 MaggsLife is awesomePremium
join:2002-11-29
Woodside, NY | Amazon Payments is asking for SSNs With the recent breach of credit card info by Zappos, an Amazon owned company, there is no way in hell I'm putting my SSN on their servers.
--
Hello, is anyone out there. |
|
 SnowymIRC unix.ro UnderNetPremium
join:2003-04-05
Kailua, HI
kudos:6
 ·RoadRunner Cable
 ·Clearwire Wireless
| said by Maggs:With the recent breach of credit card info by Zappos, an Amazon owned company, there is no way in hell I'm putting my SSN on their servers.
Where's your sense of adventure?
I don't use their service but I might sign up for it just to experience the thrill & exhilaration that can only come by knowingly & voluntarily giving someone your bank account's login credentials.
"Is it safe to let Amazon use my bank account login credentials to verify my bank account?
Amazon never records your credentials in any database, cookie, or browser session. We simply pass your credentials through to your bank to verify the account. When the account is verified, the credentials are no longer available."
For those who believe that I just made that up...
»payments.amazon.com/sdui/sdui/he···outLogin |
|
 NimbusPremium
join:2008-11-27
Moreno Valley, CA
kudos:1 | Oh that does sound exciting! Why couldn't they just use the account and routing numbers to deposit a few cents into the account and then withdraw it to verify the account, like some financial companies do? |
|
|
|
SnowymIRC unix.ro UnderNetPremium
join:2003-04-05
Kailua, HI
kudos:6 Reviews:
·RoadRunner Cable
·Clearwire Wireless
| said by Nimbus: Why couldn't they just use the account and routing numbers to deposit a few cents into the account and then withdraw it to verify the account, like some financial companies do?
Both authentication routines do the same thing which is to verify that an applicant has access to the associated bank account.
It doesn't prove that the applicant owns the bank account or that the applicant is the person named on the bank account -
That makes it a big 'DUH?' if that's an anti-ID theft mechanism because an ID thief is going to often have access to their victims bank account, even more so if they plan on abusing an ID in a way that makes Amazon's payment service a good choice.
Point is that extraordinary risks should yield something extraordinary in return.
All I can see is extraordinary risk with very little in return. |
|
MaggsLife is awesomePremium
join:2002-11-29
Woodside, NY | If Amazon passes the data through to the bank it is in fact transmitted through their systems, where someone can capture it (ala "man in the middle") and pass it through to the real bank.
--
Hello, is anyone out there. |
|
SnowymIRC unix.ro UnderNetPremium
join:2003-04-05
Kailua, HI
kudos:6 Reviews:
·RoadRunner Cable
·Clearwire Wireless
| Along with what could go wrong during that transmission there's also the element of the "do's and don'ts" that should be adhered to re online activity.
Giving up your online bank login credentials should be in the top 10 of the "don't do" list, period.
Amazon forcing people to break that rule just acts as a conditioner showing people it's OK to pass on that data when it's really not OK.
It's not a stretch to see an Amazon Payment client landing on an Amazon phish page & not seeing a "re-validate your bank account login" question as being the red flag it should be because Amazon does ask that question in the first place.
Not to mention how that could spill onto other branded phish with a potential victim having been conditioned by Amazon's challenge questions.
I wonder what Amazon does when it encounters an "unknown browser" event when testing the login?
That's an under utilized feature - the recognized browser security feature used by some financial institutions.
It'd slap down this absurd Amazon authentication challenge.
But then again, they might just start asking for the security questions & answers to complete a login.  |
|
