Computerworld

Sony PlayStation Network (PSN) customers to pay for identity protection?

Sony launches 12 month free fraud detection and identity protection scheme for PlayStation Network customers

SonyPlayStation Network (PSN) customers may be asked to pay for their own account and identity security in 12 months' time following a free year-long trial of a range of CSIdentity's anti-fraud services.

The services, launched in the wake of repeated hackings of Sony's Playstation Network, include CyberAgent internet surveillance, identity restoration and secure online sign up.

In a email to PSN customers, Sony said the identity protection and fraud detection services would bring "peace of mind" when using the PlayStation Network and Sony's related services such as PlayStation Store.

Users must be 18+ and have had a current PSN account on 20 April 2011 to be eligible for the service.

"You must also register for the program within 60 days of this email. We will pay for you to join the program," the email reads.

A Sony Australia spokesperson would not comment on the price of the services to customers once the 12 month free trial ended.

Security analyst and IBRS advisor, James Turner, said that despite the apparent expectation that customers pay for their own anti-fraud protection after the first 12 months, the initial service offering appeared to be in good faith.

"The duration really only needs to run for 12 months because over the course of 12 months, either a customer's data will be used by a criminal or it won't," he told Computerworld Australia.

"If a customer's credit card data is used, or an attempt is made to steal their identity, then this service should kick in. At this point, Sony can say that it took reasonable steps to help prevent any loss."

However, if the data was not used during the 12 months of cover, then Turner said that this was ample time for a PSN customer to change their credit card details and passwords.

"The takeaway from the whole Sony hacking debacle is that as more consumer services move online, service providers should be giving serious planning to their security," Turner said.

"Now that this has happened, no service provider can legitimately say that a breach of customer records couldn't have been foreseen."

He added that spending the time and money on security to prevent a breach should now be viewed as an accepted by any organisation offering online services as a 'cost of doing business'.

The rollout of the program by Sony follows the suspension of services worldwide on 20 April when Sony detected a sophisticated intrusion had hit its data centre in San Diego.

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU