Thank you so much everyone! We've really enjoyed answering your questions and chatting with you all. Until next time...!

Hi everyone,

This week over at /r/RuneScape & /r/2007scape we're running a number of initiatives to increase account security awareness. We thought this was a great opportunity to answer your questions about account security & online safety as we know it can be a hot topic within the community.

Customer Service at Jagex covers a huge range of areas so today we'll be focusing primarily on:

  • Account security features
  • Account recovery & anti-hijacking
  • Rules of RuneScape
  • Offences & appeals
  • Customer experience

For clarity we are:

Mod Stevew - Old School Customer Service Manager

Mod Infinity - RuneScape Customer Service Manager

We'll be here for around 2 hours and look forward to answering your questions. If you're not a RuneScape player please feel free to get involved if you have any Q's around CS in general - we'll do our best to answer. :)

Proof here!

More about RuneScape

More about Old School

Comments: 349 • Responses: 34  • Date: 

SirLeek19 karma

1: Would it be possible to have email or text alerts whenever somebody triggers the authenticator on an unfamiliar device?

2: Could the authenticator also be required to sign into the main site?

3: If somebody is attempting to recover an account, are any notifications or emails sent to the associated email address while the process is ongoing? I ask because I worry about somebody attempting to gain access to my relatively inactive account, and I'm not sure if I'll know about it until it's too late.

JagexInfinity9 karma

1 - it might be! It's something we've included in our security plan - whether it's e-mail alerts or some other sort of notification.

2 - this is a popular request and we're exploring ways to make sure accounts aren't just protected in game but are on the website too

3 - we don't currently send any e-mails about account recovery attempts to a secondary e-mail address, although the recovery process is currently being reviewed as part of our wider plan

Thanks for the questions :)

[deleted]15 karma

[deleted]

JagexInfinity7 karma

Hey,

We currently service around 20,000 account recovery appeals a month and 10,000 customer e-mails or tickets.

To allow for a speedy account recovery system we implement an 'auto review' system. Essentially, if an appeal is submitted with virtually zero information which matches, the system will automatically reject the appeal & then request more information.

We then have a dedicated outreach team who manually investigate accounts which are constantly automatically denied (like your account has been). I can see you only began submitting appeals to the account less than 24 hours ago, so your account is still in the queue to be manually reviewed, however I've got some good news - I've taken a look myself & I've registered the e-mail onto the account.

You should now get an e-mail with next steps! :-)

We definitely don't want to make coming back into game difficult, and we have safeguards in place to manually review cases such as yours. I will use your account & recent appeals however to see if there's an opportunity to improve the auto review system.

[deleted]5 karma

[deleted]

JagexInfinity5 karma

The account isn't banned but you can set a new name via the website or in game :)

Promethieus7 karma

You removed JAG which is an extremely helpful feature for people to know when/if someone is trying to access their account. Why the heck remove that?

JagexInfinity5 karma

JAG was launched in 2012 and new players haven't been able to set it up for quite some time. When we released the Authenticator we always planned to sunset & retire the JAG system. The cost of maintaining the system was quite high - we received over 100 customers contact a week regarding issues with JAG!

We are currently in the process of working alongside the RS & OS product managers to design a suite of new account security features & systems, which will likely feature some of the 'good bits' of JAG. The expectation is these updates & new features would then go onto be developed and eventually released for all players to use.

The ideas we've generated are based off of our own security expertise & experiences as well as the survey results we got back from the community last year.

Orson_Callan_Krennic5 karma

Will RS ever allow for case sensitive passwords?

JagexInfinity7 karma

It is something we are all discussing here at Jagex at the moment. While the number of accounts which are hijacked due to people guessing passwords is extremely low, we still want to increase password complexity.

SparxRs4 karma

Another question. Not sure how related it is to your section. I have made multiple Raf accounts over the years for bxpw and, since going members once removes trade limits, I like to put gp on them and mass buy some items I collect. Some people view this as manipulating the market. While I do sometimes see an influence I have in the price for the items, I find it negligible in the long-run. Thoughts?

edit: one of the alts actually made front page once with a nice response from mod infinity himself :P (Not sure if you remember that Infinity, but I ended up doing some dung floors with him too and sorting him with some bonds for more members. Haven't seen him on in a while D: ) https://www.reddit.com/r/runescape/comments/5dij8s/reddit_please_help_me_find_my_friend/

JagexInfinity5 karma

Thoughts are it's fine generally - if it did become an issue, we'd reach out to discuss it further before taking any action (unless rule breaking was happening).

BasicFail4 karma

Why does it take so long before action is taken?

