Why are they deleting them? I hear its cause they are fraudulent? I assume that is bought with stolen or fake CCs or something? So person A buys 10-20 with that number, uses that kr to buy w/e, that number gets reported or found its fake/stolen, so its charges are all removed/redacted. THen they go in and delete all the kr wherever it ended up. They could eat it sure, but its a corporation, so lets be honest. They at least reimburse it. How would you stop that? its not a patch to just implement and fix a bug.
Now if there is duped KR, well that is all on them. Or literally krono randomly poofing on its own, then sure.
Solve the issue entirely, remove KR from the game.
I pretty much gueseed it's due to credit card and debit card fraud.
Upon determining theft, banks will automatically charge back the account in question.
My guess, too, is someone is using a credential stuffer (there is no lockout if you bypass the launcher on attempting account logins) and stealing Krono by attaching a stolen credit card to the ac count on record. Older accounts have trust, which means they can get Krono faster. This results in legitimate old accounts getting banned and needing to repay the amount, or they may just opt to reverse the in-game currency. I think, given the nature of the compromises, they would opt to remove the Krono instead of ban the legitimate account that was compromised.
Since the eqmain.dll login actually bypasses any two-factor auth, it would be perfect for a cybercriminal to just blanketly test accounts without penalty.
As for the financial rationale:
For every Krono chargeback, you lose $35 on the chargeback generally, and $18 on the sale of the item. This happens to any game company that operates. Steam will generally eat the loss, but if you take credit card transactions directly, you eat the loss. If you work with Paypal, you eat the loss. I imagine Stripe is similar.
It's enough financial loss that it is worth removing the Krono, and each purchase will have an ID associated with it, thus each Krono will have an ID. They'll also likely flag the credit card up to be unusable.
So if you ended up with a fraudulent Krono, it'd be removed.
They need to automatically parcel the amount instead of having people petition. It will be ripe with fraud for other reasons otherwise. And it feels shitty for everyone.
Realistically, they need to lock down the eqmain.dll file login and disable it as a method. It will suck for boxers launching the game, but I am sure the third party program folks would write programs to use the launcher automatically anyway.
