Some realities here...
PCI compliance does NOT say that an Internet vendor cannot store credit card info. It specifically allows that but requires certain standards of encryption and data protection. Thousands of vendors store cc info... Amazon, for example. I'd be shocked if Sony didn't meet PCI requirements since the credit card processors themselves require proof of PCI compliance even from small mom-and-pop operations. For a lot of them, it's built into the credit card terminals so they don't even know they're complying. But if you have a business with a standalone cash register program, if you try to input credit card info into the program, you need to be PCI-compliant to have the program interface with the credit card terminal. Sony being a major Internet vendor, there's no way they don't meet PCI standards.
Now, if all that's true, how do credit card numbers get stolen by hackers? Well, PCI compliance can be certified by processors with respect to the transmission of credit card info from a vendor to the processor. How the vendor secures cc info in its own databases is not as easily verified. Basically vendors simply confirm to the processors, sometimes just by completing an on-line checklist on their "word of honor" that they comply with the requirements, one of which is, for example, not to store cc info without adequate encryption and password protections for the systems involved. But as far as I know this isn't subject to independent review unless an audit is triggered by something like... what happened here.
I doubt Sony stores the 3-digit CCV code... it's highly against the rules to do so and I think every single time I've ever bought something from Sony I had to enter the CCV code. This gets verified by the processor, not by the vendor. Of course one of their programmers could have fucked up and trapped this coded and saved it but that would be a big bad NO-NO especially for a company the size of Sony.
Now given the ridiculous programming bugs in their game code which often survive beta testing and get out into general play... I suppose anything's possible.
Everyone is entitled to an annual free credit report from each of the 3 big credit card houses. I suggest everyone make use of that. Don't order all 3 at once; order one now and then the other two at 4-month intervals in future. The place to get them is:
www.annualcreditreport.com
not those bastards at "freecreditreport", which charges for their "free" reports. Yeah, the reports are "free", with a paid subscription to their stupid monitoring service. I always love that bullshit... what if I ran an ad which said:
Unlimited free use of a 2011 Mercedes-Benz C300!
...with purchase of a 2011 Mercedes-Benz C300
Would that be fraud?
Finally, what should concern us more is that account login names and "hashed" passwords have been stolen. I sure hope "hashed" means that the passwords are encrypted. And nobody's mentioning if the hackers got access to the program which decrypts those hashed passwords. If they did we better all be changing our passwords as soon as possible. Plus Sony should allow us to change the log-in names, altho knowing Sony they won't ever do this since it would amount to a huge fuckin' deal and they'd mess it up big-time anyway.