Just take a look at this gif, this was last Saturday in World 326 at the GE. Massive amounts (150-200+) of bots stuck in a loop while trying to mule away their botted goods. They were stuck because someone found their mules (Bowllikerixa, inkenfs & Katchungnueh and kept the trade window open, so the bots couldn't trade and over a course of a couple of hours that amount of bots gathered until they finally looked at their bots and terminated it (only to restart shortly after).

This was tweeted to several Jagex Moderators including @JagexSupport and @JagexWeath.

Today I login, go to the GE in w326 and I still see those 3 mules and several bots trading them every so often and they are currently still there.

I'm sorry if this isn't the time or place, but I felt it needed the attention.

JagexInfinity2 karma

We spend a lot of time gathering information about bots and can't always act as quickly as some players might like. Rest assured that we will get to them and remove them from game. Please keep reporting them to us!

zenyl3 karma

Just a general question: what are the most satisfying parts of your job, and what are the most frustrating parts of your job?

Keep up the good work! :)

JagexInfinity2 karma

Hmmm! Most satisfying are probably working with the CS specialists to make sure we're delivering positive, memorable experiences to our players. Leading a team is really rewarding - definitely one of the most satisfying parts.

Frustrations come when I see loyal players lose their accounts due to account phishers & hijackers. We all need to work smarter to combat hijacking and phishing, and need to treat our virtual accounts more seriously (from a security point of view).

CharminUltraClutch3 karma

What are your thoughts on scammers? Do you feel it needs to be cracked down on harder? Or do you feel it's just hunter and prey, be smart enough to not get scammed.

JagexInfinity4 karma

We've got a lot of priorities within the department in regards to rule breaking. Our primary focus is making sure the game is safe and players are protected from harm.

We do commit resource to the more game specific rule breaking (such as scamming) and over the recent months have taken a harsher stance towards scammers - indeed players who are prolific in scamming now face a permanent ban.

Not_dr_phil3 karma

Hello Jmods, thanks for doing an AMA. I have a couple of questions

1) How often does the support team deal with legitimate cases where a player was unfairly banned? Whats the process to confirm the ban was actually a false positive?

2) Has there ever been a particularly interesting situation where a vengeful banned gold farmer/botter tried to get revenge against jagex?

edit: rephrased question 2

JagexInfinity3 karma

Hey!

  1. It's a very very small amount - I can't actually think of the last case which involved a false positive. We deal with a fair number of hijacked bans (so when the owner didn't commit the offence). The process is quite detailed - but involves a number of checks and reviews from various CS JMods before a decision is made.

Whenever it happens it's taken very seriously and Mod Beno (who heads up our ICU team and looks after 3rd party support) always gets involved.

Bigdiq2 karma

Can I get my childhood account back if I can't remember my isp details? ;-;

JagexInfinity3 karma

Goomba1132 karma

Backstory is relevant to question: My original RS account was banned when I was playing OSRS when it first came out. It was spring break and I had logged a TON of hours into the game as I was hunting and attempting to get to 99 for the first time ever. After a few days of hardcore chin hunting, my account was perma-banned for botting - probably due to the exponential increase of red chin botting at the time I was getting to 99.

Is there any chance of my account being actually reviewed and the ban quashed?

I tried the "beta" ban appeal/review system, but it's kind of odd that I cannot have any input as a player. I know I didn't bot. Therefore: A) the ban is incorrect OR B) Someone accessed my account during that time and it should be reviewed as a hijacking - correct?

Edit: The RSN was Goomba113 at the time I believe.

JagexInfinity4 karma

I can see the account has already gone through the appeal process. Mod Beno (who heads up anti-cheating) has also personally reviewed the account and the ban will remain. Sorry it isn't better news!

Quikdrawjoe2 karma

Will Runescape ever use Google Authenticator or other 2FA for increased security?

JagexInfinity2 karma

We have the RS authenticator which helps protect RuneScape accounts. We are looking at other types of authentication and security features however as part of our 2017 account security review.

MaxedPainRS2 karma

How is this even possible?
Last friday one of our clanmembers got hacked.
The hacker got into his email and shut down authenticator with that, he then got onto the rs account and started flaming us and treatening to set up a bot on it etc..
We were all kinda skeptical about it at first, like surely he must've clicked a phishing link?
Then suddenly he got into an admin's alt account, immediately said "thanks for the alt man" in cc..
We were just BAFFELED, it was a username login account still and there's no way in hell he could've found out the login name..
Is there any way someone managed to bypass account security or did our members really got phished one way or another?

JagexInfinity2 karma

There's no way to bypass the account security - they would have been phished or something else such as account share.

