Linked by Thom Holwerda on Tue 26th Apr 2011 22:06 UTC
Games After days and days of the Playstation Network being offline, Sony has announced it has taken the service down indefinitely. The cause is a lot more severe than previously thought: PSN has been systematically attacked, and personal information of all users has been stolen, possibly including credit card data. Sony is asking PSN users to keep close tabs on their credit card account statements. This has turned from a rather amusing slap on the wrist for Sony into a massive and truly epic security fail that could have tremendous consequences for millions and millions of people the world over.
Permalink for comment 471185
To read all comments associated with this story, please click here.
RE[7]: Credit card security
by flypig on Wed 27th Apr 2011 13:04 UTC in reply to "RE[6]: Credit card security"
flypig
Member since:
2005-07-13

Unless someone gets AND your PIN AND your card AND you somehow fail to tell your bank... Then yes, then it's insecure.


The problem is, every time you use your card in a shop, this is exactly the details you're handing over (card AND pin AND agreement you're not going to tell your bank). In theory you're handing it over to the bank (since the terminal belongs to them), but in practice there's no real way to know you're not handing it directly to the retailer.

The same is true online. It's crazy that you hand over all of the details needed to make a transaction (and unlimited future transactions) to a non-trusted retailer.

The process ought to be the other way around. When you want to make a purchase you should instruct your bank to transfer the money, rather than instruct the retailer to collect the money. Now that we all have mobile phones (our own trusted terminal) and practically instant communications, there shouldn't be any reason why it doesn't work this way, except bad habits.

[Edited to fix quoting]

Edited 2011-04-27 13:07 UTC

Reply Parent Score: 1