Oh, maybe it is the behavior change of Google Chrome (76.0.3806.1 dev channel).

I agree on both points 100%

This is all good info


(Btw to everyone: This may sound whiney but why are all my posts ITT downrated? Do people doing so think i'm overly critical of GOG? That i'm trying to spread fear[i'm not, to clarify]? Also why are non others expressing any similar concerns downrated? See how just leaving low ratings causes confusion and doesn't solve anything?

This post by satoru was also not fearmongering/shilling and had truthful and good info yet it was low rated as well until a bit ago, btw.

If one posts truthful info for a good reason I ask people please don't downrate and possibly hide such info from others because you dislike it.

*end offtopic*)

To be fair I wrote that BEFORE reading the whole thread(I jumped the gun and for that/showing you in any bad light I apologize). I have since read it and seen this isn;t the case, and again say I am sorry for even alluding to it in the first place.

Was it after a period of not buying? I ask as it doesn't ask me every time for such info, and I feel that they should(as others said) each time.

Yes, it was. I just tested it out again by buying a cheap game in my wishlist from the sale, and it didn't ask for the CVV or a confirmation. And you're right, it should.

Wouldn't the credit card token be client side, on one's own computer or mobile device?
Thus, this is a non-issue for someone who accidentally is logged into one's account.

Nonetheless, this is a serious issue, not only for privacy concerns and potential mischief, but as I pointed out, if one has Wallet Funds on one's account.

If only they'd make it check every time you made a purchase that would solve a good portion of the problem.

I have actually logged in on other computers and still had the payment info show up....so it;s likely GOG/etc side.

But yeah it is an issue irregardless.

Well, I had saved my CC "for later use" in GOG, and I never had to enter the CCV. Now that I removed it, now I of course have to enter all information.

One clarification though: my current card is a debit card, not a credit card. But it has a CCV as well etc. I prefer using a debit card because then I see instantly if the payment went through and I like to know all the time how much I've spent for luxury items like DRM-free GOG games.

Do you mean a cookie? It doesn't seem to matter if you use a new browser on a new computer, or clear the cookies on your current browser, and you still don't have to enter CC details.

That is bad. Doesn't matter if GoG doesn't store one's credit card details if one can still make purchases using it even if logged in from a different computer...

I/others already brought this up, but yeah.

Wow this is frightening. Is it fixed yet?

So that's why from time to time I have different language settings? (Like today...)

I'm not 100% sure but for me it was due to using a browser not 100% supported by the site.

Will we hear back from you after the investigation?
I often use wallet funds, I want to know if it's not safe!

Your restraint is to be commended. This would have been my first order of business. :P

This is GOG. That means we will dont hear back from then. And it means that there is no investigation. It basically means "We get nothing right and are not ashamed of it". They are programming a Client 2.0 while the other is and was never fully functional over years. That means "GOG".

Well, I removed the saved card details anyway. I don't buy games often enough that it's a hassle to have to type everything in.