Harb072 karma

Back in 2007/8 there was a minor RS craze in my school, during which I created an account. I only used it for a short while (perhaps a month) though had to stop using it due to my computer at the time being a bit of a potato. Anyway, I came back in 2011 and unable to remember the recovery details for said account I just created a new one which I use today. This thread has reminded me of said account and I realize it would be nearly a 10 year vet at this point (and I probably want an alt at this point, if only to go through the game knowing what I know now). The account's name was "Eoghan99" (That I'm relatively certain of due to it being my regular username at that age, though there may have been a space between the number and the letter). I did just try to appeal it but either a) I simply couldn't remember what recovery information I used or b) I'm incorrect in my memory of what account it was. Could you double check?

JagexInfinity2 karma

Hey,

I've been able to lend a helping hand - you should have an e-mail and be able to get back into RuneScape! :)

Honeydew_rs2 karma

Why was my account instantly banned after I recovered it after coming back from a tour in the army back in January?

Rsn: Fleekstar

The ips are clearly different from when it was being used by someone else so I don't understand why my appeal was denied when it was clearly hacked and malicious things were done on it

JagexInfinity2 karma

I've checked - your account was banned as it was heavily contested (being sold, shared, bought) - the ban won't be removed.

Wildest122 karma

I noticed that an extremely large number of users are using 3rd party clients. (last time I checked, there were ~52k users online and ~31k were using the same 3rd party client.

Has there been any consideration by jagex to endorse or support one of these clients? I understand most dev resources are allocated to other updates, however 60% of the online players using a 3rd party unsupported client represents a massive security risk. it appears aswell people are willing to pay as the there are many people paying for 3rd party client features.

I understand that most of the questions in this AMA are about account security, however IMO most of the issues stem to users keeping their information safe, but hopefuly my question is relevant as it does tie into customer experience.

secondary questions: have you considered applying a "Players tribunal" approach to minor offenses (such as offensive language, scamming, etc). League of legends currently uses this approach where the community decides on punishment (I would assume it also reduces workload on moderators).

finally, how does player moderator selection take place? Do people apply for it? do they just get a random invitation based on how they have been observed?

Thanks

JagexInfinity1 karma

If we identify any third party software (client or not) which puts our players accounts at risk, then we would look to take action.

We have looked at some sort of player offence/tribunal system, although there aren't any plans to implement anything like that in the immediate future. We use abuse reports and PMods to help us tackle and combat in game rule breaking.

We invite players to become PMods - there isn't a way you can apply or express interest at the moment.

InstructorOne2 karma

I was a very loyal costumer, even a member for a long time and I got banned. How can I redeem my account ? 5 years has passed

JagexInfinity1 karma

If the ban is permanent then it won't be removed, regardless of how many years have passed.

Taladen2 karma

I've seen people claim that Jagex sells back old banned accounts to people, is there any truth in this?

Also is there any chance of getting an account unbanned after having waited any number of years (permanent bans)?

If no to second question can I ask why Jagex does not look at individual cases on unbans?

JagexInfinity2 karma

A long time ago we ran a banned account reinstatement service. This allowed players to pay a fee to have their account unbanned and placed in a final chance (only in special circumstances - most accounts weren't eligible).

This system didn't work at all and resulted in lots of re-offenders so we shut it down.

Permanent bans are permanent - so we have no plans to manually reassess the millions of banned accounts.

korygen2 karma

I have been playing RS for a very long time now 10+ years i hav been trying to talk to someone about this for a while and no way to submit a ticket because the automation keeps just auto rejecting it last year on nov 21st my power went out for a few hours thanks to a storm and that evening when the power came back i had a new ip and little to my knowledge the ip was perma muted (cant say here but i well gladly private msg you it if you want) this is no longer my ip as it took me about 2 months to change it but finally i managed to get it changed with my isp. While i had this ip i tested several new accounts which all got perma muted instantly on log in to tutorial island. you can not even talk yet but they were muted. about 4 test toons i made got muted instantly and main (Slayer Holo) and my hardcore iron man (Fe Holo) so i stopped playing for a few months and decided to come back to play with friends i would like to know why i was honestly muted because i have never advertised a single website in the game or on the forums. I was not allowed to even look at the proof on my main my hardcore or the toons i made to test my theory. I would greatly appreciate if someone could give me a email were i can actually contact a person about this or tell me why i was muted? Yes before you link me to the customer support page on mutes and bans it has nothing useful for me or to do with me.

JagexInfinity3 karma

I've taken a look and can see the accounts were banned / muted as they were clearly associated with another account which was involved in serious rule breaking.

There are no plans to unban or unmute any of the accounts involved.

0tna1 karma

will Expired offences ever be removed from the account? and do expired offences have an impact on the account?

JagexInfinity1 karma

Expired offences have no impact on an account. There's no plans to remove them completely, as they are a historical thing which did happen.

Jtyler19951 karma

I had an account hacked and apparently botted on while deployed. Is there a way to sort this out?

wicsor1 karma

How could I do to file an application my first account was banned on December 9, 2016 was my first account and would like to recover it as you could help me ??

