SMS ≠ Authenticator...

  • While I appreciate both an MVP response and a Blue response to my post, and I'm confused about why exactly it got locked (preventing me from posting this reply in that thread), I kinda wanted to clarify something that the MVP seemed to get but the Blue did not...

    Edit: This is in response to this blue post:

    My biggest gripe is that there's plenty of ways to get an authenticator, such as the physical kind (which is what I have) or the free app for a smart phone. But if you want to cash out from RMAH to Paypal, you have to use SMS Protect, which means you have to have a certain (expensive) type of cell phone carrier. There is no alternative option like there is with Authenticators. And there never has been. Which is why I made the original post.

    I also don't mean to circumvent a locked thread but I honestly have no idea why that thread was locked. o.o
  • Hi Thortok, I apologize if the lock threw you off guard. I just wanted to make sure that you didn't think I was leaving you hanging if I didn't respond immediately. I also apologize if I didn't totally catch the gist of your original post there. To speak to the issue again here, the issue is that it's by specific design that certain kinds of phones will not work with the SMS protect. As I understand it, this may in part be due to the idea that with a phone that has a regular subscription this may be a more thorough way to ensure security than say if a pre-paid phone was able to be used. It's a question that has been put to us multiple times, however for now the functionality remains as it is.

    I may not be able to go into more specific detail or offer much more insight where that is concerned, but I'll keep my eyes on the thread in case you respond.

  • A) If it's okay with Blizz that I do this and assume the risk myself, since I know stuff like account-sharing even with members of your own household is against the rules and stuff like that. I don't wanna do this and have some audit detect that the SMS holder's name and my name are different and ban my account or something. If it plain out isn't allowed I'll drop the idea right now.

    And B) After the initial setup, how often does it require confirmation through SMS when you post something for sale on the RMAH to cash out to Paypal? Every single time you post something? (If so that would annoy the heck out of my friend to forward all those texts.) Just the occasional time, like once every couple of weeks? Only when there's a problem or investigation necessary? If it's going to be too much of an imposition for her, I wasn't going to ask her anyway, but a text every now and then should be fine. (Could maybe even set them up to be automatically forwarded or something.)

    And finally C) If I go to post something, need a confirmation code, and wait for my friend to forward the text, would the time delay matter? (Especially if like she's asleep or her phone's off it could maybe even take hours.) I know an authenticator for instance the code is only good for roughly three minutes or less, isn't it? I could always wait to post stuff until I know she's ready to forward a text, though, but knowing ahead of time would be beneficial.

    A) 'Not allowed' may be a strong way of putting it - 'Not advised' is probably more in the range of where I'd go with it. To offer some other perspective here, as we go along with our phone system - we might specifically pull info from the call to aid us in verifying who the caller is. If we see that a phone is registered to a different name than that which is on the account, that might hinder the verification process rather than help.

    B) We specifically keep these details a little cryptic as the answer may not be a static one. You may find that the code is not prompted for each and every transaction, however you may also see that at other times it is. What affects this, I am not at liberty to say.

    C) I cannot speak to this in specific detail, other than to say that if the code was not entered relatively soon around the time that you were prompted, the transaction may not be authorized.

    I know that this has been a ongoing request for the prepaid phone users who like yourself wish to participate in the RMAH. As ever, our policies and procedure are subject to change and this too may be something that is updated in the future.