Beware of Sony’s Offer in Wake of Data Attack

Sony seemed a little slow on the trigger when it came to reacting to the massive data breach that appears to have exposed customers’ personal and credit card information to thieves. Then the company responded with what appeared to be a magic bullet – a $1 million in liability protection for all customers who accept free credit monitoring for a year.

The $1 million offer to those who play Sony games online and use the company’s PlayStation service sounds impressive, but it’s a rather hollow marketing pledge. In reality, if there was a theft, it would rarely exceed hundreds of dollars and consumer losses to credit card fraud are already protected by federal law. So, the policy wouldn’t need to be used.

Identity theft protection expert Denis Kelly, author of the “The Official Identity Theft Protection Handbook,” goes further — saying the free credit monitoring offered by Sony to its customers is deceptive.

“The main issue is that they are not protected from identity theft, and with a ‘$1 million insurance policy’ and ‘Internet Surveillance’, it implies that they are protected,” he said. “It is not that the service directly places the consumer at risk, but it is the resulting mindset that jeopardize the consumer due to the false sense of security.”

He suggests that anyone who wants to protect their credit from identity theft, and is at risk, should consider fraud alerts. Fraud alerts are a message to the credit reporting agency noting that you might have been a victim of identity theft or fraud and to exercise an extra level of verification before extending you any further credit. Sony, in its original email to its customers, did spell out how to place a fraud alert.

Placing a fraud alert with the major credit reporting agencies, Experian, TransUnion and Equifax, is relative simple and remains in place for 90 days. There is no cost. Consumers can also take the more extreme step of a security freeze, which is intended to stop requests for credit. Those are done for a fee that varies by state.

Kelly said he is mainly concerned the idea of enrolling the AllClear ID program run by the company Debix will prevent consumers from taking the safeguards they need to in order to properly insulate themselves against someone trying to commit credit card fraud.

What Sony customers are supposed to be getting with that service is an alert that a fraudulent transaction has already taken place, rather than have something in place that would prevent that from happening in the first place. And Kelly said it is important for the recipients of this service to understand that it might be free now, but the company is going to spend the next year to try to convince them to buy their paid service.

Sony spokesman Patrick Seybold said the company won’t address its relationship with Debix regarding the protection offer or whether Sony paid for the service.

“We’re providing this as a complimentary offering to our consumers as there was a criminal attack on our PlayStation Network and Qriocity services in which personal data may have been compromised,” he said. “These services are designed to help protect consumers in case they have any issues or concerns with identity theft.”

Seybold also didn’t address the assertion that the $1 million insurance was an empty gesture.He said: “We’re committed to helping protect our customers from identity theft, and in the U.S., we’ve launched a program that offers cyber monitoring and surveillance as well as up to $1 million identity theft insurance per user.”

Beth Givens, executive director of the advocacy group Privacy Rights Clearinghouse, said even though the insurance policy is virtually meaningless, the monitoring for consumers whose personal information was exposed was necessary for the company to offer — even if only for the public relations value of showing the company was doing something.

“It has become a ‘best practice’ for breached entities to provide such services,” Givens said. “If they were not to provide something, they would look like they don’t care about their customers. It would be a public relations black eye.”

So, if you want to go the extra mile, take a few minutes and place the fraud alerts on your account. The downside is that you will also be put through an extra step when you want to sign up for a new credit card or take out a loan.

And, whatever you do, don’t fall for offers of “credit card protection.” You’ve already got it.