I have just received an email notifying me of expired credit card information and asking me to update them. That was all correct and I did as requested, but I had a small issue with the email: it was send via some other website (pm.mtasv.net), held no specifics about the issue ("had trouble processing your most recent payment for Roll20" instead of stating the transaction in question) and the contained link took me to an interface that I had never seen before on the regular roll20 account management pages, which containd some "chumbuster" url and was asking for all of my credit card information. I got really suspicious and went to update the info via the account settings here because of all that. I think you could do your users a favor (and make life harder for actual phishing attempts) by just directing the user to their account page and using only roll20 links instead of whatever proxies your are using now (which I am sure you do for legitimate reasons, but it is hard for the layman to make sure that it is actually you we are giving our credit card info to). I'd love to hear your thoughts on this.
