I am requesting you to remove the Government ID verification system from a request of a user to open up a Ticket.
This becomes a major issue to many online companies that do not like high-end computer security testers. When we hold a litmus test to a company or website. When it comes to Social Engineering, MITM and high level security audits. I hate to say this but blizzard NEEDS to quickly revise their policies. I am NOT certified but, hand trained by an individual whom works a prestigious position in computer systems. (not going into further details). I was going to open a support ticket today, but the system wanted my photo ID. Given the nature of my work and what I do outside of this video game. Regardless. I am not going to present to you my Photo ID. This type of request would automatically FAIL me in a Security test scenario at my level. The only time a photo ID exchange should ever happen, is in person.
Since this game is NOT operated by a financial institution, this type of security request would be null and void, for the level of commodity exchanged. Even today’s top banking systems that do online financial transactions do NOT do this AT ALL. NOT a single bank website requires you to present a photo ID and for the very reasons I have stated.
The new Photo ID system that blizzard requests in order to open a ticket is VERY dangerous. This is because of the fact that any one point in time a security breach CAN and will happen. It’s never a matter if “If”. it’s a matter of “when”.
Doing a an “audit” or “advisement check”. Is something the company never requests. Its a “watchdog” that decides to give advice to someone. Much like a social experiment. To see what really IS or is NOT feasible.
I would advise Blizzard to REMOVE the photo ID system, as a verification method, because anyone can STEAL a photo ID or Fabricate a photo ID in order to gain access to an account. Because of this step that is in place. Even with the ID being recognized and a potential forgery could be detected with even the best optical verification system on earth. it is still a security issue because that physical piece or object can become Compromised. Just the same as a cell phone. If the object is a physical device and can be stolen by another individual. This automatically lowers the quality of security.
Which is why the password remembered in someone’s own mind is still better.
Even then, the level of security that is between this web browser and the Blizzard systems do NOT pass to today’s Banking standards and USG encryption standards.
I was also one of the users on google whom DID notify them about that security leak on google profiles or as commonly known as Google plus. Since then, and the company NOT heading my warnings their mistakes cost them ALOT OF MONEY. This oversite that I warned them about, was left UN-acknowledged and it drastically ruining the company’s financial well being. I am not here to make enemies, only friends. I care about the good company of blizzard and it means alot to me. Regardless of anything that happens. Creators in this company are imo, a “national treasure”. as they make some of the most iconic games and game content there is.
You may take this post down, bury or what not. That is your choice. Not mine. But the risk of having an individual send your system a copy of their Government Issued ID, is placing the user in greater odds of having their information stolen should a MITM attack occur.