Nintendo has today issued a warning to account holders regarding the dangers of credit card fraud, noting that the number of user inquiries relating to the matter has been increasing.
The message comes from Nintendo's customer support team and highlights the fact that people have been accessing others' Nintendo Accounts and illegally using their credit card information. To combat this and add extra security to your account, Nintendo recommends that you set up 2-Step Verification to help prevent any unauthorised logins.
A step-by-step guide on how to set up 2-step verification can be found on Nintendo's official site (US / Europe / Japan), which we've copied for you below. Once 2-step verification is enabled, you will need to log in using both your password and a code sent to your smart device via the Google Authenticator app.
Complete these steps
- Go to the Nintendo Account website and sign in to your Nintendo Account.
- Select Sign-in and security settings, then scroll down to 2-Step Verification and click Edit.
- Click 2-Step Verification settings.
- Click Send email to have a verification code sent to the email address on file.
- If the email address is incorrect, click the Email address menu setting under User Info to change it.
- Enter the verification code from the email, then Submit.
- Install the Google Authenticator app on your smart device.
- This is a free app, available through Google Play (Android) and the App Store (iOS).
- Use the smart device app to scan the QR code displayed on your Nintendo Account screen.
- A 6-digit verification code will appear on your smart device. Enter the verification code into the field under step 3 on the Nintendo Account screen, then Submit.
- A list of backup codes will appear. Click Copy to copy all the codes, then paste them somewhere safe.
- A backup code will be required to log in if you don’t have access to the Google Authenticator app. MAKE SURE TO KEEP THESE SOMEWHERE SAFE.
- You can use these (one time each) if you do not have access to the Google Authenticator app.
- Click I have saved the backup codes, then OK.
- Once set, you can return to the 2-step verification settings section to review the backup codes and remove the 2-step restriction.
[source twitter.com, via japanesenintendo.com]
Honestly it was easier just to delete the information. That's what I did and called it a day.
I have no problem entering it in every time if I need to and not saving the info.
"Install the Google Authenticator app on your smart device. "
The reason I don't use 2FA with my Nintendo account (but then again I do not store my CC info)
I use 2FA in a lot of places but not Nintendo, just because they require the Google method and other ones seem not to work properly neither.
I never store my credit card info on the eShops.
I had some difficulty trying to purchase something yesterday though - I couldn't complete a transaction because the debit card kept getting rejected. I put the details in carefully, and repeatedly, but still no luck.
I then got a different error when I tried to add the same item to my basket, after the previous error related to the bank card.
I ended up temporarily linking my PayPal account and purchasing it through that, but I never experienced these difficulties.
I wonder if my bank had pre-emptively blacklisted the Nintendo eShops due to these reports of fraud.
@edhe I wish eshop supported iDeal, that's the most common way how we are able to pay online with debit cards over here (Steam, Microsoft and Sony do support it to name few)
PayPal is not really a solution for me, often it rejected the payment on my eshop account and I don't want to be part of those banned eshop account horror stories, and thus I use a CC (while again I would prefer to use my debit card)
I'm using an e-wallet account that's linked to a MC (functions much identical to a Debit Card). I only fund that account when I have something to buy online.
ive used 2FA once with nintedo. from my experience, i didnt find it useful. i had to ring nintendo australia support number to get them to remove the 2FA & i was so greatful that they remove the 2FA off my account for me as i had changed mobile numbers from the one that was linked to the one connected to 2FA. i was extremely lucky, nintendo australia support centre did this for me but after reading the about debit cards/credit cards being used for fraud, i have no issues entering my card manually for purchases
It would be a problem to me if I had a job.
Which I don't. My credit card rarely, if ever, reaches three digits.
After the whole PS Network debacle, I stopped storing that information for video game consoles.
Nintendo never had the option on the Wii U and 3DS as I recall, nor did the Wii. I won’t install another a 2FA app on my phone, especially since Google is a backup to my iCloud and Microsoft accounts. Apple and Microsoft have great infrastructures in place to protect my data.
Nintendo should use Microsoft’s Authenticator or text message numbers like Sony.
I use Paypal. Nice little barrier there.
I done all the steps above but I just deleted my credit card from nintendo eshop. So simple.
Two days ago I got an email from Nintendo saying that someone in Egypt tried to log onto my account.
I had to change my password.
Luckily, I didn't have my card linked to my account.
My paypal account was hacked about a week ago. Luckily they flagged a transaction of £400 (from Halfords, of all places) and prevented it happening. But still. Now I have updated all of my passwords, and changed my card. A royal pain the ass it all was too. 7 hours trying to call paypal, my bank, Halfords (who never answered).
The lesson? Individual, non-obvious passwords for every single account, changed every 6 months or so.
Everyone should use 2 factor whether or not they store their credit card on the account.
Speaking of this, I used to use Paypal for the Switch, but my bank would always charge extra claiming I was purchasing internationally. I switched banks and that took care of that.
@progx Wii U & 3DS had that option but now they don't accept bank cards in EU.
