Posted April 29, 2011 (edited) The thing that gets me is "they tried selling it to Sony". Why would they even do that - what possible use would it be to Sony as Sony still have the database? I did say it was a rumour. This is more reassuring. "All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken." "Spokesmen for Wells Fargo & Co., American Express Co. and MasterCard Inc. said they were monitoring cardholder accounts and hadn’t seen unauthorized activity relating to Sony. " Edited April 29, 2011 by Cookyman Share this post Link to post Share on other sites
Posted April 29, 2011 (edited) Hope this isn't true! From Shacknews.com I had heard this rumour going around...think Eurogamer reported that some financial expert was saying this was the case but Eurogamer did back themselves up by saying the experts opinions were unsubstantiated.... EDIT: Here I fished out the Eurogamer quote; A security expert this morning claimed that "low-level cyber criminals" are currently shopping around lists containing the credit card details of 2.2 million PSN members. The claim is at this stage unsubstantiated, and conflicts with Sony's reassurance that credit card security codes were not held by PSN. ERRRR....Sony lying about not having security info on their network? This week, Sony communications chief Patrick Seybold tried to put fears to rest with another PlayStation Network/Qriocity FAQ. He attempted to dissuade users from feeling that their credit card information is at risk by stating that hackers couldn't possibly have all the information. Why not? Sony never asked for it, apparently. "Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained," he stated, "because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system." Good news, right? Well ... perhaps not. We looked into the veracity of that claim and found evidence -- on PlayStation.com, no less -- that Sony did request your credit card security code when you signed up to PlayStation Network. There's even a screenshot of the billing page, viewable above, that shows it. Sony seems adamant that your security card information isn't at risk, so it's quite possible that, even if asked for, it was never stored, as per VISA's rules. Even so, why tell us it was never asked for when it looks like it was? We've contacted Sony for comment as we try and find out how this discrepancy occurred. For obvious reasons we cannot see what the PlayStation Network billing page currently looks like on our PS3s, but it's a strange situation nonetheless. Hopefully Sony has a good explanation for what looks like a disconcerting contradiction. So what gives this is kinda wierd that they would specfically come out and say this info was never asked for when it was? Edited April 29, 2011 by flameboy Share this post Link to post Share on other sites
Posted April 29, 2011 Its taken for purchases but not stored. It asks you once in a while to confirm a purchase even if you have saved your card from my experience. Seems to be used to verify the account for purchases within a period of time. There isn't much coverage today probably because of the wedding and other stuff going on. But what is there is silly drivel. You have large media organisations getting pranked by gamers. Pachter's password is apparently 'iamwrong' lol. We could get together and make some stuff up and pose as sources too? :wink: Share this post Link to post Share on other sites
Posted April 29, 2011 Its taken for purchases but not stored. It asks you once in a while to confirm a purchase even if you have saved your card from my experience. Seems to be used to verify the account for purchases within a period of time. From what I can gather, nobody stores the security code - that's the entire point of them. Anyway, I don't really see how this is any worse than ordering anything over the phone. Share this post Link to post Share on other sites
Posted April 29, 2011 Its taken for purchases but not stored. It asks you once in a while to confirm a purchase even if you have saved your card from my experience. Seems to be used to verify the account for purchases within a period of time. There isn't much coverage today probably because of the wedding and other stuff going on. But what is there is silly drivel. You have large media organisations getting pranked by gamers. Pachter's password is apparently 'iamwrong' lol. We could get together and make some stuff up and pose as sources too? :wink: yeah no one is allowed is store the code...I've never once had it ask me to confirm a purchase or my details and I've had a PS3 for like 4 years or summit... Anyway the security thing has been cleared up; Sony has gotten back to us, noting that an error was made in the blog post and confirming that Sony does ask PSN users for a security code. However, it was noted that the numbers are not stored on Sony's servers so there's no risk. The PS Blog post has now been corrected and the erroneous information crossed out. The more worrying thing is still sony's poor communication and misinformation leaking out... Share this post Link to post Share on other sites
Posted April 30, 2011 Well since we all know we usually just click to buy things off the store without having to provide additional card details, it's obvious that the security code is not required for the majority of psn purchases. So if the card details we provided were obtained, there's really no reason why this couldn't lead to someone using them. Share this post Link to post Share on other sites
Posted April 30, 2011 Well since we all know we usually just click to buy things off the store without having to provide additional card details, it's obvious that the security code is not required for the majority of psn purchases. So if the card details we provided were obtained, there's really no reason why this couldn't lead to someone using them. To be fair quite a few sites ask for you to add the security code at final stage of checkout. Also there is that other security thing just for your bank as well "Secursomethingorother" Share this post Link to post Share on other sites
Posted April 30, 2011 Checking the CVV isn't mandatory, although you'll be hard pressed to find anyone reputable that doesn't. As this value isn't stored, however, it generally won't be rechecked unless something changes, such as the person with their card on file requests an item be sent to a different address or, say, orders something over a certain amount. The other data is relatively useless without your CVV and pin code: lacking the former online purchases are something of a dead end, without the latter even a cloned card is pretty much a waste of plastic. Share this post Link to post Share on other sites
Posted April 30, 2011 A lot of places don't ask for the bank password thing, and even then, I'm pretty sure I had to create my own password to activate that. PSN definitely doesn't ask for that. It's true most places do ask you for a security code. But I wonder, how secure is a 3 digit code? This is conjecture, but assuming you had 3 chances to enter it right before your account was blocked, 1 in 333 of the several million could potentially be accessed. Share this post Link to post Share on other sites
Posted April 30, 2011 I'm sure there are ways around such security measures, but in some ways it's more about being a nuisance than anything. Frankly fraudsters don't have any reason to expend a great amount of effort on one particular card — unless it's a targeted attack on someone — as there are so many more gullible fish in the sea that'll hand over the missing details upon the receipt of a vaguely official looking e-mail or barely authoritative phone call. Assuming for a moment that someone walked away from the PSN incident with tens of millions of unencrypted account details, they aren't going to sit around entering them one by one. The data would be fed into an automated process that trolls for easy pickings. Share this post Link to post Share on other sites
Posted April 30, 2011 Sony's conference is at 2pm JPN time. What's that in GMT? Share this post Link to post Share on other sites
Posted April 30, 2011 Google is awesome. You just need to type Japan time and it will tell you. http://www.google.co.uk/search?sourceid=chrome&ie=UTF-8&q=japan+time So it'd be 4 in the morning? Share this post Link to post Share on other sites
Posted April 30, 2011 Sony's conference is at 2pm JPN time. What's that in GMT? what conference? about this shit storm or is summit else goin on? Share this post Link to post Share on other sites
Posted April 30, 2011 Google is awesome. You just need to type Japan time and it will tell you. http://www.google.co.uk/search?sourceid=chrome&ie=UTF-8&q=japan+time So it'd be 4 in the morning? I did, but I couldn't tell for sure. It's either 5am or 6am. Hopefully there'll be a stream of it by the time I wake up. Flameboy: This conference Share this post Link to post Share on other sites
Posted April 30, 2011 Rumour has it Sony used the opportunity to install an OnLive like infrastructure for PSN. No need to upgrade the console anymore. I lie. Share this post Link to post Share on other sites
Posted April 30, 2011 Speaking of OnLive, it would be awesome if Sony or Microsoft (or even Nintendo with their next console) had an OnLive-like system for demos. I think a lot more people would try them out if they could jump straight into them. Another thing about demos that really annoys me is E3 - they have all these demos made so they should make them available to all for around a week. Share this post Link to post Share on other sites
Posted April 30, 2011 New features "unlikely" when PSN returns.. Is the latest thing I've read. Anyone else got anything good? Share this post Link to post Share on other sites
Posted April 30, 2011 I heard that they were going to send cheese to every PSN member to say "sorry". Share this post Link to post Share on other sites
Posted April 30, 2011 You see, I heard that as well but negotiations over the decision between Red Leicester and Double Gloucester have made it a slow development. Share this post Link to post Share on other sites
Posted April 30, 2011 The thing that gets me is "they tried selling it to Sony". Why would they even do that - what possible use would it be to Sony as Sony still have the database? I was discussing this with Happenstance today. How would they get their money? Bank accounts can be traced and cash would be stupid. I call either bullshit or a stupid plan. Hope it's real though and they get caught once the money has been "handed over". Share this post Link to post Share on other sites
Posted April 30, 2011 I was discussing this with Happenstance today. How would they get their money? Bank accounts can be traced and cash would be stupid. I call either bullshit or a stupid plan. Hope it's real though and they get caught once the money has been "handed over". Like in the films of course!!! A guy in a suit with a big case meets another guy in a suit who wants the money, lots of people either side with guns and the exchange goes down... Share this post Link to post Share on other sites
Posted April 30, 2011 And then at the end of the film Sony would remember about the "Ctrl+C" and "Ctrl+V" buttons and it would end on a cliffhanger. Share this post Link to post Share on other sites
Posted April 30, 2011 I heard that they were going to send cheese to every PSN member to say "sorry". OMG CHEEEEEEEEEEEEEEESE!!!! That would actually be amazing. Share this post Link to post Share on other sites
Posted April 30, 2011 Rumour has it Sony used the opportunity to install an OnLive like infrastructure for PSN. No need to upgrade the console anymore. I lie. New features "unlikely" when PSN returns.. Is the latest thing I've read. Anyone else got anything good? I can't see why they would be concerntrating resources on bringing anything new to the system now when their focus should be getting it back as it was but more secure... Will have to see the results of the press conference when we wake up in the morning. Share this post Link to post Share on other sites
