Linked by Thom Holwerda on Tue 26th Apr 2011 22:06 UTC
Games After days and days of the Playstation Network being offline, Sony has announced it has taken the service down indefinitely. The cause is a lot more severe than previously thought: PSN has been systematically attacked, and personal information of all users has been stolen, possibly including credit card data. Sony is asking PSN users to keep close tabs on their credit card account statements. This has turned from a rather amusing slap on the wrist for Sony into a massive and truly epic security fail that could have tremendous consequences for millions and millions of people the world over.
Thread beginning with comment 471088
To read all comments associated with this story, please click here.
Credit card security
by bouhko on Tue 26th Apr 2011 23:20 UTC
bouhko
Member since:
2010-06-24

I still do not understand how a mean of payment as unsecure as a credit card can be so widespread. Maybe it's time the banks figure out a mean to pay that requires something more than just what is written on the damn card.

For example in my bank, to access e-banking, I have to have : a login, a password AND a card reader.
After I have entered my login and password, the e-banking website display a number. I have to put my bank card in the card reader, type in the number given by the website and then the PIN associated with my card. The card reader will then display another number that I have to enter.

So unless somebody manages to steal my login, my password, my card and my PIN, I'm safe.

Really, if my bank can do it for e-banking, Visa and Mastercard should be able to do it.

Reply Score: 4

RE: Credit card security
by xiaokj on Wed 27th Apr 2011 00:32 in reply to "Credit card security"
xiaokj Member since:
2005-06-30

Think about your own statement for a moment and you can discover the real answer:

Debit cards are Credit cards without the credit part; you just use whatever you need and pay instantly.

Credit cards are required to get a credit rating, gets discounts everywhere...

Seems like there is a huge amount of effort put into keeping the dead horse alive.

Think about it for a moment, and think whether keeping things safe is part of the bank's job.

Reply Parent Score: 2

RE: Credit card security
by smitty on Wed 27th Apr 2011 00:52 in reply to "Credit card security"
smitty Member since:
2005-10-13

I still do not understand how a mean of payment as unsecure as a credit card can be so widespread. Maybe it's time the banks figure out a mean to pay that requires something more than just what is written on the damn card.

For example in my bank, to access e-banking, I have to have : a login, a password AND a card reader.
After I have entered my login and password, the e-banking website display a number. I have to put my bank card in the card reader, type in the number given by the website and then the PIN associated with my card. The card reader will then display another number that I have to enter.

So unless somebody manages to steal my login, my password, my card and my PIN, I'm safe.

Really, if my bank can do it for e-banking, Visa and Mastercard should be able to do it.

There's always going to be a tradeoff between security and convenience. For example, with your system you could no longer just hand a credit card to the waiter after eating in a restaurant - you'd have to get up, go to the cashier, wait in line, type in your password, etc. And just imagine how many people would forget their passwords and be unable to pay. New technology might allow them to come around to your table with a mobile card reader, but that would take a while to become widespread.

Reply Parent Score: 5

RE[2]: Credit card security
by Radio on Wed 27th Apr 2011 07:28 in reply to "RE: Credit card security"
Radio Member since:
2009-06-20

There's always going to be a tradeoff between security and convenience. For example, with your system you could no longer just hand a credit card to the waiter after eating in a restaurant - you'd have to get up, go to the cashier, wait in line, type in your password, etc. And just imagine how many people would forget their passwords and be unable to pay. New technology might allow them to come around to your table with a mobile card reader, but that would take a while to become widespread.

Hello there; this is exactly how credit/debit cards work in France, the country were the smart card was invented. We even have mobile terminals everywhere that the waiter brings to you to read your card and enter your code. And nobody forgets his code, as we type it all the time. That or we are just naturally smart.

I'm always unsettled overseas when my card has just its magnetic band swiped and I just have to sign, and nobody really check the signature -which is easy to counterfeit, as it is already drawn on the back of the card. This is &*$#! dumb.

Reply Parent Score: 4

RE[2]: Credit card security
by lucas_maximus on Wed 27th Apr 2011 10:44 in reply to "RE: Credit card security"
lucas_maximus Member since:
2009-08-18

That is what we do in the UK ...

However the machine is wireless so the waiter can take the chip and pin machine over to me.

Reply Parent Score: 2

RE[2]: Credit card security
by aaronb on Wed 27th Apr 2011 17:22 in reply to "RE: Credit card security"
aaronb Member since:
2005-07-06

"Chip and pin" is the marketing name for this in the UK. Where the waiter would come over with a card reader and passes it to you to insert card, enter pin and process payment. The vast majority of people have become use to this.

Internet purchases are getting a little more secured. There is "Verified By Visa" and "MasterCard SecureCode" where you set up a password that is used when making payments online. However not all shops implement this (for example amazon).

Both systems have their faults but in this case its not the issue.

Sony failed to secure their system.

The primary account number (PAN) should be encrypted or hashed to prevent it from being leaked if it must be stored.

Reply Parent Score: 2