Steam began when Valve, a Seattle-based game PC game publisher started by former Microsoft employee Gabe Newell, was having issues constantly keeping their online games (like the wildly popular FPS, Counter-Strike). Patches would ripple through the community, leaving large parts of the user-base disconnected from others if version weren't matching. The decided to make a platform that would update games automatically and provide anti-piracy measures. It was publicly released in 2003, and by 2005, was selling third-party games as well. Today, in 2010, the Steam library has over 1,200 games (both from boxed games and from digital distributed games), and services over 30 million active users. It also has social-networking functions, and a friend-list service with IM to allow users to create games and talk with other users all within the platform itself.
Since it has become such a big seller in the PC game market, and since games can be bought directly through the client itself, multiple security measures need to be enacted to keep the accounts of legitimate users safe from phishing scams and data leaks.
First off, Steam handles credit cards, which means they must comply with basic credit card safety procedures. They do not reveal much about the workings of their company, but their privacy policy does say
But the more likely threat with a platform like Steam, is account phishing. Since someone's account holds all their game licenses, scammers are always looking for ways to steal someones info and hijack their account for their own use. One of the most notable measures against scamming comes built into the IM service. Whenever a chat window is opened, a reminder to "Never tell your password to anyone" with a link to an account security page comes up. This helps stop scammers who pose as Valve employees and ask for account details through the IM service. In addition, to change any account info, even an email address, one must verify their current email and retrieve an verification code that allows users to make the changes they desire. This measure helps the real user retrieve his account even if he loses his information, as it is likely that he will be the only one that can access his email (provided they have diversified passwords). Steam also allows a user to be signed in at one location at a time, which can be helpful in locking out a scammer if they have account details--though this is double-edged sword, as it could allow a scammer to lock out legitimate user. And lastly, if all else fails, steam has a support system which focuses heavily on account recovery. If one loses their account, the support team will work quickly on recovering it for the valid user (which can only be proved by credit card ownership or the serial of any boxed game owned), and will restore any damage done to accounts (fraudulant purchases, removals of currently owned games) so that the user can have their account as it was before hijacking.
"Personally identifiable information will be processed and stored by Valve in databases hosted in the United States. Valve has taken reasonable steps to protect the information users share with us, including, but not limited to, setup of processes, equipment and software to avoid unauthorized access or disclosure of this information."This, vague as it is, does seem to generally meet the needs that something like PCI-DSS would call for, and therefore seems to show that they are taking proper steps to secure credit card and all other user data. Additionally, they allow payments through third-party vendors, like PayPal, which has well-established security measures as well.
But the more likely threat with a platform like Steam, is account phishing. Since someone's account holds all their game licenses, scammers are always looking for ways to steal someones info and hijack their account for their own use. One of the most notable measures against scamming comes built into the IM service. Whenever a chat window is opened, a reminder to "Never tell your password to anyone" with a link to an account security page comes up. This helps stop scammers who pose as Valve employees and ask for account details through the IM service. In addition, to change any account info, even an email address, one must verify their current email and retrieve an verification code that allows users to make the changes they desire. This measure helps the real user retrieve his account even if he loses his information, as it is likely that he will be the only one that can access his email (provided they have diversified passwords). Steam also allows a user to be signed in at one location at a time, which can be helpful in locking out a scammer if they have account details--though this is double-edged sword, as it could allow a scammer to lock out legitimate user. And lastly, if all else fails, steam has a support system which focuses heavily on account recovery. If one loses their account, the support team will work quickly on recovering it for the valid user (which can only be proved by credit card ownership or the serial of any boxed game owned), and will restore any damage done to accounts (fraudulant purchases, removals of currently owned games) so that the user can have their account as it was before hijacking.
So, overall, Steam experiences many of the threats that any large online distributor will, but it seems to manage them very securely. It meets standards for purchases, and has many safeguards (and blatant reminders) in place to provide multiple levels of security for user accounts. Is there room for improvement? Always. But Valve is doing a thorough job of protecting its users regardless.
Posts
After the PSN was hacked because they challenged hackers. There are a lot companies that they are a lot companies that they are trying to prepare for that kind of attacks. I know that Valve isn't as big as Sony is. But their service has been in the business for longer period of time and right now they have been working first to avoid scams with steam guard and right now with the information that they have stored in the data base.
ReplyDeleteA little off topic. One thing that I like about Valve. It is that it asked you if you want to participate in its polls and EA is doing that in the background without asking you.
I read your blog and found the effective.........
ReplyDeleteaviation security training courses
The security courses are very useful nowadays, this is the edge of competition no one can achieve a successful career without being a skilled individual many institutes are offering PTLLS Course in reasonable expenses....
ReplyDeleteGreat post! I am highly agree with the writer's point of view.
ReplyDeleteThe deletion of info usually leads an individual to a a sense of disappointment.
A wide variety of data recovery services have been proposed by the professionals, guaranteeing that a person might very easily recover his / her lost data.
If there is a data deletion situation, an end user needs to have a preliminary understanding of suited important information retrieval software.
usb recovery
This the excellent post which I have seen and it helped me a lot , Thanks for sharing it!!
ReplyDeleteinformation security course
Invest in Ripple on eToro the World’s Top Social Trading Network!!!
ReplyDeleteJoin millions who have already discovered better strategies for investing in Ripple...
Learn from profitable eToro traders or copy their trades automatically.