Amazon Credit Card security??

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
This is from Amazon's credit card security page: "To provide you with
an additional layer of security, all credit card numbers provided to are stored on a computer that is not connected to the
Internet. After you type or call it in, your complete credit card
number is transferred to this secure machine across a proprietary
one-way interface. This computer is not accessible by network or modem,
and the number is not stored anywhere else."

Now, I'm wondering how this can possibly be since

1) Amazon does keep credit cards on file and charges them.
2) Amazon displays part of your credit card number when you are a
returning customer during the checkout process.

If it is a one way connection to this server which isn't connected to
the Internet or to a modem, how can they possibly ever charge credit

Re: Amazon Credit Card security?? wrote:

Quoted text here. Click to load it

Ok, I'm not defending Amazon or claiming they're ultra-secure or
anything, but...

Quoted text here. Click to load it

They never claimed otherwise.

Quoted text here. Click to load it

So does Orbitz and a lot of others. Don't forget there's more than one
way to store information. It would even be possible to store those 4
digits on your computer in the form of a cookie, although this is not
how it's done because many people delete them. More likely is a
database containing those 4 numbers that's completely separate from the
"main" credit card info. Those 4 digits are used to determine which
account to charge (you can enter more than one credit card number at
Amazon), and the publicly accessible machine simply tells the
non-public machine to do a transaction for Joe Blow using card #1234
rather than card number #4321.

Quoted text here. Click to load it

I can think of a number of ways, the most likely being that the machine
holding the credit card info does the transaction via it's own
proprietary connection to the "bank" and then simply returns a yes or no
answer, or that the machine holding the credit card info compares a
hash of the CC number to one generated when it's entered, and then the
transaction is processed by a clearing house or other third party who
also holds a copy of the credit card number on queue from Amazon that
the hashes match. All conducted via non-public connectioins

Actually I could probably come up with a few more ideas on this, but
the general theme would be Amazon's "interface" being hardware
restricted to only transferring very specific information. Most
likely just a True/False indication of whether the transaction is

Site Timeline