Is this a normal requirement

[Wildfire7]

It is disgraceful behaviour that any institution of any kind should request an individuals password under ANY circumstances.

Other financial institutions such as banks are spending millions on educating the public on not to divulge sensitive information such as passwords through email. The leading statement is usually "We will never ask you for your password".

If a casino is so lax at protecting sensitive data such as passwords (which it is in this case as it has scant disregard for security) then how does it handle our data behind the scenes?

There is no logical explanation as to why a casino would require a password to close an account. Louise alluded in her post that the reason was to provide an additional layer of verification security for the customer. This is a paradox and counter productive as by making such a request they are achieving the opposite of what they originally imposed this measure for.

Under no circumstances should the OP give his password out. If he does then he is also breaking the casinos own T&C's by not taking adequate measures to protect his own account.

If the OP were to deliberately lock his account by submitting an incorrect password 3 times, then support could get his account unlocked by resetting it, but first they would ask him to confirm his details. But not the password as he has lost it. In this case the casino would bend over backwards to reset the password, because it means the player can get back into the casino and play.

Closing an account should be a simple procedure. Only basic details should be requested, such as name, account number/username, date of birth and a telephone number or billing address. Another point to consider is that if a fraudster some how got hold of these details, the last thing he would be doing is closing an account!

Mike

 

[love2winalot]

Hiya: Dear Louise, and Rushmore group:

There is an old saying that goes, "Perception is Reality". Right or wrong, good or bad, this is true, and simply the way it is. Right Now the Perception of your Casino has gotten worse, and not better, because of the password policy. That policy that will drive away more players, than it will attract.

I would print out this entire thread, and show it to the powers that be, and have the password policy changed to something else, anything else.

Here is a simple way to do it. Have each new player send over a photo ID. Maybe you have one from the OP of this thread. Simply have them send over, "The same picture ID, to close an account, or make a large withdraw, ect".

This is exactly what the passport ageny does. Why do you think they ask for 2 pictures, when only one goes in the passport? The other is kept on file by them. Now, "I" steal your passport, and cut/paste my picture into it. I am now you. But if someones wants to verify the passport, then send a copy of the picture to the issueing agency, and they pull out the Original 2nd picture that was sent in when the passport was issued. Same picture= ok, 2 different pictures= Fake passport.

You have LOST the Password issue. So, make an adjustment, and move on. Simple.

 

[Roanan]

Seriously, do you think it's the same the other way around like this? We are the operator of the casino and have access to player's passwords anyway, so what difference does it make for the player to confirm the account closure by providing their casino password, or not.

This is a piece of verification that only you will know so only YOU are able to close your account with us.

Thanks,

Louise
Rushmore, Cherry Red & Slots Oasis Rep.

I have not been paying much attention to threads on this site where I do not play, or have accounts, but after reading the above post from the casino rep along with some other posts I'm saying something here.


This is a SERIOUS breach of etiquette.

The fact that you have indicated (a few times) that you have access to player passwords, and do not have them encrypted scares the shit out of me.

There have been two threads on CM in the last few weeks alone regarding player databases for sale, acquired by/from unscrupulous employees.

Your casino has now made the most important piece of personal information capable of falling into the wrong hands.

In addition, it is common knowledge that all emails that are NOT specifically encrypted can be read by anyone who so desires. You're requirement for a player to transmit their password via this method simply compounds this issue.

Most people only use one or two passwords for online purposes and if that information was to be abused by a Rushmore employee, the player would be at their complete mercy.


I can guarantee that the Rushmore Group will NEVER get my business because of this.

 

[winbig]

This is a piece of verification that only you will know so only YOU are able to close your account with us.

Not true. Any hacker could obtain this information via keyloggers, etc. However, they would not be privy of the player's home address, phone number, DOB, etc.

If I went by your standards, I could simply hack a player's computer, get their password for both the casino and their email and close their casino account simply because I don't like them.

If that were to happen, it'd take more effort on the player's part to get their casino account re-opened than it did for me to close their account in the first place.

 

[LaurieJim]

I like Louise, always have and always will, im sure if it was up to her and it was her self owned casino, she would do everything within her power but she has those above her that seem hell bent on making it hard on her and the players and its not fair to either.

