Linked by Thom Holwerda on Mon 2nd May 2011 22:27 UTC
Privacy, Security, Encryption " on Monday reported that an online Sony gaming network has once again fallen victim to a cyberattack. This time, the attack may have exposed the credit card numbers of thousands of Sony customers from around the world. According to the report, over 12,700 customer credit card numbers were stolen during a breach of Sony’s online gaming network, Sony Online Entertainment. According to, Sony discovered the possible attack on Sunday."
Permalink for comment 471620
To read all comments associated with this story, please click here.
Out of band authentication
by Alfman on Tue 3rd May 2011 08:40 UTC
Member since:

Authenticating purchases using static credit card is so stupid, it is unbelievable that we still do it that way.

I agree with kvarbanov that multi-factor/out of band authentication should be used, unfortunately most banks don't seem to genuinely care that credit card numbers by themselves are inherently insecure.

Anyways, posters here seem to be getting confused about pins being a requirement of using debit cards. My bank advertises that I can use my debit card anywhere visa is accepted, even shops only setup to accept "credit cards". This is because Visa handles both ends of the transaction, be it credit or debit.

In certain grocery stores, the CC machine asks for a pin after I swipe my *credit* card to pay. Another older credit card never asks for a pin.

This leads me to believe that credit/debit and pin/signatures are in fact two independent variables.

I don't know if there are any real technical differences between the transaction types at all, or if the differences are merely a matter of policy?

"Debit cards that have a VISA or MasterCard logo on them can be processed without entering a PIN code. These types of transactions are referred to as 'off-line' debit transactions. In this type of sale the merchant accepts a debit card the same way in which they would accept a normal credit card. The card is swiped through the terminal and the consumer signs the receipt. As far as the merchant is concerned there is no difference in the way a credit card or an off-line debit card is processed."

Edited 2011-05-03 08:45 UTC

Reply Score: 1