While we’re a little late to the story that the Sony PSN network was hacked, and the claim by the hackers that they have some two million plus customer’s credit card details, we still thought it was worth visiting the story, and looking at ways you can ameliorate the risks of one of your service providers getting hacked.
Firstly, while having good security software on your system is essential to protecting you, there is very little you can do about your service provider being hacked, as security on their network is something they should take care of, but a spate of recent hacks suggests they are not doing the very best job they can, and, in their defence, the hackers and criminals involved in a lot of hacking are trying harder and harder to get into these supposedly secure systems.
While Sony’s PSN engineers had the foresight to have encrypted the credit card data, though, alas, not the user information data, the vulnerability in the system still allowed the hackers to access the data tables, and download the information, giving them time to crack the encryption (though it is thought at this time that this has not been done).
So, what can you do to protect yourself? Here are some tips:
- Don’t use debit cards in online transactions, as these come with lessor protection, contractually, from your bank; so use credit cards, but pay them off each month, after carefully checking all charges made against the card.
- If you don’t have access to a credit card, better to charge up your PayPal account, but turn off auto-recharging (if available in your jurisdiction); most services accept PayPal these days.
- Ask your bank for a special “internet only” credit card, and use it for online recurrent billing and one-off payments. Have the credit rate for this card set to a reasonable level, say a maximum of $100 to $500, depending on your actual needs. You can always ask for a level increase if you find your online spending going higher.
- Keep a spreadsheet or list of sites where the card is used – particularly with respect to recurrent billing. Each site should tell you what payment descriptor you should see each month on your credit card statement – if you find any that shouldn’t be there when you check your statement, query the transaction immediately. If a fraudulent transaction appears, have the card stopped, and a new card issued.
- If your bank or card provider allows you to check your statement online, particularly if the statement is updated in real-time or near-real-time, check it daily.
- Check, carefully, the terms and conditions of any service you sign up with online, to see what the details of any breach might be – such as the service obligation to tell you in a timely manner, and in what form such notification will be. If you weren’t informed, they will have some liability (and probably will under data protection laws anyway, regardless of what the ToS says).
- As ever, when signing up for services, be vigilant you are signing up with a legitimate service and keep a close eye on your statements; security is a whole “user” approach: make yourself as much a part of the solution to good security as you can.
The Sony PSN hack was so bad, that, as of this writing, Sony’s PSN remains down for security reasons, with no published or suggested date that the service might be back up.
If you’ve experienced identity theft or have had your service hacked, tell us about it in the comments, so we can warn others (though, please, no confidential personal information should be included!)