Sony PlayStation: Security Breach
1. Sony PlayStation (PS) is one of the most successful entertainment consoles on the market
Xbox and Wii produced by Microsoft and Nintendo respectfully are the major competitors that have services similar to those provided by PSone (PlayStation Network) – Xbox Live and WiiConnect24. These services allow players to enjoy gaming network, download purchased games, communicate, play online, and to perform many other operations. However, PS has several distinctive features, allowing it to be more preferable for purchase in comparison to its competitors (Altizer, 2012).
Thus, the latest model of PS (PS3) is equipped with a Blu-ray drive, allowing users to enjoy Blu-ray movies and games within seconds with the Quick Start. Xbox 360 and Wii do not have such a function. Blu-ray discs have increased capacity comparing with similar DVDs therefore, more information can be provided on one disc to PS3 users via Blu-ray drive (Altizer, 2012). In addition, PS3 has in-built support of 1080p video, so the quality of HD video is undisputable.
All platforms have outstanding games to play, including exclusive titles. American and European game studios provide all three consoles with decent games but PS3 has an access to Japanese producers and their excellent products, greatly valued by millions of gamers around the world. It means that while Xbox 360 and Wii have Halo and Mario respectively, PS3 has such world-famous exclusives as Metal Gear Solid 4, LittleBigPlanet, and God of War III, not to mention magnificent Gran Turismo 5 (Altizer, 2012). Therefore, PS3 gamers have increased a spectrum of games to be chosen for playing.
The cost of ownership is lower for PS3, as well. It is true, however, that the initial price of the console bundle is higher than that provided by Xbox and Wii. On the other hand, PS3 is a feature complete system for the start. Xbox 360, for example would require additional $100 for a wireless upgrade kit in addition to necessity of purchasing Xbox Live Gold Membership (Altizer, 2012). Wii would require additional storage to purchase in case of necessity to download something from the internet. PS3 has free subscription for PS Network (PSN), in-built storage and rechargeable DualShock 3 right out of the box (Altizer, 2012). It provides the avid players with substantial customer satisfaction – they have an access to better games; they do not have to pay for online gaming, and they have most useful features of a contemporary entertainment center from the box.
Why to spend days and nights on research if QualityCustomEssays.com is eager to assist you?
If academic research is too complex for you, do not hesitate to contact us at QualityCustomEssays.com and buy a custom paper according to your expectations.
2. Identity fraud and identity theft are not new to modern society.
Criminals of all kinds have always been familiar with technologies, allowing them to steal sensitive, private information. The goal was (and still is) to be able to use this information for unauthorized use of financial assets of an attacked person. I was a target of financial fraud as well once. The situation was as follows. I wanted to purchase some small game on a website. This game was widely advertised in social networks and on various websites on banners. I clicked one of these banners and I was redirected to the targeted website.
Everything looked rather usual and similar to the dozens of payment forms I had visited before. I filled the forms and entered my private data from the credit card, including its number, expiration date, and CVV/CVC. The first surprise for me was the delay of providing me with my purchase – I got nothing after three business days. I wrote an email stated on the above-mentioned website and got notification that the recipient did not exist. I called my bank hot line and got the response that the card was not charged. It was surprising but I did not pay attention to that.
However, after a while I started to notice that my account had less money than it was supposed to. Sums were not that big but it was not the issue – someone had used my account. After a careful investigation, I found out that my card information was used in places and had such time stamps that were incompatible with my schedule. I got to know that my CC information was simply stolen. I analyzed the Internet and found out that the website I used was a duplication of a trustworthy website. I filled forms and sent information to criminals unintentionally.
