Linked by Thom Holwerda on Mon 2nd May 2011 22:27 UTC
Privacy, Security, Encryption "Nikkei.com on Monday reported that an online Sony gaming network has once again fallen victim to a cyberattack. This time, the attack may have exposed the credit card numbers of thousands of Sony customers from around the world. According to the report, over 12,700 customer credit card numbers were stolen during a breach of Sony’s online gaming network, Sony Online Entertainment. According to Nikkei.com, Sony discovered the possible attack on Sunday."
Thread beginning with comment 471606
To view parent comment, click here.
To read all comments associated with this story, please click here.
smitty
Member since:
2005-10-13

Except debit card number is totally useless without the PIN code.

Are you sure they didn't also get the PIN #? Or a bank account # linked to the debit card? Because that was the impression i got.

Reply Parent Score: 2

Thom_Holwerda Member since:
2005-06-29

In The Netherlands, your PIN number is a personal code. Not even your bank knows this number. In order to do ANY transaction , you need your bank card (swipe it) and then enter your PIN. The card alone is useless, the account number alone is useless, the PIN number alone is useless. You CANNOT perform ANY transaction without entering your PIN number. The system doesn't allow it. It's not optional.

For online transactions, Dutch banks have set up a system called iDEAL:

http://en.wikipedia.org/wiki/IDEAL

Reply Parent Score: 2

smitty Member since:
2005-10-13

In The Netherlands, your PIN number is a personal code. Not even your bank knows this number. In order to do ANY transaction , you need your bank card (swipe it) and then enter your PIN. The card alone is useless, the account number alone is useless, the PIN number alone is useless. You CANNOT perform ANY transaction without entering your PIN number. The system doesn't allow it. It's not optional.

So in other words, they've solved the security problem by completely locking these cards out of any online transactions. I guess that's one way to solve the problem.

For clarification, that's not the way it's done in the US. The debit cards are able to piggyback on the credit card processing systems so that any place which accepts a Visa card can also accept debit. You still have to enter the PIN# for authorization and it still goes straight to your bank, though, so it is still "debit".

For online transactions, Dutch banks have set up a system called iDEAL:

http://en.wikipedia.org/wiki/IDEAL

Which is something entirely different and not what was being discussed.

Edited 2011-05-03 07:17 UTC

Reply Parent Score: 2

mistersoft Member since:
2011-01-05

obviously, as others have now said, VISA (& MC) operate debit card facilities too. which in britain and ireland at least must operate in nigh on the same way as in the Netherlands - with 'chip and PIN' having almost fully taken over from signatures - although signatures are still allowed as a fallback - at least on some terminals they still are.

We (in UK/Ire) still don't have any nice (safe) system like your iDEAL system yet for online transactions however.

Some online commercial sites utilise Verified by Visa and MasterCard SecureCard as a welcome extra security step for sure, but they're still a minority as are domestic banks that utilise either transaction codecards or an electronic terminal equivalent that they send customers (I know AIB are one).

Most UK customers using most UK/other online retailers still have to (just)hand over the long card number, name on card and expiry date - that's it, no further checks!

I fully endorse what you've said before though, I also very much hope that these creditcard number thefts from Sony might expedite a long needed worldwide overhaul of online transactions. Especially Credit/Debit card. I'd love to see some more competitors to PayPal arise too!

Reply Parent Score: 1