News

EA’s Origin stores Credit-Card information online that cannot be removed/deleted

4 Comments

Our reader ‘Ramiz’ has informed us about Origin storing credit card information online, and the fact that this information cannot be removed, no matter what. According to Ramiz, the CC number and dates are stored automatically on Origin, even when users do not click on the “store payment info” checkbox. This means that your information is vulnerable to whoever gets logged in Origin via your profile.
Ramiz continued:
“Today I asked my cousin to open Origin with my account name and password and make purchase and see if he can see my CC credentials. Turned out – he can. Granted, he doesn’t have CVC2 code and can only see part of credit card number. But if my bank does not use CVC2? Or what happens if a hacker attacks EA’s database?”
Ramiz has a point there. However, a lot of online stores are automatically storing CC numbers, provided users select the appropriate option to do so. Still, EA should obviously offer a way to clear or delete this sensitive information (as other stores do). And that’s the biggest issue of Ramiz (and other Origin users).
A month ago, a thead appeared on MordorHQ about the very same issue. As users reported, EA cannot remove this information from a user’s account.
The big question now is: why EA cannot remove the most sensible datas that shouldn’t even be saved at all?
Back in November, users reported that Origin has been hacked. Although EA has officially denied that, the fear still remains of what may happen in such a worst-case scenario, and whether or not the CC information of Origin’s users will be safe from such attacks.
We’ve contacted EA and will update this story if we ever hear back from them.