Hi there,

I recently wanted to buy some TurbinePoints via Paypal. I opened the ingame store, clicked on "Buy more points" and was redirected to Paypal. I hesitated, because I couldn't verify the validity of this rendered Paypal-website. So I went ingame and chatted a bit about buying points with Paypal. Most people didn't understand my concerns and just stated that "nothing ever happened".

My concerns when buying points via Paypal using the ingame store are:
- I can't tell whether the rendered site is really from Paypal or from Turbine.
- I can't verify the encryption of the connection to Paypal.
- I can't tell whether there is a redirection involved.
- I have to enter my credentials for Paypal, which gives access to my account.
- I can't tell who has access to these credentials.

So, what I'm basically doing is giving Turbine access to my accounts to do all sorts of shenanigans. By using an iframe inside their application they get access to everything I enter. I wonder why nobody ever objected to this before.

Are there any plans to rectify this situation and lessen these concerns? Why can't I buy points (or point codes, like the ones on twitter during the Summer-Bonus-Days) outside of the ingame store? Why is there no work done to reassure me that everything possible is done in order to secure my payment?

Hello,

When you enter your information to access your PayPal account none of the entered information is exposed to anyone here at Turbine. It is essentially the same as using PayPal to make a payment through any other website that offers PayPal as an option.

~SDM

Thank you for your reply.

Any other website I used with Paypal redirected me for the duration of the payment to Paypal. Since I used my browser (with an addressbar) I could see, that the URL changed and I could check the SSL certificate. Never did any website embed the payment inside their website. And even if they did they wouldn't have control over the traffic as in the case of an application using a HTML renderer like DDO does.

To clarify: I'm not saying Turbine is stealing the data (they could, but I don't think they do). I'm just saying that as a user I have no way to verify this.

Since the DDO store is an application using an HTML renderer it is in no way like a website using Paypal.

So I repeat my questions:
Are there any plans to rectify this situation and lessen the concerns stated in my previous post? Why can't I buy points (or point codes, like the ones on twitter during the Summer-Bonus-Days) outside of the ingame store? Why is there no work done to reassure me that everything possible is done in order to secure my payment?

We are still looking at adding additional ways to purchase points. We are also investigating additional payment options for VIP subscription.

I will certainly be happy to pass along your feedback and concerns regarding the current process to add a PayPal account to be used in the DDO store. We do not have any plans to change the current process at this time, but feedback is always welcome.

If you prefer to use a payment that you can be completely sure can't be traced back to you and has no liability as far as additional charges, I recommend using a pre-paid credit card. As these are not linked to your credit score, and have a limited amount of funds on them, there is very minimal risk in using them, and no risk that additional charges can be placed against it (above the amount on the card). Please see this sticky (http://forums.ddo.com/showthread.php?t=203387) for more information about pre-paid cards.

Thanks for that reply.

Passing on this feedback would be appreciated, since I can think of a number of ways (depending on the actual implementation) to take away these concerns.

Since credit cards are no viable option for me, I just won't buy any more points, since I don't want to change my Paypal password every time I do.