In the wake of the massive PlayStation/Qriocity data breach Sony has announced that they will be providing a 1 year complimentary ID theft protection service through a company called Debix. In addition to the ID theft protection Sony is offering other “gestures” of goodwill.

This all sounds good on the outside and the ID theft protection is a good idea if you had a PlayStation or Qriocity account, but you might want to be sure to read the fine print. Sometimes free isn’t really free. Sometimes, to steal a phrase Andrew Lee, our CEO introduced me to, there is a stinger in the honey!

When you go to www.eset.com and download a 30 day free trial, it is free. You don’t give us your credit card number, we don’t spam you, and at the end of 30 days you have to actively choose to buy the product if you wish to keep it. If you forget 30 days is over, ESET does not start charging you money. You do not get stung!

Recently my wife had troubles with a Comcast service. When she called support they said that as a gesture of goodwill they would up her bandwidth for 3 months. She asked what happens at the end of three months and then they told her that she would automatically be billed an extra $10 per month unless she actively cancelled the higher service! Putting a stinger in the honey isn’t goodwill, it is lousy and deceptive marketing. I interpret this as confirmation from Comcast that they are 100% certain their product does not offer significant enough value for someone who has tried it to actively choose it. At ESET we know that a lot of people who try our product will be impressed enough to choose to purchase our products.

I recently went to a street fair and a lady had a booth where she was selling homemade desserts. Do you think she required a credit card to sample the pecan bars? Oh no, no, no, she knew the quality of her desserts was such that if you tried one you would probably buy a bunch of them. Does LinkedIn have that kind of faith and confidence in the quality of their premium membership?

I recently got an email from LinkedIn offering me a month of their premium membership. The stinger in the honey is that if you don’t cancel the premium membership by the 30th day they start charging you. Again I interpret this as meaning LinkedIn is so certain I would see no added value to a premium membership that they do not believe that sampling their premier service will convince me to choose to pay for. That isn’t a free month of premium membership, it’s a stinky marketing ploy. I honestly believe LinkedIn simply hopes I will forget to cancel so they can collect money without offering value.

Coming back to Sony, I did a little research and found that Debix, the company Sony chose to provide the ID theft protection service, doesn’t place stingers in their honey. Debix is not going to sting you at the end of a year. If at the end of the year you want to buy their service to continue the protection then you have to make that choice yourself. That said, Sony tells you what the ID theft membership entails and the Debix terms of service indicate that they can change or remove features at any time. Debix probably won’t reduce your benefits, but you should know that it can happen. The “up to 1 million dollars” insurance benefit could be gone in a month.

Sony also has announced that they will be launching an “appreciation program” for their loyal customers. Again, it is important that you read the fine print of your offers. At this point Sony has been kicked really hard by assorted hackers after they were already down. The last thing they need is to further anger their loyal customers, so I would not expect them to put stingers in their honey, but, as the saying goes, trust but verify. I certainly hope and expect that Sony is going to get this one right.

If you read the comments below the article on page one at http://blog.us.playstation.com/2011/05/05/sony-offering-free-allclear-id-plus-identity-theft-protection-in-the-united-states-through-debix-inc/ and then go to the third page of the comments http://blog.us.playstation.com/2011/05/05/sony-offering-free-allclear-id-plus-identity-theft-protection-in-the-united-states-through-debix-inc/comment-page-3/#comments you can see how shaky the ground is that Sony is walking on right now with their customers. An insincere gesture of goodwill would certainly not be in Sony’s best interests right now.

If you were a member of PlayStation Network or Qriocity at the time of the data breach and based in the USA, you can sign up for your free year of identity theft protection at https://www.allclearid.com/sony. If you are eligible I think it would be a good idea for you to avail yourself of the service.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America