It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
low rated
avatar
RickyAndersen: If someone has access to your account, is that mean your saved card details also exposed?
avatar
paladin181: GOG does'nt store pay info on their end. You're good.
It's not there to copy but if you used a card it allows one to reuse that card for purchases if one is logged into that account. One could easily purchase a game/games using that info while logged in and gift it to a temp email for selling/reuse. This is why GOG should look into this/people should clear their data after buying stuff(for now).

avatar
Fairfox: quick, someone write like me
quick, someone write like me
Post edited June 04, 2019 by GameRager
Weren't there some topics from ppl that had games on their account completely out of the blue some time ago? Maybe same thing happened, but without the buyer realizing that he did not logged into his account.
avatar
Fairfox: quick, someone write like me
like me
avatar
GameRager: It's not there to copy but if you used a card it allows one to reuse that card for purchases if one is logged into that account. One could easily purchase a game/games using that info while logged in and gift it to a temp email for selling/reuse. This is why GOG should look into this/people should clear their data after buying stuff(for now).
Really? I thought that would have to be filled in on your end... I use PayPal myself to avoid this unpleasantness (Which requires login authentication every use) but that's.... terribly insecure.
avatar
Fairfox: quick, someone write like me
liek, if somewun wanted too taek over my acct i guess it wud bee Fairfox?

Did I do it right?
low rated
avatar
GameRager: It's not there to copy but if you used a card it allows one to reuse that card for purchases if one is logged into that account. One could easily purchase a game/games using that info while logged in and gift it to a temp email for selling/reuse. This is why GOG should look into this/people should clear their data after buying stuff(for now).
avatar
paladin181: Really? I thought that would have to be filled in on your end... I use PayPal myself to avoid this unpleasantness (Which requires login authentication every use) but that's.... terribly insecure.
I use it out of laziness......I simply go to checkout and all cards are there to just pick and pay...no entry of any data again(not even the code on the card back....the 3-4 digit one) is needed unless you delete that data. If you do then GOG asks for you to refill it out for every new purchase and then stores it again for future use until you again choose to delete it...etc.
avatar
paladin181: Really? I thought that would have to be filled in on your end... I use PayPal myself to avoid this unpleasantness (Which requires login authentication every use) but that's.... terribly insecure.
avatar
GameRager: I use it out of laziness......I simply go to checkout and all cards are there to just pick and pay...no entry of any data again(not even the code on the card back....the 3-4 digit one) is needed unless you delete that data. If you do then GOG asks for you to refill it out for every new purchase and then stores it again for future use until you again choose to delete it...etc.
I've come to remember my full number as I've entered it so many times. Takes longer to enter my name.
avatar
GameRager: I use it out of laziness......I simply go to checkout and all cards are there to just pick and pay...no entry of any data again(not even the code on the card back....the 3-4 digit one) is needed unless you delete that data. If you do then GOG asks for you to refill it out for every new purchase and then stores it again for future use until you again choose to delete it...etc.
Does that work from multiple locations or is it session/cookie based?
low rated
avatar
GameRager: I use it out of laziness......I simply go to checkout and all cards are there to just pick and pay...no entry of any data again(not even the code on the card back....the 3-4 digit one) is needed unless you delete that data. If you do then GOG asks for you to refill it out for every new purchase and then stores it again for future use until you again choose to delete it...etc.
avatar
Maighstir: I've come to remember my full number as I've entered it so many times. Takes longer to enter my name.
I don't have that kind of time, man...though I probably should do more to secure my info, I agree.....but eh my bank usually has my back if bad charges get posted so i'm good for now.

I recommend everyone to delete their payment info from their GOG account until this bug is squashed, though.

avatar
GameRager: I use it out of laziness......I simply go to checkout and all cards are there to just pick and pay...no entry of any data again(not even the code on the card back....the 3-4 digit one) is needed unless you delete that data. If you do then GOG asks for you to refill it out for every new purchase and then stores it again for future use until you again choose to delete it...etc.
avatar
paladin181: Does that work from multiple locations or is it session/cookie based?
So far i've used it in other browsers/on other machines and it is indeed saved across any use of my account.
Post edited June 04, 2019 by GameRager
avatar
GameRager: I don't have that kind of time, man...though I probably should do more to secure my info, I agree.....but eh my bank usually has my back if bad charges get posted so i'm good for now.

I recommend everyone to delete their payment info from their GOG account until this bug is squashed, though.

So far i've used it in other browsers/on other machines and it is indeed saved across any use of my account.
Good to know! I'll stop saying GOG doesn't store payment info. That used to be the case but is obviously not now.
high rated
If you don't check the "save this card for later use", the card info is not saved. We never store card details directly in our database.

Worth noting that an option to check and remove the card number is at the top of your order history.
avatar
paladin181: Good to know! I'll stop saying GOG doesn't store payment info. That used to be the case but is obviously not now.
Read immi101's post above. He summarizes pretty well how it works.
low rated
avatar
chandra: If you don't check the "save this card for later use", the card info is not saved. We never store card details directly in our database.

Worth noting that an option to check and remove the card number is at the top of your order history.
A bit of clarification would be nice, as it would seem you just contradicted yourself(while also providing some good info about checking to save this card as saving the info).

You said the card info is not stored in your database after saying(basically) that checking save this card saves the info somewhere(I would assume you guys/gals don't let just anyone save the info and that the servers doing such/holding such data are at least partially under your control). This means that if you check to save the card info then GOG DOES in fact store your info(even if on another server) if you choose for it to be saved.

The distinction is moot(imo), however, as to who holds the data if someone gains access to your account and such has been saved to it. Either way(whether GOG stores the data or someone else) if it's saved and someone accesses your account they can buy games with it.

avatar
paladin181: Good to know! I'll stop saying GOG doesn't store payment info. That used to be the case but is obviously not now.
avatar
HunchBluntley: Read immi101's post above. He summarizes pretty well how it works.
That info is good to know, but it says the data is only reverified if one hasn;t used it in awhile. This means that if someone buys often enough and someone gains access to an account with saved payment data they can possibly buy games with it. Also even if the data is a token/encrypted if the before mentioned circumstances occur other people can still buy games with it to resell/use themselves if they have access to your account.
Post edited June 04, 2019 by GameRager
avatar
GameRager: ...someone accesses your account they can buy games with it.
Yes games but not use it on other online shops to buy other things. That is in practise the difference between saving it as the number visible and using the method GOG uses.

The risk is, of course, any criminals buying gift codes.
Post edited June 04, 2019 by Themken
low rated
avatar
GameRager: ...someone accesses your account they can buy games with it.
avatar
Themken: Yes games but not use it on other online shops to buy other things. That is in practise the difference between saving it as the number visible and using the method GOG uses.

The risk is, of course, any criminals buying gift codes.
For those with limited income it's still bad, and even for those with more income it's still not good even if it's just a few bought games.

Basically those who choose to save payment details shouldn't have that feature made into a liability due to a security loophole in the site code/etc.
Post edited June 04, 2019 by GameRager