JagexInfinity1 karma

Please visit this page to have any macro permanent bans caused by a hijacker reviewed: https://support.runescape.com/hc/en-gb/articles/115002238729-Account-Bans

[deleted]1 karma

[deleted]

JagexInfinity1 karma

We only lock accounts if they're deemed to be 'at risk' - so a suspicious log in from an unusual country for example.

If you do need to unlock your account, provided you can give us some good information (account creation, passwords) and you send the appeal in from a computer you normally play on, you'll be fine. :)

demonmit11 karma

I know and have seen MANY many people complain and outright hate the fact that Jagex offers people the ability to "earn" keys and runecoins through 3rd party completing surveys, signing up for things, and buying things.

What, if any, time has Jagex spent actually going through with these offers they provide their players with to earn in game items, and make sure these links that Jagex is promoting are not malicious or fraudulent?

JagexInfinity3 karma

We work with our offer wall providers to make sure you get the best service possible - this includes making sure there are no malicious offers. The truth is, if no one was using the services, we wouldn't continue to host them. A lot of players do engage and are satisfied with the rewards they get.

Of course, if it's not your thing, then there's no need to use them. We do also have support on hand if things need a review on our end. :)

Nivarka1 karma

What proportion of ban appeals are from people who in someway or another falsely (to the best of your knowledge) attempt to claim that they are not responsible for the offence on their account, ie. hijacked and banned for macroing, where in reality it was just the account holder. Judging by forum posts and Twitter comments, it seems that tonnes of these are submitted each day. Do they waste a lot of support time, or do you have systems in place to quickly deal with and reject these false claims?

JagexInfinity1 karma

The majority of appeals we process are denied as the account wasn't hijacked at the time. It's really easy for us to detect that kind of stuff and the system is designed in a way to make it as simple as possible for us to send out the relevant messages.

70snostalgia1 karma

Was implementing the Evolution of Combat to Runescape a combination of every Mod's support? Did Mod's leave when the Evolution of Combat was released?

JagexInfinity2 karma

Whilst I didn't work here when the decision was made, I know that (like all big updates) the team gather feedback and thoughts from lots of different staff members.

I'm not aware of anyone leaving over it. I think we can all now see that it was necessary to allow the game to develop further, although we of course recognise it isn't to everyone's taste (hence Old School & legacy mode).

[deleted]1 karma

[deleted]

JagexInfinity3 karma

This won't be a problem, provided that's all it does and you're not mass logging into loads of accounts all at the same time using this system.

Mrcjlc931 karma

How do you think Runescapes security compares with that of other MMORPGS? Do you feel more could be done, or are you happy with the status quo? Thanks

JagexInfinity1 karma

So I'm satisfied that if players take advantage of our account security advice and features then their accounts won't be hijacked. However, I do believe more can be done, which is why we're working on an account security plan alongside the RS & OS product owners.

gurret1 karma

Are steam controllers against RS policy? I really like using the controller to play, but wanted to clear the air about it being against the rules.

JagexInfinity3 karma

We recognise some players choose to use different peripherals to play RuneScape. Using a controller alone isn't against the rules, provided it doesn't give an unfair advantage.

wizardboy981 karma

How does the ban system work ? some people get 48 hour warning ban for botting and some people get permanent bans, how come?

JagexInfinity1 karma

We don't divulge information pertaining to ban lengths but the vast majority of players receive permanent bans for botting. A very small number receive temporary bans due to exceptional circumstances.

We don't consider player status, wealth, length of service etc when determining if an account should be temp or perm banned.

Matt18111 karma

I have several accounts from around 10 years ago that I cannot remember the usernames for. I've tried entering my email addresses into the box from 'forgotten username', but never get a response?

JagexInfinity1 karma

It means the e-mail you submitted isn't associated to any RuneScape accounts. You'll need to keep trying any other e-mails you can remember.

Segogrates1 karma

What would be the best way for me to try to recover an account if the account was from over 12-13 years ago?

I don't believe I ever set up an email on it and I really don't remember the passwords I used.

The account isn't even anything special it was just my original main that I stopped playing on and all I remember is my username. The rsn was "hen975" don't ask me why, I was young and dumb.

PS: thank you for everything you guys do for the community! We really do appreciate it :)

JagexInfinity1 karma

Simply fill out this form here: https://secure.runescape.com/m=accountappeal/passwordrecovery and you'll be back in game in no time.

Thanks for the kind words!

dafunkiedood1 karma

How do we contact you?

JagexInfinity1 karma

You'll find most of the answers you need on our support centre: https://support.runescape.com/hc/en-gb

If you need further help, you can hit the 'contact us' button at the bottom of the relevant pages. :)