PS3 Online Account Security Flaws

A strange email alerted me to the problem. I became slightly concerned after reading that my PS3 password had been changed, since I had done no such thing. Followed were two other emails informing me of two separate charges on my credit card, charges I never made. That is when a slight panic set in. After quickly changing the password I was soon able to log in to the account. The "Wallet", an area in which you deposit funds for purchasing movies and games, had been filled to its limit of 150 dollars with those two credit card charges. I had previously only had around 10 dollars in the account.

Now if I had children or a sketchy roommate I would've assumed that it may have been them, but there are none to speak of. Had my apartment been broken into only to find the burglar ignoring everything to simply add funds to my PS3 account and change my password? This wasn't likely either. The ultimate conclusion... my PS3 had been remotely hacked. Somehow this person accessed my account, added money twice and decided to change the password. My initial reaction was confusion. Were they going to use these added funds somehow? Could they benefit from this at all? The questions were mounting and the confusion growing. It was time to call customer service.

The first call went nowhere as the employee seemed disinterested. We quickly established that it wasn't my children since I didn't have any. Apparently they get a lot of confused parents calling for this exact reason. He then repeatedly told me that I would have to go through the bank and report fraud, at which point Playstation would then have to close and ban the account from which the incident took place... my account. Since this wasn't an acceptable option I ended the call and pondered the situation one more night, but not before changing as much personal data in the account as possible. I submitted a new email address and took out my credit card information. I also soon discovered that the security question you select is final and permanent so when choosing one do so carefully.

The second call was a bit more pleasant. This new employee was more genuinely concerned with the situation and actually wanted to help. What she hadn't yet realized is she couldn't. Apparently their policy did in fact state that no refunds were possible and there wasn't a way for her to credit my account. Furthermore, if my account were closed and banned after submitting a fraud claim through the bank I would lose all the funds in it. I deemed this as truly unacceptable and requested to speak with a supervisor.

This ended up being the route to success. Even though he wouldn't admit to having the authority to issue a refund he eventually did so, but not without first informing me that if it were to happen again my account would be closed and banned. The funds have now been removed from my PS3 account and after a couple of days were transferred back into to my bank account. Though it may seem like a happy ending the incident only uncovered a serious security issue. You can access your Playstation account from any internet source and in order to gain entry you only need to know these three bits of common information:

1. Your email address
2. Your birth date
3. The answer to your security question (Information such as a pet's name, your birth place or birth date)

I was informed by customer service that this scenario happens quite a bit. There are a lot of cases where friends gain access to other friends' accounts and change information as a prank, while most other cases involved children gaining access to their parents' accounts. However it happened, what is truly upsetting is the relative simplicity required in gaining access to an account that contains my stored credit card information. I began to wonder about every other system I used that stored my credit card information out of convenience. I will now accept the task of entering the long string of numbers and personal data each time I want to make a purchase. At this point I'm not sure we can ever avoid having to use our credit cards online for one thing or another, but what we can do is remain aware and persistent. Unfortunately the mystery as to who, where and why will have to remain just that.