Linked by Thom Holwerda on Mon 2nd May 2011 22:27 UTC
Privacy, Security, Encryption "Nikkei.com on Monday reported that an online Sony gaming network has once again fallen victim to a cyberattack. This time, the attack may have exposed the credit card numbers of thousands of Sony customers from around the world. According to the report, over 12,700 customer credit card numbers were stolen during a breach of Sony’s online gaming network, Sony Online Entertainment. According to Nikkei.com, Sony discovered the possible attack on Sunday."
Thread beginning with comment 471609
To view parent comment, click here.
To read all comments associated with this story, please click here.
Thom_Holwerda
Member since:
2005-06-29

In The Netherlands, your PIN number is a personal code. Not even your bank knows this number. In order to do ANY transaction , you need your bank card (swipe it) and then enter your PIN. The card alone is useless, the account number alone is useless, the PIN number alone is useless. You CANNOT perform ANY transaction without entering your PIN number. The system doesn't allow it. It's not optional.

For online transactions, Dutch banks have set up a system called iDEAL:

http://en.wikipedia.org/wiki/IDEAL

Reply Parent Score: 2

smitty Member since:
2005-10-13

In The Netherlands, your PIN number is a personal code. Not even your bank knows this number. In order to do ANY transaction , you need your bank card (swipe it) and then enter your PIN. The card alone is useless, the account number alone is useless, the PIN number alone is useless. You CANNOT perform ANY transaction without entering your PIN number. The system doesn't allow it. It's not optional.

So in other words, they've solved the security problem by completely locking these cards out of any online transactions. I guess that's one way to solve the problem.

For clarification, that's not the way it's done in the US. The debit cards are able to piggyback on the credit card processing systems so that any place which accepts a Visa card can also accept debit. You still have to enter the PIN# for authorization and it still goes straight to your bank, though, so it is still "debit".

For online transactions, Dutch banks have set up a system called iDEAL:

http://en.wikipedia.org/wiki/IDEAL

Which is something entirely different and not what was being discussed.

Edited 2011-05-03 07:17 UTC

Reply Parent Score: 2

Cody Evans Member since:
2009-08-14

Really? My debit card has never asked for a pin for any online transactions, not even when I purchased my netbook for over $300! My debit card from my bank operates just like a credit card. Maybe the difference is that it is also called a Check card and is linked to a checking account...

Reply Parent Score: 2

bouhko Member since:
2010-06-24

"In The Netherlands, your PIN number is a personal code. Not even your bank knows this number. In order to do ANY transaction , you need your bank card (swipe it) and then enter your PIN. The card alone is useless, the account number alone is useless, the PIN number alone is useless. You CANNOT perform ANY transaction without entering your PIN number. The system doesn't allow it. It's not optional.

So in other words, they've solved the security problem by completely locking these cards out of any online transactions. I guess that's one way to solve the problem.
"
Actually not. In Switzerland, you have to use a card reader delivered by the bank for online transaction.
The E-commerce website redirects you to your bank.
Then you put your debit card in the card reader, put a number given by the bank website, put your pin and the card reader then calculate a new number that you enter back on the bank website and that's it. It works. It's secure because it's basically the same idea as public key cryptography.

Yeah really, it is possible to build a system that is secure for online purchasing. Unfortunately, with this system, the likes of Sony and Skype cannot retain your credit card and charge it automatically because you forgot that you entered it once on their website.

Reply Parent Score: 1

mistersoft Member since:
2011-01-05

obviously, as others have now said, VISA (& MC) operate debit card facilities too. which in britain and ireland at least must operate in nigh on the same way as in the Netherlands - with 'chip and PIN' having almost fully taken over from signatures - although signatures are still allowed as a fallback - at least on some terminals they still are.

We (in UK/Ire) still don't have any nice (safe) system like your iDEAL system yet for online transactions however.

Some online commercial sites utilise Verified by Visa and MasterCard SecureCard as a welcome extra security step for sure, but they're still a minority as are domestic banks that utilise either transaction codecards or an electronic terminal equivalent that they send customers (I know AIB are one).

Most UK customers using most UK/other online retailers still have to (just)hand over the long card number, name on card and expiry date - that's it, no further checks!

I fully endorse what you've said before though, I also very much hope that these creditcard number thefts from Sony might expedite a long needed worldwide overhaul of online transactions. Especially Credit/Debit card. I'd love to see some more competitors to PayPal arise too!

Reply Parent Score: 1