We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Unauthorized debit card transactions
Options
Comments
-
LOL.securityguy wrote: »Mine's sixteen random characters drawn from all the printables, or around a hundred bits of entropy.
The point was that Amazon allow having weak passwords that the majority of other companies dealing with financial transactions simply wouldn't allow you to have. That's why these companies have special requirements for passwords, check the strength when you create it and reject if it fails the strength check.0 -
LOL.
The point was that Amazon allow having weak passwords that the majority of other companies dealing with financial transactions simply wouldn't allow you to have. That's why these companies have special requirements for passwords, check the strength when you create it and reject if it fails the strength check.
Amazon also have other checks and balances. Ordering for an item to be delivered to a place in your address book doesn't require re-entry of card details. But specifying a new address (y'know, like a fraudster might want to do), requires verification of card details too. I expect they'll have other internal systems to spot fraudulent behaviour which normal customers won't usually run into to.0 -
I use Steam regularly - it's a well established and reputable games distribution platform.
Your card details are stored, but you must specifically tick a box to allow them to do so. With all purchases you must select the product, click 'buy' then you are prompted to select the saved payment card you wish to use. You then must confirm this transaction then agree to their T&C's regarding refunds (i.e. digital distribution, product delivered immediately, no right to cancellation etc). Only then is the transaction processed and an email sent to the registered account holder.
I think that rather than complaining to Steam, your bank or VISA, you need to sit down with your child and have a very serious chat.0 -
LOL.
The point was that Amazon allow having weak passwords that the majority of other companies dealing with financial transactions simply wouldn't allow you to have. That's why these companies have special requirements for passwords, check the strength when you create it and reject if it fails the strength check.
That's a fair point, and indeed I just changed my password to "password" to prove your point (and changed it back immediately, of course).
But provided Amazon don't leak a set of hashes (and their infrastructure security has been pretty good to date), part of me says "so what?" Is there evidence that Amazon passwords are being guessed by on-line attackers, unknown to the victim, who are throwing guessed passwords at guessed email addresses in order to hijack the account? And, most importantly, are the accounts then being successfully mis-used? The recent hoo-hah in Wired was a very interesting social engineering attack on Amazon, and clearly their processes failed big-style, but it just doesn't scale: it involves multiple phone calls using fake credit card credentials. And it was targeting a by-product (the last four digits of a credit-card number), rather than making purchases.
You'd need to speak to people who see customer-side fraud, but I'm (a) very sceptical about claims that accounts are being hi-jacked by people unknown to the alleged victim and (b) even if they are, even more sceptical that Amazon and/or the card issuer wouldn't immediately refund if your card was used to ship a washing machine to Farawayistan. Most of the claimed attacks on Amazon shipments read like James Bond movies (people lurking in the bushes near delivery addresses) and the volume is, I'd suggest, minuscule. If there were appreciable volumes of fraud against Amazon, the card issuers would be a lot more likely to refuse transactions, and they simply don't.0 -
Well, this is far more weighted statement than the one that I was arguing with:dalesrider wrote: »...Any breech of this is not Amazons fault, but the fault of the account holder.0
-
Well, this is far more weighted statement than the one that I was arguing with:
You seem to have a major downer on Amazon.
You are aware that you do not have to store your card details and can delete them and reenter everytime you purchase anything.
Amazon clearly think that their internal systems are good and strong enough to handle fraud attempts.
As I said I see only and handfull of fraud on amazon accounts over a year. Most of these due to people responding to phishing emails...
So amazons systems are clearly head and shoulders above other online retailers. Especially when you consider their size.
Unlike someone like 02, or other mobile phone provider who I can see 20 0r 30 a day too....
Yet these use VbV ????
Of course I know the fraudsters are not getting round VbV there are other ways of topping a phone up.
Now who has the weakest system?Never ASSUME anything its makes a>>> A55 of U & ME <<<0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards