Forums

Customer Service Requesting Personal & Confidential Information

I am outraged at the fact that customer service representatives are demanding confidential and personal information in emails before tickets will be looked at, forwarded or addressed. I know I am not the only person that thinks this is insane. There are threads all over these forums with similar complaints. I also know almost every other active MMO out there would never demand you provide such details as your name, date of birth & user name in an email. Also, it seems like each CSR I deal with has a different requirement list. There is no consistency. I have corresponded with 4 customer service representatives since early access, due to a bug that wiped my bank items including some imperial bonus items.

For the 1st response to my ticket, the CSR (Ligia) stated:
We are very sorry you are experiencing this issue and will work hard to fix it. But in order to proceed with restoration we will require data confirmation.
- The last 4 digits of your credit card

I complained about this and then received a 2nd response from another CSR (Nicole):
We understand you are missing items from your vault. We're sorry to hear about that. For verification purposes please provide one the following:

Game code
the last four digits of credit card used for purchase
or
The answer to your secret question

One of these validation points is required to make changes to your account.

Once I provided my information, I received no further correspondence. No updates, no ETA, no restore, nothing. After waiting 7 days with no responses, I decided to try the phone support option. I never received the promised call back, but did get this email two days later:
Response By Email (Ambernae) (04/09/2014 10:21 AM)
Greetings!

Thank you for contacting The Elder Scrolls Online Team.

We sincerely apologize for any inconvenience. The next thing we will need to do is verify your account. Please email/contact customer support with the following information:
Both email address:
DOB:
First and Last Name:
Username:
Beta Key Used on Account:
Thank you for your continued interest and support!

Warm Regards,
The Elder Scrolls Online Team
Question Reference # 140407-042746
Not only did the request for PI make me crazy for security reasons, but my questions to support were not even account related, which just infuriated me more (well #3 kinda was). Just for reference, my initial text to this response was as follows:
I have been unable to get a response to my outstanding ticket. I've waited 7 days and no one will answer my questions. The last response was an apology for no response and a promise to escalate the response. That was 2 or 3 days ago and still no response. Ticket #140401-055267.
1) Is it safe to use my bank now or does the bug still exist?
2) Will using my bank now affect the items restored? I am afraid to put anything in it if it means I won’t be able to get my pre-order maps back that disappeared
3) Is there any ETA? If so, what is it?

ZOS, Is this a company policy or just a mistake due to poor training? Why are CSR requesting this information? If such verification is truly needed, why not just ask for the answer to the secret question to prove the account is not stolen? Obtaining someone’s first name, last name & DOB is enough for Identity Theft/Fraud. You’re requesting more personal information that some financial institutions do. This is unacceptable.

«1

Comments

  • djodarsdjodars ✭✭✭
    edited April 10
    Seems to me you're emailing with a hacker and not with Zenimax...

    Edit: Make sure to go through customer support using the official website and not emails directly.

    I must say I laughed at this though:
    Obtaining someone’s first name, last name & DOB is enough for Identity Theft/Fraud.

    Are you saying you can steal anyone's identity on earth because those information can be found freely pretty much anywhere you go lol.
    Post edited by djodars on
    Vokundein
    Legend Gaming Website | Join Us
    djodars - Thrall of Vokundein
    Ebonheart Pack - Imperial Sorcerer
  • this is my problem too. Once long ago on another game i was hacked because I was stupid enought to give out this kind of information to wrong website. I want a full refund because I have been locked out of my account at login screen because of new isp address change debacle. But that's what they ask for, how do I know what to do and whom to trust. So far my experience with ZOS customer has been a nightmare.
  • KerinKorKerinKor ✭✭✭✭✭
    edited April 10
    The 'PI' information they ask for is fine IMO per se to establish you are the account holder, once you've validated the e-mail came from ESO themselves .. hoewever I agree it's entirely unecessary for you to establish ownership of an account since you're asking generic "have fixed your bug-ridden progam' yet type questions.

    I agree with @Djobars, the info requested is totally insufficient for ID theft and anyone trying to 'socially engineer' you is going to ask for damned sight more private information than that anyway.

    The CS rep. saw a ticket number and hit the 'canned reply' button.
    Post edited by KerinKor on
  • My emails are official email responses to in-game ticket submissions. The fact that you stated
    djodars wrote: »
    Seems to me you're emailing with a hacker and not with Zenimax...

    just proves my point. Sounds like someone phishing for information they shouldn't have, doesn't it?

    I didn't even go into the issue of account hacking, but it's just as valid a complaint as mine. Laugh all you want. Health Care Fraud is alive an well in the US and only requires those 2 identifying details. Just because your personal information can be found "anywhere you go" doesn't mean mine can, nor do I want it to be.

  • ArmitasArmitas ✭✭✭✭✭
    edited April 10
    I am not saying your email is legit, but there are legit emails from zeni asking for the same thing. A mod even confirmed it a few days ago. If the email has your ticket number, and specific details as to your ticket, and other info it is more likely that it is legit. The mod said if you had doubts to use the phone service.

    But there is still a problem here, and that is that we don't have a good way to distinguish an email from zeni and an email from a hacker. Because both will be asking for personal details. We are all comfortably familiar with the common claim "X will not ask for any personal information, if you get an email asking for personal information it is not from X". It's a little unnerving not have that safety net.

    In the case of the credit card the last 4 digits is a common practice in determining identity, and would not in it self be enough for a hacker to use.

    Post edited by Armitas on
    Member of the Revenant
  • felixgamingx1felixgamingx1 ✭✭✭✭
    edited April 10
    As long as they don't ask you for your password and SSN don't be alarmed.
    Post edited by felixgamingx1 on
  • There was another thread about this moons ago. This sort of questioning is legit.
  • Is it just me or have most of the reply here completely missed the point?
  • I totally agree...though outraged is a little strong...I find it unnecessary and frankly ripe for abuse. I can bet you eventually we will be tracing ID theft back to this very policy and then they will get sued.
  • SaerydothSaerydoth ✭✭✭✭
    edited April 10
    2 things.

    1) They should not be asking for this type of information for fixes/restorations and things like that, the only time they should ever have to verify your account information is if you are recovering the account from a compromise or doing something like changing the account user ID or email address.

    2) When they DO ask for this type of information, they should not ask for it in email. This is an EXTREME security risk, because unless you know how to check email headers it will be VERY easy for phishers to duplicate these emails and get large percentages of players to give them their account info. For example, Blizzard says their reps will NEVER ask for this type of personal information in an email. Therefore you know that any email that claims to be from "Blizzard support" that asks for it, is fake. Zenimax cannot currently make this claim, the only way to be safe right now is to look at EVERY email you get from them and verify the headers before you reply. They need to make a section on the website where we can view our open tickets and add to them if necessary. An email where they are asking for information shouldn't really say anything other than "your ticket has been updated, please log into the ESO site to view it".

    Hopefully they see how much of a risk it is to handle tickets this way and will make some procedural changes.
    Post edited by Saerydoth on
  • have a point OP, but as long as they aren't asking for passwords of socials you should be ok.
  • TamisanTamisan ✭✭✭✭
  • SaerydothSaerydoth ✭✭✭✭
    have a point OP, but as long as they aren't asking for passwords of socials you should be ok.

    It's really not though. They shouldn't be asking for ANY information in email. The account hackers will love this, all they have to do is copy/paste these emails, spoof the from/reply-to address, and they can easily get anyone's account information that doesn't know how to check headers.

    Blizzard says "we will not ask for any type of confidential information in an email", that way they can say "any emails that ask for this type of information are not from us and are fake".

    You're right in that, this won't really affect tech-savvy people that know how to read email headers. But then again, it is a hassle to have to check the headers on every email we get from support to make sure we aren't sending our information off to hackers. It would be FAR better if we could add the information to our ticket from the support site itself, rather than through email.

  • I wonder if they bothered to actually consult anyone who actually works in computer security to take a look at their set-up. All of this stuff (along with using your login as your in-game ID, wtf) is so counter to everything that we've been told for security's sake over the last ten years.

    Has anyone noticed an increase in spam since putting their tickets in? Just curious if this might be linked, since the support seems to be outsourced. Prior to this, the average for me was maybe 2-4 per hour. After my first ticket response, my spam filter is is now catching upwards of 20 per hour. (I'm not trying to scare anyone or make presumptions; just trying to figure out a logical explanation for this sudden upswing.)
    04/10/14 - Bought digital Imp Edition directly on 3/5/14. Hadn't been able to play since launch.
    Finally got a callback email after 62+ hrs. Asked for a refund. Got a 1-day code instead. -_- Heh.
    Pending decision: one more chance or go stuff yourselves.
  • I wonder if they bothered to actually consult anyone who actually works in computer security to take a look at their set-up. All of this stuff (along with using your login as your in-game ID, wtf) is so counter to everything that we've been told for security's sake over the last ten years.

    Has anyone noticed an increase in spam since putting their tickets in? Just curious if this might be linked, since the support seems to be outsourced. Prior to this, the average for me was maybe 2-4 per hour. After my first ticket response, my spam filter is is now catching upwards of 20 per hour. (I'm not trying to scare anyone or make presumptions; just trying to figure out a logical explanation for this sudden upswing.)

    If it is true that tech support and moderation for the forums has been out sourced then it is very possible that these companies can/have or will sell these details on.
    Not say that they have out sourced but if they have it could explain your increase in spam

  • ElaitheElaithe ✭✭✭
    edited April 10
    Do people not realize that the CSR reps actually have this information already at hand in front of them and are asking YOU to verify it to prove that YOU are YOU?

    Your not giving them anything they don't already have.

    Keep in mind, I don't agree with their practices. I just want to make it clear that this is not new information for them. Asking for it over e-mail is pretty odd though.
    Post edited by Elaithe on
  • scruffycavetrollscruffycavetroll ✭✭✭
    edited April 10
    Saerydoth wrote: »
    have a point OP, but as long as they aren't asking for passwords of socials you should be ok.

    It's really not though. They shouldn't be asking for ANY information in email. The account hackers will love this, all they have to do is copy/paste these emails, spoof the from/reply-to address, and they can easily get anyone's account information that doesn't know how to check headers.

    Blizzard says "we will not ask for any type of confidential information in an email", that way they can say "any emails that ask for this type of information are not from us and are fake".

    You're right in that, this won't really affect tech-savvy people that know how to read email headers. But then again, it is a hassle to have to check the headers on every email we get from support to make sure we aren't sending our information off to hackers. It would be FAR better if we could add the information to our ticket from the support site itself, rather than through email.

    if you've EVER bought anything online, your info is out there, if you bought anything at TARGET over the past holiday, your info is out there...this game doesn't matter. i'm not justifying it, and this is a terrible practice they have, but let's be honest, almost everyone's info is out there already.

    pay attention to your stuff, and put a credit alert out with the agencies if this is so troublesome.
    Post edited by scruffycavetroll on
  • scruffycavetrollscruffycavetroll ✭✭✭
    edited April 10
    delete, bad edit : D
    Post edited by scruffycavetroll on
  • AntiParadoxAntiParadox ✭✭
    edited April 10
    I wonder if they bothered to actually consult anyone who actually works in computer security to take a look at their set-up. All of this stuff (along with using your login as your in-game ID, wtf) is so counter to everything that we've been told for security's sake over the last ten years.

    Has anyone noticed an increase in spam since putting their tickets in? Just curious if this might be linked, since the support seems to be outsourced. Prior to this, the average for me was maybe 2-4 per hour. After my first ticket response, my spam filter is is now catching upwards of 20 per hour. (I'm not trying to scare anyone or make presumptions; just trying to figure out a logical explanation for this sudden upswing.)

    If it is true that tech support and moderation for the forums has been out sourced then it is very possible that these companies can/have or will sell these details on.
    Not say that they have out sourced but if they have it could explain your increase in spam

    Seems the only logical explanation. I use ad- and script-blockers, don't go to any untoward sites, haven't signed up for anything other than this game in the last few months. Makes me glad that I went the phone route (which I'm STILL waiting on) rather than email, because I sure as heck don't want to put that hacker buffet of information out there for them to feast on. :o

    Edit; Like I said, just curious to see if this is happening to others, or not.
    Post edited by AntiParadox on
    04/10/14 - Bought digital Imp Edition directly on 3/5/14. Hadn't been able to play since launch.
    Finally got a callback email after 62+ hrs. Asked for a refund. Got a 1-day code instead. -_- Heh.
    Pending decision: one more chance or go stuff yourselves.
  • First of all, the support department is not a simple one, they have their own structure, who does what, etc.

    And, there is not much a support team can do in many cases.
    They are not responceble for all the billing operations or game-code issues. They are just a support, they stand between you and ppl who actually do stuff.

    And, as far as I understand, there are really a few of them who actually has right / access to do smth, comparing to the number of requests.

    Therefore, most of the tickets has to be prolonged somehow. And that is what we are observing. All the stuff that we are pissed of with comes in hand here, like:

    - auto bot spam from FAQ
    - closing threads like "resolved" (of course they are not)
    - asking for any kind of info about you (they do not really need it)
    - replies that have absolutly nothing to do with the problem
    etc. etc. etc.

    I even tried to give them info in my new fresh thread, (since i've seen what ppl where asked for) and i really LOLed when i got an answer that was not only zero help, but had ABSOLUTLY nothing to do with my topic =). And they maekred it - resolved.

    So, as i get it, they are just pulling time the best they can. I cant blame them for it, but it IS annoing.
  • There IS AN ESO SUPPORT PHONE #...you just really need to dig to find it.

    I just called, and all i was really asked for was my email...it left me feeling strange, but the woman said the items would be restored hopefully today, i said I'm going to give it until tomorrow, or call the bank back.
  • Arsenic_TouchArsenic_Touch ✭✭✭✭✭
    I am actually surprised that people are finding this all so new.
    Is it better to out-monster the monster or to be quietly devoured?

    ╔═════════════ ೋღ☃ღೋ ══════════════╗
    "Stand your ground, this is what we are fighting for."
    "For our spirit and laws and ways."
    "Cry havoc and let slip the dogs of war."
    "For Heaven or Hell, We shall not wait."

    ╚═════════════ ೋღ☃ღೋ ══════════════╝

    NA // Ebonheart Pact // Leader of CORE Legion // Namira Beta Tester // VR10 NB
  • Aenima_ptAenima_pt ✭✭✭
    I wanted to change my email associated with my ESO account, so they indeed asked me for Name and answer to security question. But it seems logic to me to make sure is not someone else trying to steal your account.

    They never asked me this type of info for something not related to my account.
  • NishkaNishka
    edited April 10
    There IS AN ESO SUPPORT PHONE #...you just really need to dig to find it.

    I just called, and all i was really asked for was my email...it left me feeling strange, but the woman said the items would be restored hopefully today, i said I'm going to give it until tomorrow, or call the bank back.

    Well... After reading it I finally realized. Thet do not seem to have a gradation \ priors.. Ppl keep spaming abot their bugs \ banks\ uncompletable quests /bots / gold sellers. All this is annoing and no good of course, but as to the one of those who cant get ingame for a week now, it doesnt sound serious =)

    The only hope is when my issue will FINALY be solved, there will be less bugs to complain about :D
    Post edited by Nishka on
  • otomodachiotomodachi ✭✭✭
    I wonder if they bothered to actually consult anyone who actually works in computer security to take a look at their set-up. All of this stuff (along with using your login as your in-game ID, wtf) is so counter to everything that we've been told for security's sake over the last ten years.

    Has anyone noticed an increase in spam since putting their tickets in? Just curious if this might be linked, since the support seems to be outsourced. Prior to this, the average for me was maybe 2-4 per hour. After my first ticket response, my spam filter is is now catching upwards of 20 per hour. (I'm not trying to scare anyone or make presumptions; just trying to figure out a logical explanation for this sudden upswing.)

    Yes I DID notice this exact thing and it started within 24 hours of my ticket opening! I now have spam mails getting through my gmail filters for the first time in years.
    What do you gain by criticizing a CSR complaint?
  • RhoricRhoric ✭✭✭✭
    If you are getting spam then it is not because of your ticket or what not. I have not gotten any spam on my email address that I use for my ticket I sent in.
    Lord Rhoric
    Grand Marshall of Tyrs Paladium
    No Drama. Cameraderie. TEAM Focus. That's the TYRS way.
  • otomodachiotomodachi ✭✭✭
    Rhoric wrote: »
    If you are getting spam then it is not because of your ticket or what not. I have not gotten any spam on my email address that I use for my ticket I sent in.

    I love that you felt the need to explain that I'm wrong without having access to any proof. Thanks. :) Your entire statement is entirely as anecdotal as mine, and would've been just as valid without claiming I am wrong.
    What do you gain by criticizing a CSR complaint?
  • RhoricRhoric ✭✭✭✭
    Well you are blaming them for your spam problem when it is not their fault cause if it was then way more people would be having the problem which is not the case.
    Lord Rhoric
    Grand Marshall of Tyrs Paladium
    No Drama. Cameraderie. TEAM Focus. That's the TYRS way.
  • I asked because I wanted to see if it was happening to anyone else. You know... in the spirit of camaraderie and teamwork. :|
    04/10/14 - Bought digital Imp Edition directly on 3/5/14. Hadn't been able to play since launch.
    Finally got a callback email after 62+ hrs. Asked for a refund. Got a 1-day code instead. -_- Heh.
    Pending decision: one more chance or go stuff yourselves.
  • Makes me glad that I went the phone route (which I'm STILL waiting on) rather than email, because I sure as heck don't want to put that hacker buffet of information out there for them to feast on. :o

    Actually, it was the CSR from the call back/phone option that emailed me that last time, requesting my full name, DOB, user name & email address, etc. I hope you draw a better one than me.
«1
Sign In or Register to comment.