I’m amazed that you think I’d still have a PS4 after all this

Shortly before the Watchdog piece aired, John Lappin (featured on the programme, whose story was featured here) received an email from Sony.

Dear Mr Lappin,

As you are aware, BBC Watchdog has brought your case to our attention.

We constantly strive to improve our Customer Service offering but unfortunately we sometimes get it wrong, and on this occasion, our internal processes have not met the high standards we set ourselves.  I would like to take this opportunity to apologise for the experience you had.  This is not the experience we want our customers to have.  As a result of this case, we are conducting a review of our process for reviewing and responding to Unauthorised Transaction complaints to ensure other users are not similarly affected in the future.

Having re-examined this case, I can assure you that neither PlayStation Network nor Sony Entertainment Network services were compromised to obtain access to your account.  In this instance, available evidence suggests that your account was accessed by attackers using usernames and passwords that were obtained outside of our Network. 

Sadly, criminal activity like this is an unfortunate element of modern, online life, which underlines the need for everyone to take precautions to protect their personal details online.  We recommend that our players create complex unique passwords that they have not used before, use different username/password combinations than those used for other online services, and keep a close eye on their accounts for unusual activity. 

Your SEN account Wallet has now been credited with the funds that were used to make this purchase.  If you haven't already done so, please make sure that you change your SEN account password to ensure that your account is kept secure.

We hope that the above goes someway in restoring your confidence in PlayStation.

Yours faithfully,

Jon Budden
Head of Consumer Services
Sony Computer Entertainment Europe Limited

It's a good job the BBC brought John's case to their attention, since the months of emails, calls and contact he had gone through didn't seem to.  A few things to note here:

• Sony are still implying it was John's fault that his account was stolen.  Constantly telling basic security advice like 'complex unique passwords' implies that they are assuming he wasn't.
• They have credited funds back to his account, which is useless as he no longer has a Playstation.
• John did keep a close eye on his account.  As soon as he noticed an email about the purchase he contacted Sony.

John has posted his reply to RLLMUK:

Unfortunately, no it doesn’t come anywhere near restoring my confidence. You have begrudgingly refunded me after 6 months, multiple calls and emails, tweets to various executives at Sony and a BBC investigation. I suspect had the latter not happened you’d still be ignoring me. Whilst I appreciate that my situation could well have been someone trying to trick you, you just assumed that was what I was doing. The fact that this is even possible is a flaw in your systems, not something your customers should suffer for. You cannot assume all your customers are potential fraudsters and refuse to refund them as ‘punishment’ for a crime just because your lax processes mean it’s remotely possible they may have committed it.

As you say, sadly criminal activity like this is an unfortunate element of modern online life. Perhaps then, you should provide tighter security for your customers like two factor authentication. If you don’t want to pay the cost of fraud, protect against it, don’t force your customers to pay for it.

Almost everyone I spoke to in your customer service centres, after 30 minute waits each time, was friendly and tried what they could to help but were ultimately powerless to do so thanks to your policies. Only one agent, the last I contacted was rude and told me Sony were keeping my money as a punishment.

The only person at Sony who gave me any faith in your company was the first guy I called who is in the recording you may have heard. He did what he could and clearly understood the issue and what was wrong about how it was being dealt with.

Whilst I appreciate the fact that you have refunded me, it’s useless to me now as I no longer own the machine and frankly I’m amazed that you think I’d still have a PS4 after all this. (The one in the Watchdog piece was provided by them which I reluctantly agreed to use for the show). I’d ask for it to refunded into my bank but we both know that’s not going to happen.

Thanks for emailing and good luck improving your services for others.

John

That would be a great place to leave it, but there's more.  A little investigation from a new user at RLLMUK shows that Sony (or at least its people) still don't quite get Internet security.

Sony's argument for no refunds is that all users are responsible for everything that happens to their account; and liable for any costs incurred.

This is despite the fact we still don't have adequate measures for protection - notably, two-factor authentication (that is, when you get texted a code to log in after entering your password). Steam, Origin, Google Play, iTunes, and even Xbox all do this.

However, after looking at Jon Budden's twitter (the guy who emailed Pockets and is Head of Consumer Services SCEE) - he complained a couple of months ago, on April 21st, to PayPal after his account got hacked and money spent! Unbelievable.

Maybe he should've had a stronger password. I guess it's do what we say and not as we do?

Note that this Twitter account has now been deleted.  As has his Facebook complaints about having to make five phone calls to chase something up.

Imagine making five phone calls, and sending countless emails, and complaining for six months and then still being told that a company is assuming you're a thief?  I think that may be worse.