Support NeoGAF

[JaseC]

Steam is pretty bad too. These digital-or-bust people must have never experienced customer service for these companies. It's beyond bad.

Steam Support is, well, Steam Support, but Valve's policy regarding chargebacks is far better than Sony's position of outright banning the account. Since the beginning of 2012, if you initiate a chargeback on Steam, you'll lose the ability to add to your library for nine weeks -- if you refuse to resolve the issue (i.e. give Valve the money back) and let the timer run down, the restriction is automatically lifted and full account status restored, although the payment method you used will be blacklisted (for obvious reasons). At no point do you lose access to -- that is, the ability to download and play -- your pre-existing library.

Edit: To echo what some have said already: Yeah, that Sony still hasn't implemented two-factor authentication, especially after the 2011 security breach, is utterly unjustifiable.

 

[GTSweet]

What? It's not a hacker breach on Sony. the user most likely had their pw lifted from either a keylogger or other spyware solution. This is user negligence. Putting the blame on Sony is incorrect. A strong password and a clean computer would have stopped this.

It is on Sony to help protect users, even from themselves. A simple 2-step verification to phone or email would accomplish this.

Microsoft and Google have 2-step well implemented in my experience.

 

[tanod]

Not say $150 is good or you should be grateful for that much or anything along those lines.

There is a guy on here from the UK and Sony UK refuse to refund anything because "protecting your account is your responsibility" so he is stuck with a load of games he doesn't want, has never played or will never play. Last I heard he was pursuing legal action.

It is just an interesting regional difference. There must be some reasoning behind the $150 figure. Maybe something like xx% of hacks are for good worth $z and each hack costs $y to investigate so $150 and revoke games is cheaper.

$150 is the maximum amount you have in your wallet at one time.

 

[Petrae]

What? It's not a hacker breach on Sony. the user most likely had their pw lifted from either a keylogger or other spyware solution. This is user negligence. Putting the blame on Sony is incorrect. A strong password and a clean computer would have stopped this.

You're exceptionally gifted at playing "Blame The Victim".

 

[Blakynt]

always use prepaid-cards, or , if you are from outside USA or UK, buy the code with paypal, but never put your CC info on the net to automatically charge, NEVA EVA

 

[PetriP-TNT]

You're exceptionally gifted at playing "Blame The Victim".

It's very apt when the victim is very much the one to blame.

 

[spwolf]

So I should have to Amazon and purchase prepaid credit cards to get online PSN content? Come on now.

Credit cards should be able to be used for one off purchases instead of auto filing it and Sony shouldn't have this weird policy about charge backs.

you can use paypal... as to the chargeback, unfortunately a lot of people misuse that, hence the policy.

 

[Reallink]

Really, they do that??

That sounds very stupid. If you can't access your email address, then just have them change email address and considering the fact that you have to have a copy of your id available (passport or drivers licence) I'm not sure how you could fake that.
I guess if you stole someones information (social security number etc) you could do that but that would be far fetched.

Considering Sony don't have any real ID's or pictures of you on file, it would be trivial to fashion up fake credentials in a matter of minutes with the personal details they've already lifted. Wouldn't be surprised if you can just search fake ID makers and generate one on a web app. And yes, they have to do it, and it's not stupid. The number of kids signing up with university emails alone (which are almost always deleted after graduation) is likely in the 10's or 100's of thousands.

 

[red720]

- If you decide to dispute the charges with your bank or credit card, your account is banned and you lose all of your current digital games and content

Behold the digital future.

 

[KePoW]

does MS have two-factor? I have a XB1 but have never noticed

 

[Apathy]

Behold the digital future.

Steam has been doing this forever, let's not pretend this is news to anyone.

 

[JaseC]

does MS have two-factor? I have a XB1 but have never noticed

Yes. Security codes sent via e-mail/SMS.

Steam has been doing this forever, let's not pretend this is news to anyone.

Valve stopped doing it more than three years ago. Valve never announced that it'd replaced indefinite account bans/suspensions with a restriction-based system, though, so I'm not surprised the matter is still news to some.

 

[reynal1287]

It's a combination of a shitty password/sharing account and terrible policies from Sony. They need to implement the 2 pass auth.

 

[R-User!]

Just deleted my cc, don't know what I was thinking leaving it in there for "convenience".

Thanks for reminding me to not do that again until 2-step; and even then I think I won't do that just because how hard is it to whip out your card type that crap then feel secure after the transaction is complete.

Answer: Not Hard.

 

[RedAssedApe]

pretty surprised there is no two step auth. not just because of the 2011 PSN hack but because of more recent stuff like heartbleed openssl vulnerability a year ago that could have resulted in your credentials being compromised on tons of servers.

i recall that spurring a lot of services to offer two step auth

 

[Omnipunctual Godot]

Does anyone think it would be a good idea to try a hashtag asking for two-step verification and linking to the Gamespot article? We need to pressure Sony into implementing two-step, and it needs to be done in a way that they can't brush off or ignore. Frankly, it's ridiculous that the feature hasn't been implemented already.

