According to an analysis by some experts, Sony’s payment platform would allow you to make purchases without the need to enter security codes
If you registered on PlayStation Network and entered your credit card information to make in-game purchases, then be very careful: a hacker could use the card without your knowledge. The warning doesn’t come from a computer security company, but from an in-depth report from the website Multiplayer First (MP1ST).
Theoretically, PSN’s account management system (including payment methods) is secure: if you log in from your console you don’t have to enter any data to make purchases, while if you log in from another console (or someone who has stolen your account logs in under your name) then you have to enter the three-digit CCV/CVC code or you won’t be able to pay anything. In practice, however, this is not the case and the system allows you to make purchases and top up a PSN wallet even without entering any security code. Considering that account thefts on online platforms are now commonplace, the flaw discovered by MP1ST is really serious. On YouTube there is also a video uploaded by a user named, or who goes by the name, Morteza Rahmani in which he explains in full how to use a credit card on PSN without the CCV. Rahmani also stated that information about this flaw has been going around for at least 5 years and that Sony didn’t care to fix the problem.
Platform pierced
According to MP1ST, moreover, this is not a problem related to the console but to the platform itself: the experiment of purchasing without CCV has been successfully performed by other Sony devices with Internet connection, such as smart TVs. Rahamani also claimed to have reported via the HackerOne site this vulnerability, but the report had no effect and, indeed, Sony responded that it’s not a security issue but something to do with online fraud. So it’s not Sony’s fault and it’s not up to Sony to fix the flaw.
How to protect your credit card on PSN
MP1ST has contacted Sony for an official response regarding the flaw that puts credit cards at risk on PSN, but has not received any further response. The only suggestion that can be made to users at this point is to set up two-factor authentication in order to block access to their PSN account (and therefore their credit cards) from malicious strangers.