Tragically, the account hacking itself is only part of the scandal. Even if Microsoft is completely justified in its "blame the user" attitude, it is nonetheless failing quite spectacularly in its duty to safeguard customers against fraudulent transactions. FIFA hacking does not exist on the PS3 for a very specific reason having to do with how each platform handles payment authorizations. Account hacks will always be a problem whether the platform holder is letting the rabble through the front gate or a single user is kidnapped and tortured into giving up his password. For this reason, both PSN and Valve’s Steam store have additional layers of protection against unauthorized purchases.

When a FIFA hacker logs into an account on Xbox Live, the first thing he will do is to try to initiate a purchase of MS points. No matter where he is or what time it is, as long as there is a payment method attached to the account with an available balance, the charge will go through -- no questions asked. Both Steam and PSN handle this potential scenario very differently. If you connect to your PSN account from a new PlayStation 3, PlayStation Portable, or PlayStation Vita, you will not be able to make any purchases through the PlayStation Store unless you reauthorize the saved payment method. This requires again supplying the expiration date and three digit security code for the credit card on record. Valve uses their SteamGuard security, which requires you to enter a code sent to your default email address any time you log into your account from an unrecognized browser or device.

Both methods are extremely effective at discouraging hackers from targeting those platforms. Even if a password is discoverable, there is no way to easily convert that knowledge to cash without additional information, and if hackers have access to a random user’s credit card details or control over his primary email address, there are far more direct and efficient forms of fraud to indulge in. The most baffling part of the FIFA-hack epidemic is Microsoft’s obstinate refusal to implement these kind of simple, prudent protections to the Xbox Live Marketplace.

Above and beyond how these accounts are accessed or the questionable nature of Microsoft’s customer support for hacked users, that is the biggest question in the whole debacle. Why has Microsoft allowed this rampant fraud to continue for nearly a year without implementing any additional payment protections? They have all the power in this situation. They can even see when a user logs off in California and five minutes later the same account is being used on a 360 in Russia or China to make an unusually large purchase. Ironically, if a credit-card company could see that the transaction was coming from overseas and not Redmond, Washington, the transaction would be flagged immediately as possibly fraudulent and the card frozen. Microsoft cannot plead poverty when Gold membership fees bring in more than a billion dollars of profit each year. To claim it would be too complicated to implement in their legacy system is simply unacceptable.

Continuing as if nothing is wrong or that there is nothing to be done is literally inexcusable. For months, Microsoft has ignored the problem, blamed the victims, denied any responsibility, and refused to make the basic improvements their competitors already employ that would solve the problem completely. Sony is a popular Internet whipping boy thanks to the PSN hack last spring, but despite the sensationalistic reporting and the 77 million accounts exposed, there hasn’t been a single case of fraud connected to the intrusion. In contrast, thousands of paying Xbox Live users every month are losing money to thieves thanks to the lax security and short-sighted policies of Xbox Live.

Please do not take this observation as an attempt to -- for lack of a better word -- politicize the situation. Too often, already complex and charged events in the industry become even more confused when they become proxy battles in the great fanboy wars. We are not only talking about very different situations but also very different corporate responses. Despite the persistent perception to the contrary, Sony was incredibly forthcoming about the attack they suffered. It took only a few days to go from initial detection to a very thorough public disclosure where Sony took full responsibility.

And while their security was actually up to industry standards (despite rumors to the contrary), they made the hard choice to bring the entire network down long enough to thoroughly investigate the attack and overhaul their internal procedures. This was at great expense to themselves and their partners, especially those who depended on revenue from digital sales through PSN. For every customer of the free service, they offered identity protection on the chance it would be necessary and as many as four free games.

Sony’s humility and contrition is in stark contrast to Microsoft's arrogant dismissals, manipulative statements, and attempts to evade responsibility. This should not be a Sony versus Microsoft issue mired under the din of ill-informed partisans repeating ignorance as fact in a misguided attempt to glorify their preferred platform at a competitor’s expense. Sony did the best they could in a difficult situation to do right by their customers. We should expect no less from Microsoft, and if they will not make the same effort, holding their feet to the fire is the appropriate response.

Sadly, if Microsoft will do nothing, it falls to the users to protect themselves. Xbox.com has a list of recommended security guidelines for users to follow. Others recommend removing any payment options associated with your account. But the most important thing now is to make sure your Live password is unique and very long. Eight or nine character passwords are no longer sufficient. As a recent XKCD comic points out, a 20-character password you can remember is far more secure than an eight-character password that uses a random combination of letters, numbers, cases, and special symbols. Tell your friends, tell your family. After all, we live in trying times.