3. Considering this situation, I would feel comfortable providing sensitive data only if it is protected properly.
Along with the rapid development of financial products and services, oriented on the online distribution, the need of securing such kind of transactions grew as well. It was clear that people would not entrust such sensitive information as financial information to channels they were not sure about. Therefore, at the beginning of information era, the number of financial services was small but they were rather secure. Credit cards, checks, other financial instruments were protected comparatively well because customers’ personal financial data (personal identification numbers, for example) was not transferred via unsecured networks, including wireless ones. Most of common operations performed via online services can be addressed to transactional and non-transactional categories, and also financial institution administration, management of numerous users that have different levels of authority, approval process of transactions etc. In addition, online banking could include such unique services as personal financial management support and account aggregation that would allow customers to monitor numerous personal accounts via the Internet (O’Riordan, 2008).
Transactional category of services provides the following functionality: different kinds of payments; funds transfers from one account to another; various investment purchases or sales; loans; etc. Viewing recent transactions, pictures of paid checks, downloading different bank related information (e.g. statements of different kind) belong to non-transactional category. It is clear that online banking services are beneficial in terms of a variety of services, an eased access to bank accounts, and an opportunity to have consultation if it is needed anywhere and anytime (Cronin, 1997; Chaffey et al., 2009; O’Riordan, 2008). Now, it is important to clarify the major concern of every transaction or simply action related to financial activities – security. Security in such kind of transactions is issue number one beyond any doubts. Usual banking services are provided with rigid security measures, such as combination of different authentication methods, secured cards, heavily guarded safes, etc.
4. Online banking services provided regular people with tools that make their life easier and comfortable.
Security specialists of the banking sector developed different systems that should secure online transactions and make them as secure as they would be in the real bank. However, considering the level of technology, it is not wise for anyone to feel entirely safe entering PIN from a personal account into mobile banking application (for example). This data goes though different nodes and wireless networks so it can be intercepted, decrypted and used by someone else. In case of compromising my sensitive data, I would expect the following steps to be undertaken by the company. They should increase the security of transactions and provide me with financial compensation for potential financial and moral losses. Thus, there were developed two basic security methods in order to assure security of online banking (Cronin, 1997; Chaffey et al., 2009). They should be improved.
The first method is based on a combined use of personal identification number (PIN) and transaction authentication number (TAN) (FSA, 2008; FST, 2011). In this method, PIN is a password for logging into a banking system and TAN is a one-time password that allows authentication of transactions. Each client has his/her PIN and should know it, while TAN is being sent by different means of communication (emails, SMS). Today, the most secure ways of exploiting TANs is to create them with the help of a security token (Cronin, 1997; Chaffey et al., 2009).
Tokens can generate TANs depending on the time of day and unique secret that is stored in the security token. It is also called a two-factor authentication (2FA) (Arcot.com, 2005). Modern online banking systems operate via secured SSL connections so there is no need in additional encryption to secure TANs’ transition (FSA, 2008; FST, 2011). The second method is based on digital signatures. All transactions are signed and encrypted, using digital encryption. The keys that allow signature generation could be stored on any medium with memory (smartcards, for example) that the current implementation of this method requires (FSA, 2008; FST, 2011).
Need to buy essay writing? We want to make it all easier for you!
5. Sony experienced a major security breach in 2011, when about 77 million user accounts were hacked via PSN.
The company failed to recognize the issues right after the incident occurrence and managed to make people wait for entire week before Sony released some explanatory statement of what had happened with an access to PSN. The financial side of the issue appeared to be about $171 million of losses for Sony. This number included the development of new security measures, settlements in courts of various kinds, “welcome back” programs, and other related expenditures (Hesseldahl, 2011).
However, the major damage was made to Sony’s reputation. The PlayStation Network and Qriocity service blackout made users around the world have second thoughts regarding connecting to PSN again and entrusting their sensitive information to Sony (Hesseldahl, 2011). It is possible that the weak reaction to the situation after its occurrence made people think that Sony is an irresponsible company. Some users felt disappointed in brand they believed in for so many years and started to use Xbox 360. Others stayed but had “put on hold” purchase of new games in PSN Store in order not to disclose financial data from new CCs.