 

[Stereogatari]

How hard is it to just provide monetary equivalent in PSN credit of the amount the person who got hacked lost?

 

[JaseC]

How hard is it to just provide monetary equivalent in PSN credit of the amount the person who got hacked lost?

Apparently $150 is the maximum wallet amount.

 

[EatMyFace]

There's no evidence of the user giving his password away. There are methods to stopping brute force and dictionary attacks and its onus on Sony who has had security problems in the past to ensure customer safety. Hell the Reddit thread states that it's not the first time this has happened.



Exactly.



The lack of a basic 2 step verification after suffering from a major security breech in the past somehow slipped passed them when they were auditing their security systems? Sorry but that's kinda negligent.

It's not about giving your password away. It's about using the same password on OTHER sites and maybe THOSE were compromised. Or maybe he clicked on some link promising free Playstation Plus codes....we'll never know.

 

[EatMyFace]

So the victim deserves to have their account banned if they are stolen from? It's their fault? Right.

At any rate, I follow all of the above. No way will ever leave my info on PSN or LIVE.

Of course not. I'm just saying that the victim probably fell for a phishing scam and is now claiming to have been hacked on PSN, which is completely false. There has been no PSN hacks since that massive 2011 breach.

But I do agree that no matter HOW it happened, the user should be compensated for stolen balance.

 

[Stereogatari]

Apparently $150 is the maximum wallet amount.

Sneaky technicality on their part, but they could just provide PSN top up vouchers according to the amount...

 

[autoduelist]

You're exceptionally gifted at playing "Blame The Victim".

No. I blame both the victim for negligence and the actual perp, which is whoever used the spyware to pull the info.

I do not think Sony is responsible. I think many of you misplace the blame.

More importantly, yes, I'm sorry, but the user does share blame if they do not keep their computer secure from malware. Those compromised systems are also partly to blame for all the DDOS attacks that brought down various networks during the holidays and at other times. Millions of people have these compromised systems... keyloggers and other malware grab passwords and cc info all the time. This is partly the user's fault. Certainly, the perp is also to blame. But I would not blame my cc company if my credit card got stolen, and I wouldn't blame Sony if my password got stolen elsewhere, either.

I ask you -- if you use the password 1234 on every network, and then allow your pc to be full of popups, malware, and keyloggers and never do anything about it... are you responsible if something goes awry? Would holding you accountable be 'blaming the victim'? Because if so, then yes, I happily blame the victim in this case, despite the fact that 'blame the victim' has terrible connotations in other crimes (where it's legitimately wrong to do) and your use of the term is a sad attempt to paint my position badly by association.

Besides, it seems people have no problem 'blaming the victim' (sony) when they actually did get hacked, rather than the perps.

Of course not. I'm just saying that the victim probably fell for a phishing scam and is now claiming to have been hacked on PSN, which is completely false. There has been no PSN hacks since that massive 2011 breach.

But I do agree that no matter HOW it happened, the user should be compensated for stolen balance.

This policy seems nice, but would also be extremely ripe for fraud. It would certainly be a nice gesture, but it also establishes a precedent that they might need to step back from if people started abusing it. There is really no easy answer here. If this were simple -- ie, an actual 'hack' where we could place the blame at Sony's feet, then yes, for sure. They could also limit the amount you purchase in a short period, though that might aggravate legit consumers.

 

[Orca]

How hard is it to just provide monetary equivalent in PSN credit of the amount the person who got hacked lost?

If you got hacked and the guy spent $600 on games you don't want...would you want your money back, or $600 in PSN cash you can only spend on PSN?

 

[Stereogatari]

If you got hacked and the guy spent $600 on games you don't want...would you want your money back, or $600 in PSN cash you can only spend on PSN?

I believe the $600 amount refers to the games he bought himself.

But in any other case yes, a full refund.

 

[killer rin]

I can't believe that after all this shit, Sony still hasn't implemented a two factor authentication system. It should honestly be illegal to store credit card information without having secondary and triary authentication systems.

does MS have two-factor? I have a XB1 but have never noticed

Security codes through alternate email, text messages, an automated phone caller and app based two-factor. Pick your poison then go to https://account.live.com >> Manage Advanced Security to enable it

 

[Killing_Joke]

1. Put up a long fight and get a full cash/credit refund (I'm pretty sure Sony has a way to track people deactivating consoles and spending money in random places). Sony refunded me $50+ without a hassle one time. If it was $600 i'm sure it wouldn't have been that easy. 99.9% major companies won't just give a refund at the snap of a finger. I would fight till a manager caves.

