Amazon.com - Amazon.com stores credit cards without EVER asking for customer permission - leads to fraud

Posted on Monday, March 24th, 2014 at 12:57pm CDT by Matthew P.

Product: Amazon Prime

Company: Amazon.com

Location: US

URL: Amazon.com

Category: Online Shopping

Yesterday I happened to check my Amazon orders in process and discovered, to my horror, that someone had placed an order on our account and that the item was 'preparing for shipment.'

While it was 'only' a $140 computer gaming mouse, and I happened to catch it 'in time,' this event brought up several issues I have (and have raised with Amazon customer service repeatedly) with their fiduciary responsibility to their customers.

I have purchased, literally, tens of thousands of dollars worth of goods on Amazon over the years. Usually this process has gone well and there are any number of good things I could say about their product selection and ordering process.

I have also usually found their customer service to be superb - highly responsive and extremely efficient at solving even the smallest problem.

So it is with some discomfort that I bring forward the true nature of my complaint.

Simply put, there is NO excuse for the irresponsible manner in which Amazon's back-end order processing system STORES users' credit cards. Not only does it store them - but it does so entirely without the express permission of the customer. Im NOT talking about some fine print legal runaround wherein Amazon can probably correctly claim that we - the customers - gave them some blanket permission to do whatever they want with our credit cards and store them. I'm talking about the fact- in the glaring light of day - that this company stores every credit card you ever put in their system and does so without asking the customer.

In an age of hacking, identity theft, and egregious breaches of e-commerce and other sites with critical personal and private information this is UNACCEPTABLE. It is an unacceptable risk policy and it is made even more so by the fact that it is done surreptitiously.

Which leads me to my next point.

I notified Amazon customer service of the breach of my account and the associated fraudulent order. Their response?????

They notified me that they (after I notified THEM) had noticed account activity that appeared to be a breach of my account and they were changing my password to a temporary password and blah blah blah.

ARE THEY SERIOUS?

I notified THEM.

I had already changed my username/email, my password, and deleted all vestiges of stored credit cards (6 of them).

THEY did NOTHING. Except make me have to change my password again. I had already deleted the as yet unshipped order. Or cancelled it or whatever. Fortunately it had not shipped yet - to some guy in Kansas or whatever.

All of this speaks to a shoddy system. I'm a cybersecurity student. I knew that some day this would happen. Amazon claims that it has nothing to do with stored credit cards but I ask you - how exactly would this person have been ABLE to place - successfully - an order using our account if it were NOT for the fact that there were stored credit cards???????

The answer? IT'S IMPOSSIBLE. No matter what Amazon customer service says. No credit card... NO ORDER.

It stores the WHOLE THING - and doesn't even ask for a CCV. If you have one click ordering - it's another DISASTER.

My family has gotten so used to using our Amazon Prime account - partially because it is SO EASY to buy things without even giving it a second thought. Click and buy.

Great if it is authorized purchases. NOT GREAT if it's some hacker in Kansas.

YOU DECIDE if they are playing with our money for the sake of ease of ordering - which serves THEM most of all because it ramps up their profits BIG TIME. Easier and easier ordering is inversely correlated with privacy and security.

It's even WORSE because our 'credit cards' are actually debit cards and the money comes directly out of our bank account.

I'm going to post this on my two blogs as well - personal and cybersecurity.

By the way - Amazon also tried to pin this on us - saying that we should avoid clicking through in emails (spoofed obviously) that ask us for account information.

REALLY??????????

Gee. I think that I have enough functioning and firing neurons to have figured that out and so did my family - like 10 years ago.

Who are they kidding?


0 Comments

Post a Comment