In general, the major implication for Sony (except the financial, of course) was loss of trust. An impeccable reputation of PSN, as the entertainment environment with numerous benefits (stated above), was destroyed by hackers. The attack, probably, was the response to the case Sony versus George Hotz, when Sony attempted to legally push Hotz not to proceed with PS3 reverse engineering experiments (Hesseldahl, 2011). Apologizing Sony President, financial losses, mistrust to Sony’s PSN security system, 77 millions of impacted users – it all looked like Goliath defeated by David.
6. The major stakeholders that Sony must consider when developing a communication response are PSN users.
They have constituted the core of PSN’s success for so many years (from 2006). PSN users are the key targets of being “pleased” by Sony. Otherwise, the situation can become similar to the case with United Airlines and David Carroll’s guitar.
In case with Caroll’s guitar damaged because of inaccurate actions of United Airlines` workers the situation was explained to the authorities of the company, but they refused to accept it as their fault. Therefore, UAL simply disregarded justified claims of their client. The company, a member of Fortune 25 list, refused to recognize their fault and to solve the problem. Why was it so? Because UAL simply could say that nothing had happened and that Dave Carroll is wrong. They just could and no one would argue with this statement on TV or radio
However, the Internet provided people like David have an outstanding opportunity to stand up for their rights and make the situation noticed. Youtube provided Dave with an opportunity to tell everyone on the Internet what had happened (Carroll, 2009). He told his friends, tweeted, showed the video to Facebook buddies and voila – millions of people saw Carroll’s funny way of telling people that United Airlines treated their clients like an empty space in case of some issue. The response from UAL was immediate and rather satisfying but still it merely confirmed the inflexibility of the company’s management and inability to realize that the new era of customer-management relationship has begun (Hanna, 2009).
7. The communication response from Sony is essential in terms of its speed and contents for the further improvement of the situation.
The following information had to be included into the response: sincere apologies; explanation of what happened to users’ accounts; list of measures to be undertaken by the company in order to prevent such issues in future; list of benefits an existing user gets because of the inconvenience; list of extra bonuses the company provides to apologize for such a major crash etc.
Information needs to be provided in this particular way in order to satisfy the major users’ needs. They should know that Sony recognizes its fault in the incident and feels bad about it. They want to know what actually happened because people are always interested in such information, secrets’ revealing, mysteries uncovered, etc. Users want to know how Sony will solve the issue and how serious the undertaken measure will be. Then, they need to be pleased with the “welcome back” programs: free games (several), insurance in case of identity theft (for a year, at least), prioritized and free access (for some time) to various premium programs and multimedia stuff; and some extra bonus, which may be in any acceptable form. Finally, the existing and new customers want to know that they are really appreciated by Sony, so it should offer extra bonuses to show the amount of appreciation and its depth.
8. The communication blog response from Sony could look as follows:
“Dear users of PSN, gamers, appreciators, followers! Dear Friends! Please accept our most sincere apologies for the inconvenience caused by the latest events. We value your patience and reasonability in response to the problems the crash caused. We work hard on resolving this issue as soon as possible in order to provide you with the service of highest quality, with increased secureness of transactions and protection of sensitive data.
We carefully investigated the situation led to the system crash and found out that denial of service was caused by the actions of an unknown group of hackers. Unfortunately, they succeeded in stealing information regarding 77 million of accounts, including 10 million units of financial data. Despite the fact that the stolen data have not been noticed in any malicious activity, please be attentive regarding your bank accounts’ activities.
We are working on development of advanced security technologies, additional monitoring of software, and increased level of encryption of additional firewalls. We are also installing an early warning system, detecting unusual patterns of activity to prevent possible attacks on early stages.
In order to mitigate the consequences of the situation, we are glad to offer games for your consideration (in free access). In addition, we would like to offer 30-days free access to PlayStation Plus subscription and to the Premium services of PSN.
Finally, we are thrilled to inform you that several extra bonuses are on their way to your accounts so we hope it will be a pleasant surprise for you soon. Sincerely yours, …”