We all loved Louise when she first popped on the forum and she took care of us, infact making sure we got paid asap as opposed to others whom are not members here, how fast we seem to forget, even CM said she had been in the running for manager of the year till managment dropped the ball on her and she had to fend for herself if i recall right.

Louise is only doing what is stated by those above her, clear and simple, its not up to her to make or change the riules,some as stupid as they are.

If anything, give her the respect she deserves for coming into the lions den without the backup of her bosses , if they wanted to get back in good graces with the players, they would give Louise more power in making decisions that players need help with, i think she would get alot done, if left to her alone...........just my 2 cents worth.............laurie

 

[winbig]

I like Louise, always have and always will, im sure if it was up to her and it was her self owned casino, she would do everything within her power but she has those above her that seem hell bent on making it hard on her and the players and its not fair to either.

We all loved Louise when she first popped on the forum and she took care of us, infact making sure we got paid asap as opposed to others whom are not members here, how fast we seem to forget, even CM said she had been in the running for manager of the year till managment dropped the ball on her and she had to fend for herself if i recall right.

Louise is only doing what is stated by those above her, clear and simple, its not up to her to make or change the riules,some as stupid as they are.

If anything, give her the respect she deserves for coming into the lions den without the backup of her bosses , if they wanted to get back in good graces with the players, they would give Louise more power in making decisions that players need help with, i think she would get alot done, if left to her alone...........just my 2 cents worth.............laurie

I think Louise is great, too, and understand it's out of her control. I'm still wondering why she continues to put up with having her hands tied so tight from the powers that be.

 

[chuchu59]

Hi everyone,

I really do try my best here and feel that I am being reasonable and am explaining the reasons why this is the way we operate and feel that the reasons are justifiable. I don't see that we are deserving of being rogued because of this.

We are asking for the player's username which again, as I've said before, is something which stays between the casino and the player and is why this extra unique verification option exists. Should the player not want to provide us/and/or email a password which they also use to log in to their email provider for example, the player can do the following. They can log in on the casino website, go to 'my account' and 'change password', change it to something else, update this and then email us the new password to us along with their username and their account closure request will be complied with.

Kind regards,

Louise
Rushmore, Cherry Red & Slots Oasis Rep.

Rogued? Certainly not yet. You previous outstanding work will not easily be undone. However, as written in Pina's post there have just been too many issues to the detriment of your casino and imo these are intentional and not oversights. If a vote could be taken I would vouch for Rushmore to have it's accredited status removed.

Nothing against you Louise but apart from the e-wallet bonuses issue, I simply cant condone the action this group has taken in the past few months.

 

[WagerWitch]

Louise - I too, stand with the other players.

NO COMPANY should ask for a password to be sent to them via email.

It is simply a "dodgy" request.

Perhaps you don't mean it as such - but I would seriously reconsider this particular approach, as it is NOT appropriate.

There must be alternative measures that could be taken in lieu of this particular type of activity.

All banks and financial institutions continuously advise - IF WE ASK FOR YOUR PASSWORD - it IS NOT US asking for it - do not fall prey to this scam.

So - we, as players, entrusting our finances to you - expect the same type of behavior.

We see identity theft and possible problems when faced with this - not to mention - having that password scattered all over the internet in a NON encrypted manner - is also very unnerving.

While I think some folks are handling this in a very RUDE manner - I have to side with the concept that at NO TIME - should a player be forced to divulge his password EXCEPT when he is signing into the system.

EVER.

 

[LaurieJim]

Based on my experience at

You do not have permission to view link Log in or register now.

, since i've tried closing my account with them, they never asked me to email my password using email address. i doesn't make sense. and thats' the main reason why i've opened my account with

You do not have permission to view link Log in or register now.

because of their good customer service.

