Skip to main content

What PSN identity theft means for you

Are you liable for fraudulent activity?

Dark blue icons of video game controllers on a light blue background
Image credit: Eurogamer

Sony has admitted that PlayStation Network account holders may have had their credit card details stolen during the recent, widely-publicised security breach that has kept the service offline for the past week.

So, what does that mean for you? Are your life savings at risk?

UK consumer rights group Which? offers some comfort, explaining that it's very unlikely that PlayStation owners will have to pick up any costs in the event that their credit cards are used for fraudulent activity.

"Unless you've been involved in the fraud or have been grossly negligent – for example, writing down your Pin and leaving it with your card – the most you can be liable for fraud on debit and credit cards is £50, and this is normally waived," reads an FAQ on its site.

If you believe your card has been used for fraudulent activity Which? recommends taking the following action:

"Call your card issuer immediately and cancel your cards. Contact credit reference agencies Experian, Callcredit and Equifax to check no fraudulent applications for credit have been made in your name."

Wedbush Morgan analyst and former lawyer Michael Pachter told Eurogamer that the situation will be similar in the US, with Sony likely to be liable for any losses.

"In the US, none of Sony's customers will have to pay for any fraudulent use of credit information, so Sony will work with the financial institutions to cover any losses," he explained.

"Sony will of course be liable to reimburse PlayStation Plus customers for their downtime. I'm sure that they will provide something (free game downloads or something similar) to recompense customers for the inconvenience caused, which is significant."

Pachter went on to speculate that whoever is responsible for the security breach is probably not interested in your credit card details in any case.

"It's really hard to protect against a determined hacker, and Sony's customers should take solace in the thought that an evil hacker would have been wiser to attack a bank instead of a gaming network. That's my attempt to say that this was probably the work of a show-off, rather than of a thief."

Nevertheless, vigilance is advised. Robert Siciliano, CEO of IDTheftSecurity.com, recommended to IGN that PSN users keep a close eye on their accounts.

"You should be monitoring your credit card statements as closely as you monitor the scores of the game, as closely as your monitor your email, as closely as you monitor the weather," he insisted.

"You need to know what's going on at all times regarding your credit card statements, what charges are being made and who is making them."

"If you receive emails that look like they're coming from Sony or PlayStation or whoever - emails that you might be accustomed to already receiving from brands you already trust - be suspect," he added. "Never click on links in the body of the email."

Sony's official advice echoes Siciliano's.

"For your security, we encourage you to be especially aware of email, telephone, postal mail or other scams that ask for personal or sensitive information," reads its security breach FAQ.

"Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.

"Additionally, if you use the same user name or password for your PlayStation Network or Qriocity service account for other unrelated services or accounts, we strongly recommend that you change them.

"When the PlayStation Network and Qriocity services are back on line, we also strongly recommend that you log on to change your password.

"To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit reports."

Sony also pointed out that it's only your credit card number and expiration date that may have been compromised, not the security code, diminishing the risk of fraudulent use.

Read this next