Amazon peddles payment service
Web payments for all in US this Christmas
Posted in Management, 29th October 2009 15:31 GMT
Free whitepaper – Hands on with Hyper-V 3.0 and virtual machine movement
Amazon.com is offering PayPhrase which allows you to pay for purchases at several different websites using your existing Amazon profile.
First you set up a phrase and a four digit PIN on your Amazon profile. You can then use this combination to pay for stuff on partner websites including buy.com, DKNY and Jockey without having to set up different accounts.
This service will be available on all sites using Checkout by Amazon.
The bookseller is also punting the service as an easy way for parents to allow, and oversee, their kids' purchases. You can set monthly allowances and preview and approve purchases for credit card-less teenagers or students away at college.
It also supports subscription payments and charity donations. The service is only available in the US.
More from Amazon here.
No word from the UK press office as to if, or when, we can expect the international roll-out. ®
Free whitepaper – Hands on with Hyper-V 3.0 and virtual machine movement
COMMENTS
Serious Concerns
This seems like a very strange idea. By far, the biggest concern for most web shoppers is the rising threat of credit card fraud, not the effort expended in typing a credit card number.
This whole model seems mathematically weak. Amazon actually suggest in their blurb, that it might be convenient to use your first name as the first word in the phrase.
I'm not an expert on linguistics, but I think there are 10000 words in common usage and 50% of English language is made up of the first 600 words.
It does not take a genius to figure out that extremely rapidly every combination of words that you or I would think of, will result in a valid passphrase, particularly as they do not allow numbers or special characters in the passphrase.
Therefore the passphrase appears to have virtually no security value at all.
So what would protect my credit card? No login, no presentation of CV number, no match of address supplied against the address registered with the card, my name does not even need to be presented - just a four digit pin.
If I get this right then, there's soon after launch a theif will be able to pick any two words, and then guess a pin. One time in ten thousand its going to be correct? How long would it take even the least experienced developer write a loop that carries out 10000 guesses?
If I were to get drunk and leave my credit card in a bar. I would cancel it because I'm not an idiot. This appears to be like leaving your credit card in every crook-filled bar in every seedy place in the world. However the analogy is not quite right. If I were to physically loose my credit card, a thief would at least got to pick it up, which requires more effort.
Please, someone put me straight. I would prefer to look like an idiot and be reassured, than continue to believe that a company I have previously trusted so much could come up with such an idea.
IT infrastructure monitoring strategies
The new Office:
Enabling efficient data center monitoring
