Xbox Live: The "Roach Motel" of Personal Information

Published 03 January 07 09:04 PM | Erik 

Now I know I'm a bit behind the curve, but I finally got around to purchasing an Xbox Live Gold membership so I could see how bad I really am at Gears of War.  For a brief moment, I felt like Private Pyle from "Full Metal Jacket" cleaning my rifle - "Everything is clean...smooth." Registration was a snap; just enter my credit card number, verification code, name, and current address - and in no time I'm online getting fragged to death and spending more time as a spectator than I'm actually fighting.

Well, once I got tired of watching everyone else have fun, I decided to revisit my account settings so I could remove my credit card information (as I commonly do with any online account that stores my personal information).  Much to my surprise, there's no "Delete" ability from the console menu. I can add all the credit cards I want or update any existing information, but I can't delete ANYTHING.  Thinking that it's just getting late and I'm missing something obvious, I decided to let it go for the night and look into it the next morning.

Since being an information security professional is accompanied by a healthy amount of paranoia, the first thing I did the next morning is start Googling terms such as "delete|remove Credit Card Xbox Live" to see if anyone else has encountered this problem.  Much to my dismay, it is indeed impossible to remove.  Yes, I used the word "impossible." Some people "think" they have the solution - but none of them are successful.  This is truly a case of "You can put your personal information in, but it won't come out." Getting a bit more concerned, I decided to take my chances and call support.

Here's a short list of responses I received from calling 1.800.4MY.XBOX:

  • Yes, canceling your subscription will remove your billing information from your account.
  • Well, the only way to remove your billing information from your Xbox console is to completely wipe out your HDD drive and start a-new.
  • Sir, I don't understand what you're concerned about.  Only you can see your personal information.
  • Ok, I've entered a bogus name and address - so your billing information is now useless and you're all set.
  • I'm sorry sir, you'll have to call Microsoft for that.

Minus the second response (which is just asinine and, in theory, would probably work - but it's just a bit "bull in a china shop-ish"), all proved false, incorrect, inaccurate or just plain wrong.  As for the last one, well...you got me there.  I'm still trying to figure that one out.  But customer support isn't the problem - they're just doing their job and getting frustrated with them gets you nowhere - there seems to be something much more sinister at work here.

Next thing I decided to do was closely re-read the privacy statement, conveniently located right on the Xbox 360 console.  Sure enough, it explicitly states I have the ability to "update" or "add" items for billing - but conveniently leaves out the "delete" ability. I even found a KB article that eerily ignores "removing" your personal information.   Not only am I at a dead end with customer support, now I'm suspicious and have only one burning question - Why?  What benefit do I, the consumer, get by not being able to delete my personal information and why all the barriers and misinformation?  Unfortunately, I don't know - but rest assured I'm looking into it.

If you've read this far, I'm sure you're probably wondering what I did to relieve my all consuming paranoia. Unfortunately, there's not much you can do, short of canceling your current credit card, that will be effective.

Although I was once fired up about joining the Xbox Live community and the prepaid membership cards will indeed satisfy my privacy issue, I still have a bad taste in my mouth from this experience and will have to let this issue rest before I attempt another subscription request.

Apparently, it's more important for me to ensure that I'm absolutely, positively certain that I want to close Microsoft Word document without saving changes than it is to alert the user that their personal information just checked in to the Xbox Live Roach Motel and can't check out.

Filed under:

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# Stealth Monkey said on January 20, 2007 12:36 AM:
I totally agree with you. While signing up just to get the latest console update I became concerned by the amount of info they wanted. Especially the way they ask for a little at a time so it's like the La Brea tar pits and you don't know how stuck you are until it's too late. On one page they want your telephone number. On a later page they want your full name. And later they want your CC info. Annoying...
# mosthated said on January 22, 2007 4:16 PM:
Any reason the MS article is no longer found?
# Brian G. said on January 23, 2007 10:12 PM:
I've had the same experience.... I added my credit card to my son's Xbox 360 so that he could purchase a one-time game download and then afterwards was unable to remove it! He was given a 12 month Live renewal card for Christmas but before it was entered they charged another 12 months of Live on my card. I just had another look at my credit card online and found two more charges this month from Xbox Live which I assume are for downloads that my son requested but this has to stop! Very frustrating. BG
# Keir said on January 25, 2007 5:37 PM:
Thank you, I just ran in to the same problem and received about the same responses from Microsoft. I was actually told that if I was concerned, I should just cancel my credit card. I did file a complaint with the better business bureau and the FTC as well as my bank, but I get the feeling they aren't going to do anything.
# William said on February 2, 2007 11:16 AM:
I also recently picked up a 360 and thought I'd jump online via xbox live, but stopped when they wanted all the personal information so I would have time to see what they need it for. I found it more than annoying that to use my iPod with the 360, I have to get on xbox live to get a patch (seemingly for no other reason than to let them tally who has an iPod) The 360 does seem like a bit of a digital trojan horse.
# Baron Von Hessler said on February 27, 2007 8:12 PM:
And that, kiddies, is why you keep a throwaway credit card which only has a small balance. I call these 'proxy cards'. You can use your real credit card to 'fill up' your proxy card with X amount of dollars. If I want to sign up for 6 months of XBOX online, I put enough money on the card and sign up. I rarely have much money on my proxy card, but it works great for signing up for services which require a credit card (Blockbuster, XBOX online, etc.). I would never use a non-proxy credit card online...that's just crazy.
# Rich Black said on March 12, 2007 9:45 PM:
Did you ever get your information removed? I can't believe that there is not a way to remove this information. I have an XBOX that I have an XBOX Live account with. Now I have a XBOX 360 and am getting rid of my XBOX. So now I have to leave my Information on this XBOX for the next person to use? or I have to cancel my credit card get another and set up that info on the 360. There should be a law against something like this.
# Peter Jorden said on June 29, 2007 3:23 AM:
I too experienced this problem. Despite all of its rebranding, it's still Microsoft and they will still screw you any way they can.
# Histrionic said on July 19, 2007 8:30 AM:
This may be a good place to use the one-time-use credit card numbers that card issuers often provide. I'm pretty much at the point of doing that for every transaction that doesn't require the physical card, now. Ostensibly, at least for the card I've used, that one-time card number can only be used with a single vendor. Additional uses beyond that vendor should be flagged and fail.
# Ghost said on December 7, 2007 1:06 PM:
You're best off using a prepaid subscription card and bogus contact info. Just write the bogus info down somewhere so you can refer to it if asked to confirm information you provided. Why you would give them a credit card in the first place when you don't have to?

Leave a Comment

(required) 
(optional)
(required) 

About Erik

Erik is Sr. Director of Products for the Application Security Center.