Didnt Max or someone warn you earlier, i see you becoming RED purdy fast

I think, back to this issue that you should never ever give your password to anyone ,but there have been times when i have forgotten mine at some older casinos and asked in live chat and it was given to me and that was Microgaming for one, all they , the customer support people have to do is have your email or login name and its all there, birthdate, address, ect, i dont think all this needs to be sent back to close an account as they already have this info, i just didnt want Louise burnt at the stake, thats all..............laurie

 

[AudiManinBoro]

I sympathise Laurie. Difficult to remain objective if you like someone. However facts remain facts. EVERY financial institution and organisation in the world CONSTANTLY goes on about NEVER revealing your password to ANYONE. In fact I cant think of one company, organisation or system i deal with or have ever dealt with that has asked for this information. This request is so far wrong i dont even know where to begin but im done with the rushmore group myself, not a safe place to play.

 

[bb28]

This thread has been interesting and eye opening. I don't mean to derail but I'm wondering if the facts stated by Louise (that some managers do have access to passwords) is true for other RTG's. I wonder if this is a feature of RTG software itself? It stands to reason that it is something that is so if you have been given certain security clearances such as managers have.

I'd like to see this question addressed by other RTG's, but doubt it will be.

 

[uungy]

This thread has been interesting and eye opening. I don't mean to derail but I'm wondering if the facts stated by Louise (that some managers do have access to passwords) is true for other RTG's. I wonder if this is a feature of RTG software itself? It stands to reason that it is something that is so if you have been given certain security clearances such as managers have.

I'd like to see this question addressed by other RTG's, but doubt it will be.

Very valid point. I am sure the Virtual group have assurances from the FBI that all their managers have been checked, and not wanted for illegal gambling

seriously though,, it would probably be impossible to implement. Since the casinos are web based, the license and the base of where the casino actually is situated, ie managers and support, are in a different location, and you would probably need clearance from some international body like Interpol, whic dont do clearances I believ, only have the "most wanted" registered

 

[jas2587]

We are the operator and casino, we have access to passwords anyway so is is not in reference to us - The password is often required as a piece of verification to protect the player from someone else possibly gaining access to their account. This is a unique verification that is only between the player and the casino.

The term that has been quoted is in reference to providing your password to a third party such as a member of your household etc.

Thanks,

Louise
Rushmore, Cherry Red & Slots Oasis Rep.

Louise Hiya
I like ya always have always will
this idea might put a small burden on you but the OP seems to not want to email his password thru Hotmail
just a thought why couldnt he pm it to you
then only you will get a copy of it an their mind might be put at ease
when you an I chit chatted back an fourth you was always spot on on your word never went back on it an to this day I Respect you for that
to me you are still the Tops
so maybe it can be closed thru a pm

Cindy

 

[jas2587]

Good for you Jazzy!! Keep after it. If I'd ever bothered to open an account there (don't "think" I did)...I'd do the same thing, just as a show of solidarity.

Honest to God, I like Louise....and I really do think she tries her very best to do what she can, and post whatever replies she's able to. But I'm sorry...her bosses, or whoever owns these places, have their heads so far up their asses, it's amazing they get anything done there.

The big fraud investigation, the long payment delays of months ago (for which there was never an explanation), the confiscation of over 2K from a player's dormant account (subsequently returned, because they were removed from the Accredited list), the no bonus thing on MB and Neteller deposits...and now this...the icing on the cake. No thank you to ANY of it. Before, I would have personally never have suggested anyone play here. I've now upgraded that to stay away, until someone over there buys a clue.

Louise is an employee she has to go by her companys guidelines she isnt saying she agrees she is saying it is a requirment I think ya'll are being a tad harder on her

ask for some one higher up an see what they say

Cindy

 

[uungy]

Louise is an employee she has to go by her companys guidelines she isnt saying she agrees she is saying it is a requirment I think ya'll are being a tad harder on her

ask for some one higher up an see what they say

Cindy

A casino rep, is a representative for the casino. If the rep gets a bashing, its never personal, its a bashing directed at the casino.

In this case, there are two things involved, one is that casino has done something wrong, and the bash is diercted at the casino via the rep. I dont think anyine here means to get personal.

The same thing can go for the unanswered questions and unanswered problems, which at times seem to be directed at the rep, but in fact its at the casino. The rep is representing the casino, and if questions go unanswered, then the rep (aka casino) is responsible for that.

 

[winbig]

Security has never been an issue at most RTG casinos.