2. charge back should never be an answer unless you don't give a shit about the consequences.

3. They really need to beef up the security.

 

[system11]

Total fucking bullshit policy when you consider the things 'sold' are actually a 'digital license'. They lose precisely nothing by refunding victims of fraud, they're actually in a better position since the license can be revoked. In fact I wonder if this is even legal in some countries.

Chargeback = ban is a horrendous bully tactic.

 

[lynux3]

I can't believe that after all this shit, Sony still hasn't implemented a two factor authentication system. It should honestly be illegal to store credit card information without having secondary and triary authentication systems.

Legally, Sony is PCI compliant, but seriously, Sony is barking up the wrong tree here. Though 2 factor authentication didn't start REALLY picking up until almost 2 years ago, it's becoming a standard practice, one that Sony should get in front of.

 

[Pathfinder]

You don't get to 20.1 million consoles sold without making a few enemies.

 

[FX-GMC]

You don't get to 20.1 million consoles sold without making a few enemies.

But it seems you can do it with bad customer "service" policies.

 

[Netherscourge]

Does PSN accept PayPal?

I was going to buy Bloodborne digitally, but I don't wan't to put my Credit Card within 5 feet of my PS4.

 

[FinalStageBoss]

Most digital stores use the same policy, this is why I don't keep my CC on PSN.

I have a friend whose little brother bought a game using his card without his permission. He went to Sony and they gave him a refund out of goodwill, but got to keep the game still perfectly playable. They can't go into your console and delete shit, I guess that's why they'll ban you if you charge back.

 

[ALLseeingEYE]

Wow, this is a disgusting policy on Sony's behalf.

He had $600 stolen from him and used against his will due to Sony's lacking account verification process, and now they refuse to just refund the money and remove the digital products from his account? Why? due to their own lacking technology? And then they just blackmail and bully him into shutting up?

I have thousands of dollars of games on my account, if any company treated me like this, I would drop support for them in an instant. Terrible customer service.

 

[SmoothRunningGun]

Does PSN accept PayPal?

I was going to buy Bloodborne digitally, but I don't wan't to put my Credit Card within 5 feet of my PS4.

Yes. This is what I use. Also my bank allows me to make temp cc nums to use for online purchases. I can make them have a small limit and expire when I want.

 

[patchday]

I stopped buying content on PSN because they don't offer 2 pass authentication.

Looks like I need to do the same

 

[Rurunaki]

Looks like I need to do the same

Or you know.. buy PSN Cards from Amazon..

 

[lord]

What? It's not a hacker breach on Sony. the user most likely had their pw lifted from either a keylogger or other spyware solution. This is user negligence. Putting the blame on Sony is incorrect. A strong password and a clean computer would have stopped this.

Sony's just letting a scammer get away with it and doing as little as possible to help the user, it's bad form, shit happens, some people get hacked and if they expect us to buy digital content from them, they should protect their customers too. It's a fucked up thing to do. User is out of $450 and Sony's just taking their cut from the scam.

 

[Tigress]

Sony's just letting a scammer get away with it and doing as little as possible to help the user, it's bad form, shit happens, some people get hacked and if they expect us to buy digital content from them, they should protect their customers too. It's a fucked up thing to do. User is out of $450 and Sony's just taking their cut from the scam.

Pretty much.

This is a big reason I think people are really shortsighted who want to see the digital future happen and want physical to go away.

Not until most digital is handled like GoG handles it do I ever want to see that happen. Nor will I move voluntarily to a digital only future until when you buy your stuff the company can't just take it away from you like that.

This wouldn't be a problem if the games he bought from his account were not DRMed. Sony would have to either work with him to avoid a chargeback or just deal with the chargeback and at most not sell him any more games. But they couldn't actually threaten with taking away games he already paid for so that they don't have to do anything.

When retail stores accept stolen cards they don't get the money if it is found out it was a fraudalent charge. And they even lose actual physical goods! I don't see why Sony gets to keep the money here. Oh wait, stores can't just threaten you with removing anything you bought from them previously if you do a chargeback.

I'm sorry, it's just complete BS that Sony can remove games he already paid for (for any reason, even if he was behaving badly online and got banned. He should only be banned from online use, not have stuff he paid for removed).

 

[Agent X]

I agree that the PSN definitely needs two factor authentication. People need to go here and upvote this to let Sony know.

http://share.blog.us.playstation.com/ideas/2014/05/21/two-step-verification/

That's what I just did.

It's interesting how some people here are completely blaming Sony for this mishap, when no one here really knows all of the details. Likewise, we don't know if the user is at fault here. Nobody here is fit to pin the blame on either entity until we know the rest of the story.

I believe implementing two-step authentication would certainly help bolster security, so the likelihood of this happening to anyone else is minimized. That's something that Sony really ought to do as soon as possible.

