Authenticator to their computer or use the Battle.net Mobile Authenticator app for Android, iOS and Blackberry.
As part of this security, Blizzard also said it will delay the delivery of some items while it conducts a review of those transactions.
"While we expect a majority of real-money auction house purchases to be delivered to buyers immediately, in some circumstances, we will need to Held items will show as "Processing" until the review is complete," a post on the Diablo 3 official blog said.
We asked to clarify Blizzard to clarify the conditions that might trigger a review and their responses are below:
Can you give me an example where items may be held while you check them? Would this be triggered by excessive costs, such as items selling for a lot of money?
"There are a variety of activities that might trigger a review of the transaction, including payment issues that come up during processing or potential suspicious activity. However, to avoid tipping our hand to those who might abuse our system, we aren't going to go into detail on how we review transactions. Ultimately, our goal is to maintain the integrity of the auction house while ensuring it remains as convenient and fast as possible for our players. We expect the majority of transactions will go through immediately, and of those that we review, most will be reviewed within hours, with some occasionally needing more time to process."
Do you have monitoring/tracking software to look at unusual sales patterns?
"We use a variety of tools to monitor transactions in the real-money auction houses, including monitoring and analysis software."
Why isn't there any support for case-sensitive passwords?
"We are always evaluating different methods of account protection for our players. While we recognise that case-sensitive passwords do provide some protection against brute force attacks, we have other safeguards in place to help guard against these and other, more common forms of Battle.net account compromises. Most cases of Battle.net account compromise occur when a hacker obtains a player's password directly - often as a result of keyloggers, phishing attempts, and especially the use of the same password on multiple websites - none of which are deterred by case-sensitive passwords.
"With this in mind, we regularly encourage players to use a unique password for their Battle.net account. In addition, we try to educate players on account-compromise tactics as much as possible by providing regular security reminders and hosting a wide variety of thorough security-oriented articles on our websites (such as www.battle.net/security). Also, the Battle.net Authenticator and the free Battle.net Mobile Authenticator app continue to be some of the most effective tools we offer to help players protect their accounts."
True to its word, the Diablo blog has a number of postings about security and authentication and Blizzard offers some "golden rules" all internet users should follow:
- Never give out your account information: even sharing your details with a family member, friend, or another player is an easy way to lose control of who has access to your account and increase the risk of compromise.
- Practice good email and password security: ensuring that your registered email address is secure is a very important part of keeping your account secure. A user's registered email address functions as their Battle.net account name and Blizzard suggests creating a unique email address and using a different password from any other online service.
- Be mindful of phishing scams: these are designed to trick you into giving out your account information and will often pretend to come from Blizzard employees, as emails or in-game messages. They may also contain links to malicious sites that steal your details so be cautious what you click on and when.
© Copyright IBTimes 2024. All rights reserved.