For instance, I can't count the number of RTG's I've ran across that have you log in to your account via their website over an unsecured (

You do not have permission to view link Log in or register now.

connection.

I've pointed this out a number of times to the casino(s) in question, but nothing has ever been done about it.

For instance, take a look at Lock's login page:

You do not have permission to view link Log in or register now.

. If you log in to your account via that page, you're just setting yourself up to possibly have your username and password stolen.

If you weren't aware, only https:// connections are secure.

But, FWIW, Rushmore, Cherry Red and Slots Oasis do have you log in via a secure connection, so at least they have that going for them.

 

[jas2587]

well I personally think ya'll are being way to hard on her just like back when she could not get people's cashouts out fast enough or when she took a vacation then got sick an people complained

as for answering all the questions does the Commander in Chief answer an say what we wanna hear or say just enough to make ya get mad

simple thing is change password to 123456 or just delete account

Cindy

we all wont agree on the same things

 

[vinylweatherman]

Removal from Accredited is justified (MY view, not neccessarily Bryan's). There should NEVER be a requirement to email EVERYTHING needed to log in to an account.

Louise says that only 4 agents have access to these closure requests, but this is wrong. The request is sent to the GENERAL CS, and although it is forwarded to these 4 agents, it can be READ by whoever happens to be working in CS at the time, and THIS is where the risk lies. It takes ONE of these to be a rogue employee for the damage to be done.

Despite the tight security at online casinos, there are examples of breach after breach, some of them VERY serious indeed, such as the recent theft of the ENTIRE player database of Ladbrokes. It seems almost ROUTINE that email addresses and player names are passed on to spammers from casino databases, and the evidence comes in the form of SPAM received by players on email addresses that ONLY the offending casinos have.

The bonus ban on Neteller or Moneybookers deposits has NEVER been explained, other than the "non-reply" that it was a decision made by marketing. Now, they have players closing accounts because of this "insult" directed at them simply because they deposit via these methods, and the group are making it SO AWKWARD for these players to close their accounts, because first they have to ignore every piece of advice they have ever head about protecting their online security, and send their username and password over the internet to a general employee of the company.

Once players are conditioned to believe that it is "normal" to send passwords over email, they will have LESS PROTECTION from the scammers who try the same tactic. The ONLY way to ensure protection is to drum into players that never MEANS never, whatever the circumstances, and credibility of the company involved. They will treat ALL requests to send in passwords as a scam, and this will ensure a good level of protection.

Whilst changing password, and then sending it, is a work around, IT IS NOT GOOD ENOUGH. There will be players who WILL simply fall for the trick and send their current password. IF their email account has been hacked, this can be retrieved from their "sent items" folder, and the hacker could try this password elsewhere where they have only the username, and see how many other accounts they can get into.

There are many other pieces of information that are equally unique in terms of identifying a player, and a pair of these would also serve the same purpose.

Now, does this stated procedure violate the standards for a casino to be accredited? This is ultimately for Bryan to decide, and I will be seeing him again on Friday, and will try to remember to mention this recently exposed Rushmore group policy to see if he has a problem with it.

 

[skiny]

I've been reading through all the posts and I think pretty much every point has been made here but one keeps cropping up that bugs me.

Changing your password to 123456 and closing your account via email is absolutely no different than emailing your original password unless you use the same password for all your casino accounts.

You're still sending off the current password to your casino account via email and hoping it is received by someone honest and hoping your account is closed before the data is intercepted.

Passwords are used for log on purposes only and nobody under any circumstances should ever be asking for it.

I'm wondering what happens if I try to log in and forget my password. How do I verify my identity without it? How do I create a new password? Do I create an entirely new account or just never play there again? If a password can be retrieved once it's lost the same method can be used to identify a player who wishes to close an account.

Don't give your current password and don't create a new one and send that. Neither option is acceptable. You'd be better off abusing a bonus and getting kicked out.

 

[AudiManinBoro]

Totally agree with that. New password or old password. Its all the same. NEVER divulge a password. To anyone!

 

[PenDragyn21]

I've been reading through all the posts and I think pretty much every point has been made here but one keeps cropping up that bugs me.

