Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Amazon Credit Card security??
August 24, 2006, 4:32 pm
rate this thread
an additional layer of security, all credit card numbers provided to
Amazon.com are stored on a computer that is not connected to the
Internet. After you type or call it in, your complete credit card
number is transferred to this secure machine across a proprietary
one-way interface. This computer is not accessible by network or modem,
and the number is not stored anywhere else."
Now, I'm wondering how this can possibly be since
1) Amazon does keep credit cards on file and charges them.
2) Amazon displays part of your credit card number when you are a
returning customer during the checkout process.
If it is a one way connection to this server which isn't connected to
the Internet or to a modem, how can they possibly ever charge credit
Re: Amazon Credit Card security??
Ok, I'm not defending Amazon or claiming they're ultra-secure or
They never claimed otherwise.
So does Orbitz and a lot of others. Don't forget there's more than one
way to store information. It would even be possible to store those 4
digits on your computer in the form of a cookie, although this is not
how it's done because many people delete them. More likely is a
database containing those 4 numbers that's completely separate from the
"main" credit card info. Those 4 digits are used to determine which
account to charge (you can enter more than one credit card number at
Amazon), and the publicly accessible machine simply tells the
non-public machine to do a transaction for Joe Blow using card #1234
rather than card number #4321.
I can think of a number of ways, the most likely being that the machine
holding the credit card info does the transaction via it's own
proprietary connection to the "bank" and then simply returns a yes or no
answer, or that the machine holding the credit card info compares a
hash of the CC number to one generated when it's entered, and then the
transaction is processed by a clearing house or other third party who
also holds a copy of the credit card number on queue from Amazon that
the hashes match. All conducted via non-public connectioins
Actually I could probably come up with a few more ideas on this, but
the general theme would be Amazon's "interface" being hardware
restricted to only transferring very specific information. Most
likely just a True/False indication of whether the transaction is
- » Spyware Doctor interfering with legitimate programs, and won't uninstall
- — Previous thread in » Computer Software Security