Decades ago video games were simpler. They cost a quarter to play, had basic graphics and were defined by yellow characters that ate blue dots and fruits, or something similar. And despite what leaders in a few select towns thought, the games were harmless.
Those days are over.
Not only are the games more intricate, with lifelike graphics, but now they’re also opening online players to data breaches. Yes, mom and dad now have more to worry about other than if their sons and daughters are wasting time playing their friends in Black Ops and Call of Duty II and not studying, but instead now have to worry about having their credit card information stolen.
Sony confirmed last Wednesday that 75 million accounts worldwide were compromised due to an “external intrusion” that was noticed on April 19. Sony notified the public of the breach on its PlayStation blog Tuesday. The PlayStation network allows users to play games online, surf the web, download games and content from the PlayStation store and chat with friends.
On the blog, Sony stated that names, addresses, email addresses, birth dates, PlayStation Network/Qriocity password and login, and PSN online identities were stolen. Sony said that if an account holder provided credit card data, it is likely that the number and expiration date were compromised. The most interesting part of this story is whether or not the CVV was stolen. Since this is a direct violation of PCI guidelines, then it appears that Sony was not in PCI compliance. This is PCI 101 and I’m hopeful that CVV data was not hacked.
As far as helping customers whose card data was stolen, there is technology currently available that can help mitigate these situations. MagnePrint card recognition service (which is offered with Merchantware) will help detect fraudulently cloned cards and processors and payment gateway providers should provide alerts to customers if there are odd charging patterns or an excessive number of $1 transaction completed over a short period of time.
Data breaches will never be over and the compromise of Sony’s PSN is a great example of how hackers will continue to try to best the ‘best systems’ out there. Both merchants and processors can continue to be vigilant and work together to provide the most secure data environment for their customers. This is a great example of why adhering to PCI compliance guidelines, although cumbersome and time consuming, can be very beneficial to all. The breach has already been categorized among the top 5 of all time. In addition to affecting its PlayStation 3 users, the breach also affects Sony’s Qriocity, which streams movies on demand to compatible Sony devices such as HDTVs and Blu-ray players for a monthly fee.