Changing your password to 123456 and closing your account via email is absolutely no different than emailing your original password unless you use the same password for all your casino accounts.

You're still sending off the current password to your casino account via email and hoping it is received by someone honest and hoping your account is closed before the data is intercepted.

Passwords are used for log on purposes only and nobody under any circumstances should ever be asking for it.

I'm wondering what happens if I try to log in and forget my password. How do I verify my identity without it? How do I create a new password? Do I create an entirely new account or just never play there again? If a password can be retrieved once it's lost the same method can be used to identify a player who wishes to close an account.

Don't give your current password and don't create a new one and send that. Neither option is acceptable. You'd be better off abusing a bonus and getting kicked out.

Actually, the original suggestion wasn't just to change the password. The full suggestion was remove any sensitive info accessible via logging in and then change the password. Then it wouldn't matter who got access to the password.

And just too make everyone more paranoid. Passwords only are an extremely poor security measure nowadays any. Much theft of sensitive information occurs without it.

 

[uungy]

Actually, the original suggestion wasn't just to change the password. The full suggestion was remove any sensitive info accessible via logging in and then change the password. Then it wouldn't matter who got access to the password.

And just too make everyone more paranoid. Passwords only are an extremely poor security measure nowadays any. Much theft of sensitive information occurs without it.

A password is not a "weak" mesure, its prettyy strong. It seems to work for nealr all online institution. True there are new technologies now around, but that doesnt take away from password security.

Secondly, its not being paranoid. Even if its a small safety feature, its there for personal saftey, and its not something ayone wants ti divulge.

Why cant casinos be a little more respectful to what players want. Isn't that something a company that profits on entertainment ought to be like, and not give a fight for silly little issues, which could easily be sorted out without effecting any security problems, and cut out the silly reasons "thats what our bosses want" and "thats a policy".

 

[AudiManinBoro]

There was an old adage in days gone by that most companies stuck by. `The customer is always right` These days firms and casinos in particular dont give two rats about the customer being`right`. They do what they want to do when they want to do it, knowing full well that the majority of their customers will accept it and carry on continuing to play there. Well not THIS customer and I hope many others follow the same example. Its about time we stood up for our rights. It is US that keep these casinos in business and it IS us that should have the respect accorded to us. This policy of rushmore is WRONG and they need to be forced to see that!

 

[PenDragyn21]

Why cant casinos be a little more respectful to what players want. Isn't that something a company that profits on entertainment ought to be like, and not give a fight for silly little issues, which could easily be sorted out without effecting any security problems, and cut out the silly reasons "thats what our bosses want" and "thats a policy".

Companies are always counting beans: how much does the a practice benefit us vs how much it costs them. If this policy has worked for them and most people aren't complaining, what incentive do they have to change it? "Because it's policy" is a reason, it's why the policy was created in the first place (i.e. what do we do in this situation). And a perfectly good counter argument, "It's a bad/flawed policy, change it." If the OP doesn't want to do any of the suggestions given, then the only option is to wait it out until the casino changes the policy.

PD

PS: I said passwords ONLY. I believe most places overly rely on passwords alone which gives us all a false sense of security because a lot of passwords are chosen to be easy to remember rather than strong.

 

[uungy]

Companies are always counting beans: how much does the a practice benefit us vs how much it costs them. If this policy has worked for them and most people aren't complaining, what incentive do they have to change it? "Because it's policy" is a reason, it's why the policy was created in the first place (i.e. what do we do in this situation). And a perfectly good counter argument, "It's a bad/flawed policy, change it." If the OP doesn't want to do any of the suggestions given, then the only option is to wait it out until the casino changes the policy.

PD

PS: I said passwords ONLY. I believe most places overly rely on passwords alone which gives us all a false sense of security because a lot of passwords are chosen to be easy to remember rather than strong.

Oh well, shame you didnt read the whole thread, as you would have pobserved that this point has been through already, and covered (its their own terms)

Also, the casino can do as they wish, no-one is holding them at ransom, but this is about if its correct for a casino to request this type of personal information via email, not if its their policy or not. You seemed to have missed the whole point of this thread