Most time it's usually the kids taking the folks cards. Happens more than you think.
I never leave my Credit Card info on my Nintendo account.
I use special cards that are either one time use or can only be used with the seller I choose. Then I put holds on them when I'm not using them so even if someone did steal them, they aren't going to be used.
Haven't had issues since I've been using a Privacy app to do all of this.
Yeah I had someone steal my PS account and use it to buy stuff beforehand during the first night of the lockdown in my country. Was pretty hard to get it all sorted with everything functioning on reduced staff.
Google and secure.
Let’s get facebook on the phone and have a party.
@Spoony_Tech What he said.
This is why I don't store any credit card information on my Nintendo account. I rely on prepaid eShop cards. It's safe and helps me stay on budget.
I set mine up a few months ago.
I wish their two step verification didn't require Google. Like just text me a code.
@edhe Were you trying to buy something direct from Nintendo? I had a similar problem a while back and even called it in the next day and even doing that didn't work. They suggested I use a credit card instead but I dont like using them unless it's an emergency.
I was buying something off the switch eShop. So you could say it was direct.
Was a victim of card fraud just last week, cancelled my card. Don't know how they got the details. I'll not save them on the eshop now. Good to know.
@aznable it would be only that's not safe either. There's been a recent spate of hacking paypal accounts through Nintendo accounts to buy V bucks for Fornite. I've now unlinked my paypal account.
@Spoony_Tech completely agree. I refuse to download a app just for this stuff myself. I delete my info and when I go to buy something it actually makes it harder for me to spend because I'm like "man I gotta get my wallet and out my info in, eghhh I'll do it later" then I forget lol.
@Miketeevee76 PayPal has a two step text verification so if you have that setup it works great. The problem is Nintendo doesn't use that, it automatically charged your account without having you do the two step through PayPal for some reason. I seen that and deleted my info right away.
This is precisely why I don't save my credit card in any service. Is annoying, but I enter the number every single time, I dont even load account with balance.
Best solution (as others have mentioned) --> don't leave your credit card info on anybody else's server.
Eh my credit card makes me confirm everything bought on Nintendo anyway.
Kids getting into parents wallets while stuck at home.
It auto signs out every time I go to the shop menu. Weird.
@Bearzilla823 still safer to use 2 factor. If someone uses a man in the middle attack or are hacked into Nintendo's servers as your transaction is happening, they can get your info and use it on their own Switch. With 2 factor they won't be able to log into your account and make purchases at all.
@Lone_Beagle Your card # is still sitting in a record on Nintendo's server. They have too keep a record of the transaction. The only thing helpful with deleting it on your end is, if your account gets fished, people can't make purchases from your account. But if Nintendo's server gets hacked, they most certainly can get your credit card number.
@edhe I had the same issue yesterday while trying to add funds through the Nintendo website (Europe). Card that previously worked fine was rejected, while another card that previously didn’t work took me to the Verified by VISA password entry, then Nintendo website told me authentication had failed, even though I am 100% sure I entered the correct data everywhere. This is particularly annoying now as I can’t easily go to my bank, contacting them is a “please hold” hassle, and there’s a sale!
@Spoony_Tech @Bearzilla823 @edhe @progx @aznable @thelightspirit @Dirty0814 @jamesthemagi
Just in the interest of helping everyone out, and hopefully this gets shared rather than sharing misinformation....
Reducing all possible attack vectors is the best solution. There will never be anything perfectly secure.
Two factor authentication should be implemented by everyone.
Chosing the option to not store your payment info on your Switch, does not save you if Nintendo's server is hacked. You could have bought something on the eShop 30 days ago, and you payment info is still sitting on Nintendo's server waiting for a hacker to scoop up. Chosing not to save the info only makes it so someone who has your Nintendo account log in, can't reuse that info of they log into your account. Merchants are required to keep a record of your payment details. That is why we have incidents like the Target retail store hack, where people who have never used their credit card online, and only made in store purchases, had their card numbers stolen from Targets servers.
If you have 2fa enabled you can at least help prevent man in the middle attacks. This will help prevent someone stealing your card number while you are making a purchase live.
PayPal will not help keep you secure either. If the hacker has your Ninteno login, they can use your account to purchase things through PayPal. This has been happening a lot lately, where people are buying Fortnite Vbucks with hacked accounts.
@Stocksy I think you are confusing privacy concerns with security concerns.
Facebook has a terrible record when it comes to privacy and security.
Google has a terrible record when it comes to privacy. When it comes to security, they have one of the best records out there. They are leading the industry in security technology. When it comes to security breaches against Google, they have the most spotless record you will find .
Is two-factor authenication even an option on the eShop? I use the google authenticator to log into my my.nintendo account, but I've never been prompted to on the shop.
