blu said:
Well, that's pretty much what I said, didn't I? The problem is, for some reason or another, those DD services on the 'more advanced' gaming platforms we've been discussing here as the model nintendo should follow do not allow such a basic thing as *not* storing CC info (given one still wants to use a CC occasionally).
Well, for one,
insisting on not storing CC info is a no-go. Most normal people are neither too paranoid about privacy nor too concerned about misuse of their accounts to want to re-enter CC info every time, so it's hideously user-unfriendly to not offer the option. Console-DD-store merchants
should offer a checkbox that lets you choose either behavior, like the vast majority of web merchants do.
But regardless, this particular behavior is
entirely distinct and separate from the social/store integration question. Each of the two questions is a yes/no and each can be chosen by a software implementor independently of the other. That MS and Sony chose one way (and I agree, it's not a good choice) is no more related to their account system than the fact that they use pad-shaped controllers or have USB ports on the front.
No only that, but they maintain a redundant funds structure in place - one of wallet + CC, whereas they could do with either one.
Having a wallet is beneficial because it gives you access to customers without a CC. Steam didn't have one for a long time and they finally added one, even though they do still allow exact-price transactions for everything. It doesn't hurt anyone in any way to have the option of a wallet system above and beyond per-transaction
Ask yourself this, would PSN customers have been so much in arms over the PSN breach earlier this year if everything their PSN accounts kept was a gamer tag and a friend list?
You're assuming that in this context Sony would follow proper security procedures and physically and architecturally decouple the storage of social information and financial information. The problem is, this is
still proper security procedure
with a shared account structure, and they
still weren't doing it. Why would they do so in this alternate universe?
The storage, partitioning, and access control of sensitive data on the server end is architecturally independent from your front-end design. In a correctly designed system, all of the following would be true on a backend level:
- "Fluff" account details, login details, and financial details would each be stored in separate databases, each accessible only by separately authorized users with distinct credentials, and possibly even stored on separate physical systems.
- Login details should be stored with passwords stored using a salted hash with a secure function iterated enough to generate a two-second window per attack attempt.
- Financial details should be entered using the three-digit code on the back of the card, through a payment provider that exchanges details for an encrypted storage token -- this allows the same vendor to place future orders on the same stored card without actually ever retaining the full 16-digit card number.
All three of these backend security features can be implemented just as easily with a shared account as with separated accounts, and Sony did
none of them. Frontend system account design simply can't protect against that type of negligent malfeasance.
Come on, now. Information access discrimination seems such a foreign concept to you?
It's just not relevant in the context we're discussing. All the information coexists at the client endpoint, i.e. the console. It's all transmitted, in one way or another, to the server endpoint (i.e. Sony/Microsoft/Nintendo) at which point what they do with it is up to them. It's entirely upon them to implement correct server security either way.