Regarding the notion of Sony totally banning PSN accounts after a chargeback, that doesn't sound like a good idea. Perhaps a better solution would be for them to allow the user to continue using his account to access PSN and download/play previously purchased games, but (at least temporarily) ban the account from making any new purchases on the PS Store until the investigation process is completed. That way, the user doesn't have to feel like he's being completely locked out of his legitimate purchases, and at the same time it would protect Sony from scam artists who might abuse the chargeback system.

 

[Fnord]

They were hacked once, there hasn't been any other hacks because ddos isn't hacking neither is someone phishing your account.

And I'd add that there were exactly zero confirmed reports of credit card information being decrypted and/or used as a result of that hack.

 

[Persona7]

Or you know.. buy PSN Cards from Amazon..

I have to do this because PSN doesn't recognize my credit card as being valid lol

I use the same card to buy the PSN codes.

 

[Mithos]

I mostly use the web store and just use my Paypal account. Then when I get to my devices, my purchases are all waiting to be downloaded.

1 time, 1 place/location/store CC is even better. That is what I use on all online stores, as soon as the store I use the cc# at have withdrawn the money, the cc# gets invalid for anyone else, AND I can limit the amount of money that can be withdrawn from it too.

It's called "e-kort", a collaboration between VISA/Mastercard and my Bank.

 

[ss-hikaru]

I removed my CC details from PSN a while back, but if I'm reading some comments here right, if you ever use your CC to buy something it autofiles it? Dammit, I better go check. I guess I'll stick to PSN cards from Dick Smith lol...

 

[CLEEK]

Of course not. I'm just saying that the victim probably fell for a phishing scam and is now claiming to have been hacked on PSN, which is completely false. There has been no PSN hacks since that massive 2011 breach.

That still falls under the general term of hack though. Both in the literal meaning of the word and the legal sense. Hacking is gaining unauthorized access to a system. Doesn't matter if its done with brute force cracking, social engineering, phishing, SQL injection or any other method.

Many hacks use multiple methods to gain access. Phishing or social engineering to get some initial access, using that to gain further access and so on, until they get what they're after.

In the case in the OP, the end user had their account hacked.

Sony is at fault for allowing someone to easily access someone else data/account. There have been enough of these cases for them to know how they're occurring, yet they leave the vulnerabilities open. Enabling 2 factor authentication and restricting purchases to authorised systems only would block most of these cases, yet Sony is dragging its heals and hasn't implemented them. Until they do, they are at fault.

 

[GReeeeN]

I had a similar thing happen to me last year, I purchased ps+ with my paypal account, and for some reason one of my family members saw the transaction on paypal and disputed it cause they didn't know what SonypsSubscription was.

Long story short,

- my account ended up getting banned because of the fraudulent charge lodged on facebook

- all I had to do was contact sony, explain there has been a charge back on my PayPal account due to misinformation

- they required I go out and purchase PSN prepaid cards to the value of the subscription amount

- once I gave them the codes over the phone, they unbanned my account -> as technically my account was in minus status having an active ps+ sub with a charge back on PayPal

Sony can definitely unban accounts, it just seems there trying to save their own ass over the customers when it comes to account hacks and fraudulent charges.

 

[hodgy100]

I get thats its not sony's fault if someones account is accessed. but you'd think it would be in their best interest to allow a refund in these instances. In the uk the 2014 Consumer Contracts Regulations cover refunds on digital purchases for any reason up to 14 days after the purchase is made. Under this law I am pretty sure people are legible for a refund. Sony claim their EULA waives this right which is bullcrap really and you can probably apply the 1977 unfair contract terms act which invalidates any contract that infringes on such rights.

 

[Mafia Films]

It is astonishing that they ban people for reversing funds when their network is so susceptible to hacking.

LOL this guy didnt have too much connected to his account, last of us, freebie psn games.

$150 play money vs $600 real cash dollars id be doing a chargeback immediately.

I think this happened to my buddy on his 360 one time... and they said make a new account, we cant do anything refund wise you have to do that with your bank, OR maybe he actually caught it as the charges were pending and this just cancelled it then and there(not sure cant remember). BUT anyhow they said hey that account is compromised you need to create a new account. THAT should be the process here, Ban that account, get a refund/chargeback, then create a new account. Somebody is taking him down a rabbit hole for no reason.

Id tell sony to go ahead and ban me up Im getting my $600 back and heading over to the xbox one or Wii U...see how they like dem apples.

And could he not just pursue the chargeback, and create a new account? IDK why his top priority isnt being down at the bank first and dealing with sony second.

Also if his compromised account is still active doesnt the douschebag who hacked him get to reep all the benefits of the free games connected to that account since its on "that guy's system" now?

Take care of business guy, pissing around....