@Tim_Vreeland What you are saying makes no argument for what I said. If hackers are getting my info from Nintendo's side then two factor doesn't matter later on as they have my card number at that point and got it from Nintendo and can use it anywhere not just on Nintendo. So indeed erasing my info does protect just as much as two factor as a hacker hacking into my account will still not have the ability to buy anything because they will not have my account number from my side. So in the end they would have to hack Nintendos side which I have no control over and two factor does nothing to protect me from that outside of Nintendo sales. Two factor is a company protection not a consumer protection in the end. If you want real two factor link a PayPal account as the transaction is made from you to PayPal and PayPal to the business meaning Nintendo will not have my account info at that point and it protects me on my side as well.
@edhe your better off using two factor through PayPal and linking your PayPal account to Nintendo. At that point Nintendo doesn't get your complete account info.
@Tim_Vreeland I do understand that and thanks. I just want to eliminate one more Avenue to help protect myself.
I've always used the eShop cards, I think the hacking of the Playstation Network years ago put me off. Have had fraud on a credit card before but thankfully the bank detected and prevented it, seems cyber criminals can get your details from anywhere if they want to.
Just to repeat what I said earlier. I don't store my details on my switch (or WiiU or 3DS for that matter), and I generally didn''t like to link Paypal to the Switch shop because it made the process of buying too quick and easy (I was worried it might be an avenue for fraud), but I'm open to reconsidering if it is truly more secure.
@Dirty0814 You must not have read all of what I said. 2fa doesn't protect you from a server breach where records are stolen. That part was included for people who said they removed their payment details, so their card number can't be stolen like it was on PlayStation.
Anyway I explained why 2fa can help you. Man in the middle attacks and live attacks. With a man in the middle attack, a hacker is located virtually between you and Nintendo. They may have hacked your isp or other path on the way to Nintendo. They are not hacking Nintendo's server, they are watching live as you send data. Now you log in to Nintendo's server with your account details. They now see your login information and credit card info at the same time. They go on their personal Switch and use that card info and login info, and buy $100 worth of Vbucks.
With 2fa, you no longer have a direct line to Nintendo which the hacker can exploit. You need a line to Nintendo with your Nintendo password, and you need a line to Google to verify your Google authentication.
So in other words the hacker is using a man in the middle attack to listen in on you. He grabs your Nintendo password and credit card, but then finds out he can't make a purchase because he can't authenticate with Google.
I'm aware it is stored in their servers
However, it is stored in transactions history and not in your individual account.
Hackers can steal all account information and not have access to those transactions so it does make a difference.
As you stated though, more security is always welcome
I rather sacrifice some convenience for that tiny little bit of added protection
Mine goes through PayPal, as that's more secure. I use a unique PW for that.
I always live in fear that I'll find someone hacked my account and used it to buy every Just Dance game ever made.
I use my paypal and have 2 step verification as a countermeasure.
I learned my lesson from the 2011 PSN debacle (funny how a lot of people seem to have forgotten about that).
@Jayofmaya Accounts that are using PayPal are being hit heavily. There is an operation in India that has a list of hacked Nintendo accounts, and is using their PayPal login through the eShop to buy Vbucks on Fortnite.
I always use paypal but it's worrying how they can apparently use that. Looks like I'll enable the two step, usually the best way to handle this kind of situation. I always add money through the digital code cards I get off Amazon when it comes to Sony games (did that since they got hacked), maybe I'll start doing that with Nintendo.
@Tim_Vreeland Well I just changed my password so hopefully that's ok.
@aljoriz if it does work with it nowdays I will gladly try it, I already use the Microsoft one.
I prefer wallet fund. Only add the amount of how much and when I need it. I do that on PS, Googleplay, Steam too.
(edit) Even their NSO I bought the card from store and "check off" auto-renewal. If I want to renew, I'll get the card to key the code again.
Ok, I want to add some info here so everyone knows whats going on. I recieved an email stating someone logged into my account.
So I changed my Password to something different. The next day I recieved another email stating someone logged into my account again.
This time i changed my email address and password for login and deleted my other email address. About 5 hours later, I get another email stating someone access my account again.
At this point I have pretty much realized that whatever is going on its physically impossible that they know my new email address as its only being used for nintendo as i just created it and the only way to sign it is with that email address in the settings. So here is my conclusion.
Someone hacked into Nintendos' Server or its an inside job at Nintendo. I believe Nintendo needs to come clean and state that their server has been compromised and that they need to shutdown the server until they can close the door on this unauthorised access.
@djdatatec I'm having the exact same problem. I changed my password every time it happened, last time I changed it to a super long and complicated one and still got a "login from a new location" mail a few hours after that. These logins came from the USA, Israel and Russia and started on the 9th of this month (last one was yesterday).
It's obvious something's happening at nintendo, and I really hate the fact they don't acknowledge it and warn users.
i havent checked my new theory yet but i acrually thinking they are not actually logging into the account using our updated passwords but i velieve they are logging in using the old nintendo id thats link to the account from the 3ds and wii era. in the settings you can link other accounts for sign in such as nintendo id or facebook. i noticed my nintendo id was activated there and the login info for that is using an old username and password still.
Tap here to load 56 comments
Leave A Comment
Hold on there, you need to login to post a comment...