"I was advised on the telephone by Sony support that all use, including fraudulent activities committed by an unknown third party, is my responsibility. He advised me that Sony takes no responsibility for fraudulent use of my credit card details and security rests solely with me."
A couple of points here:
- The third party is not unknown to Sony. They will have records of the IP address used to make the purchase and the console that the game was downloaded to.
- Security cannot rest solely with the consumer since they need not be involved in any fraud - it could be the (known) third party calling Sony and asking for a password reset, and there's nothing that the consumer can do about that.
To do otherwise would create an opportunity for consumers to claim that they were not responsible for a purchase on their account, receive a refund and yet retain the content.You could just remove the licence for that content from the account, and ban the console that was used to buy it. Then the content would not be retained, unless the fraudster wanted to only play offline for ever more.
If the reported unauthorised transactions were made on a console other than the one owned by the account holder, the person responsible must have had details of the account sign-in ID and password.Again, wrong. There have been stories of people regaining access to their account by just calling Sony customer services and asking for their passwords to be reset, to a different email address. The security breach could be entirely on Sony's side.
the nature of digital content, in that it is made available immediately and cannot be returnedIt can be returned.
whether the account holder willingly gave their details to a friend/acquaintance or were tricked into providing them via phishing sites or similar, the responsibility for keeping this information secure does lie with the account holderIf Sony offered two-factor authentication on their accounts, they may be right to insist on this. But they don't, and they have suffered multiple security breaches themselves. Do they really need the odd £50 that is reclaimed from fraudsters instead of having a happy customer base?