Sony Bastards - Teh Forum

Sony Bastards

From: Mouse 1 May 2011 10:40

To: ALL71 of 157

Oh dear

quote: Database Containing 2.2 Million PSN Credit Cards Up For Sale?

Report from PSX-Scene suggest that the unknown hackers even offered to sell the details back to Sony themselves with little luck before offering them up on underground credit card trading forums.

The really disturbing part of this is the news that these details actually include the CCV security code that until now was believed to be safe. With that code married to the card owner’s name as well as the rest of the card details then the card could be used without a hiccup

I would definitely be cancelling cards if I was on the Play Station Network.

0/0

From: ANT_THOMAS 1 May 2011 10:56

To: Mouse 72 of 157

38415.72 In reply to 38415.71

If that's true then Sony need to officially notify everyone and stop lying!

0/0

From: koswix 1 May 2011 12:08

To: Ixion 73 of 157

38415.73 In reply to 38415.70

Yeah, I got that message when I logged in yesterday.

0/0

From: Peter (BOUGHTONP) 1 May 2011 13:26

To: Mouse 74 of 157

38415.74 In reply to 38415.71

quote:

these details actually include the CCV security code that until now was believed to be safe

What do they mean "believed to be safe"!?

Storing the CV2 code is simply not allowed - not even encrypted.

:/

0/0

From: Mouse 1 May 2011 13:35

To: Peter (BOUGHTONP) 75 of 157

38415.75 In reply to 38415.74

Yuh? They are utter wallies then.

0/0

From: Peter (BOUGHTONP) 1 May 2011 13:46

To: Mouse 76 of 157

38415.76 In reply to 38415.75

Utter wallies who wont have a leg to stand on in court.

quote: http://en.wikipedia.org/wiki/Card_Verification_Value#Security_benefits

Merchants who require the CVV2 for "card not present" transactions are forbidden by Visa from storing the CVV2 once the individual transaction is authorized and completed. This way, if a database of transactions is compromised, the CVV2 is not included, and the stolen card numbers are less useful. The Payment Card Industry Data Security Standard (PCI DSS) also prohibits the storage of CSC (and other sensitive authorisation data) post transaction authorisation. This applies globally to anyone who stores, processes or transmits card holder data.

Supplying the CSC code in a transaction is intended to verify that the customer has the card in their possession. Knowledge of the code proves that the customer has seen the card, or has seen a record made by somebody who saw the card.

EDITED: 1 May 2011 13:52 by BOUGHTONP

0/0

From: Ken (SHIELDSIT) 1 May 2011 18:26

To: koswix 77 of 157

38415.77 In reply to 38415.76

This was posted on Reddit. Seems Sony had a conference about the issue? This is a good run down of what they discussed.

Link

0/0

From: Matt 1 May 2011 19:31

To: Ken (SHIELDSIT) 78 of 157

38415.78 In reply to 38415.77

That's good news. I think most PSN users can probably unclench their buttocks now.

0/0

From: Ken (SHIELDSIT) 1 May 2011 20:43

To: Matt 79 of 157

38415.79 In reply to 38415.78

Yeah very good news. No one wants that shit to happen to anyone. It's getting to the point where you can't even play games now without worrying!

0/0

From: Mouse 1 May 2011 21:11

To: ALL80 of 157

As far as I know, if anyone actually did get their card details used fraudulently because of Sony or any other reason they would (eventually) get that money back. The company that actually was on the receiving end of the fraudulent transaction however has no come back, they're the ones that would get fucked over.

0/0

From: Ken (SHIELDSIT) 1 May 2011 21:21

To: Mouse 81 of 157

38415.81 In reply to 38415.80

I have no idea if it's the same here as there, but if you use a Credit Card online the CC company usually works with you and returns your money. If, however, you use a Debit Card your bank doesn't have to do that and sometimes you are SOL. So, here at least, you should always use a CC when paying for stuff online.

0/0

From: Mouse 1 May 2011 22:46

To: Ken (SHIELDSIT) 82 of 157

38415.82 In reply to 38415.81

What is SOL?

0/0

From: Ken (SHIELDSIT) 1 May 2011 23:17

To: Mouse 83 of 157

38415.83 In reply to 38415.82

Shit Out of Luck.

0/0

From: Mouse 1 May 2011 23:28

To: Ken (SHIELDSIT) 84 of 157

38415.84 In reply to 38415.83

I hate abbreviation.

I think it is similar here but even in debit cards you can tell your bank you didn't make that transaction and get what they call a Chargeback initiated. Unless it's Chip 'n's Pin.

0/0

From: Ken (SHIELDSIT) 1 May 2011 23:32

To: Mouse 85 of 157

38415.85 In reply to 38415.84

Sorry. Sol is standard around here!

A bank usually does that here but they don't have to.

0/0

From: Matt 1 May 2011 23:57

To: Ken (SHIELDSIT) 86 of 157

38415.86 In reply to 38415.81

Over here Visa have a "Visa Debit Chargeback" scheme that banks have to offer their Visa debit card customers. If they don't they can't use the Visa services. It offers similar protection to credit card fraud, with a few exceptions, but it's basically the same.

I know Mastercard also offer a similar scheme for their debit cards but I don't know what they call it or what it offers.

Would be worth checking if such schemes are available in the US too.

0/0

From: Manthorp 2 May 2011 07:36

To: Mouse 87 of 157

38415.87 In reply to 38415.84

YHA?

0/0

From: Mouse 2 May 2011 08:02

To: Manthorp 88 of 157

38415.88 In reply to 38415.87

Y :@

0/0

From: af (CAER) 2 May 2011 13:26

To: Mouse 89 of 157

38415.89 In reply to 38415.88

Y?

0/0

From: Mouse 2 May 2011 15:38

To: af (CAER) 90 of 157

38415.90 In reply to 38415.89

:@

0/0