Online gaming consoles and Internet-connected TVs might seem like mere entertainment systems, but in fact -- as the recent data breaches of the Sony PlayStation Network and Qriocity services have demonstrated -- these popular devices can expose consumers to financial crimes, including credit card fraud and identity theft.
Most people think, "it's a great toy, a wonderful toy," says Jay Foley, executive director of the Identity Theft Resource Center in San Diego. "But in fact, it's a computer, and if it's a computer, it can be hacked."
As many as 77 million registered accounts worldwide may have been compromised by what Sony Corp. described as "an illegal and unauthorized intrusion" into the PlayStation Network and Qriocity service between April 17-19, 2011. The PlayStation Network allows people to play electronic games with others online. Qriocity allows users to stream movies and music through certain Sony HDTVs, Internet TVs, Blu-Ray disc players, home theater systems and a network media player.
Sony systems hacked
According to a Sony website, an unauthorized person obtained names, the city, state and ZIP code portions of addresses, email addresses, birth dates, passwords, login information and online IDs. Individual purchase histories, the city, state and ZIP code portions of billing addresses, and password security answers also may have been taken. While there was "no evidence" that credit card numbers and expiration dates had been stolen, the company couldn't rule out that possibility.
Sony has advised its customers to do the following:
- Be aware of email, telephone or postal solicitations asking for personal information.
- Log on to the services, once they've been restored, and change all passwords.
- Change identical usernames and passwords used elsewhere.
- Review account statements and credit reports.
"Sony will not contact you in any way, including by email, asking for your credit card number, Social Security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking," the company stated.
The credit card data were encrypted, according to Sony.
That should prove an adequate security measure, if the company utilized proper controls to manage the keys, according to Avivah Litan, a security analyst at Gartner Group, an information technology research and consulting company in Stamford, Conn. A "key" is a long sequence of computer bits used to mathematically disguise data in electronic form.
In any case, you do have some fraud protection through your card company and federal law.
MasterCard, Visa, Discover and American Express have "zero-liability" policies that protect customers from fraudulent-use losses. Such policies have restrictions, so consumers should be familiar with what their company offers, take responsibility to safeguard their card and notify the company immediately if the card is lost or stolen or upon discovery of any unauthorized charges.
Federal law also offers some protection against losses from unauthorized transactions. Thanks to the Fair Credit Billing Act, consumers are liable for only $50 once they report that a credit card has been lost or stolen. That limit drops to zero if the loss or theft is reported before any fraudulent charges are made.