Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Amazon Payments plus VPN = account closed
29 points by ksdev on Oct 29, 2015 | hide | past | favorite | 11 comments
I tried to pay for Humble Bundle with Amazon Payments while connected through VPN... Goodbye my account and all connected Amazon services together with AWS (with all the files and sites hosted...). As you can see below(1), "your account cannot be reopened" - I cannot even use AWS contact form, because I must sign in before. Amazon people from the main contact site don't know how to help me. So here I am, with a few sites hosted on AWS and no access to them.

(1) "Hello from Amazon Payments."

"We are writing to inform you that we have closed your Amazon Payments account and cancelled all open orders."

"We took these actions because our records indicate that an unauthorized person has logged into your account. For your security, the credit card information stored on your account cannot be accessed via our website and your full credit card number is not displayed in your account."

"Due to this unauthorized access, your account cannot be reopened. In order to continue shopping with Amazon Payments, we ask that you open a new Amazon account. Your order history and additional features such as Wishlists cannot be transferred to your new account."

"We are unable to say how your sign in information was obtained since the activities used to obtain these details occur away from our website. Some techniques used to gain access include using malicious software to capture a user's keystrokes and Internet activity, trying commonly-used passwords, and sending fraudulent e-mails requesting recipients provide or update personal, financial, or other account information (commonly known as "phishing")."

"For information about safe online shopping, please visit the "Security, Privacy & Accessibility" section of our Amazon.com Help pages."

"We regret any inconvenience, and we hope you will provide us the opportunity to serve you as a customer again."



A month ago I asked this: "Can Amazon terminate an AWS account because you returned a shirt?" [1]

I didn't get any satisfactory answers, but this is exactly the kind of scenario I was afraid of.

A business that relies on AWS can be wiped out by an automated script in a different department. There is no mitigation since Amazon will also close "linked accounts", so having separate business and personal Amazon accounts isn't enough. It's super scary.

I tried tweeting @jeffbarr and posting in the AWS forums about these risks, but got no response from Amazon.

1: https://news.ycombinator.com/item?id=10248690


Indeed. I didn't took into account the possibility of having my access to AWS service cut off if there are some problems on the shop account side. Looks obvious now.

It is good that Amazon is protecting user accounts. But the way it was handled in my case is scary - writing just that my "account is closed", it "cannot be reopened" and it's the end, when I have a few sites running on AWS managed to frighten me ;) Maybe they would try to contact me before by phone if I didn't live in Eastern Europe, who knows?

Fortunately, an hour ago I received an email from Amazon saying that my account has been reinstated, so these few times I've contacted them about this problem have an effect.


Must've missed that post. Yes, they can. Even if you're a Prime paying customer, whose main purpose in addition to fast shipping is to to allow you to return things without hassle. See the letter I got below for returning ~$100 worth of shitty merchandise. Mind you, I did not violate any terms or conditions and there was no misuse whatsoever. I replied and got back a very confusing, generic email that didn't answer any of my questions. I figured it was their way of telling me they don't want me as a customer.

Since this is the way Amazon treats its customers, Amazon can go fuck itself. I don't plan to ever buy anything from them again and I strongly urge people to think of the ramifications of this happening to a business run on AWS. I'm currently working on moving our company's infrastructure off their system and writing a blog post about it.

---

Hello,

We have noticed that you have returned a large number of your orders. While we expect occasional problems with orders, such large numbers of returns can suggest that customers are unaware of our return policies.

We want to call your attention to our returns policies because repeated misuse can result in the closure of your Amazon account. To learn more about our policies, search “About Our Returns Policies” in the Help section of Amazon.com.

If there is something we can do to help solve any recurring problems you are having with your orders, please reply to this email to reach an Account Specialist.

Sincerely,

Account Specialist


Just because I'm nosy, how many individual returns did you generate? I've returned three motherboards in a row (all from the same malfunctioning batch) that cost over $150 each, and never got a warning or whatever.

So for less than $100, I cannot imagine why they'd take this action. Is it a lot of returns on inexpensive things (e.g. 20 $5 items).


This is very strange. I return stuff a lot with Amazon. I have returned laptops, cameras, lenses, and a lot of cheaper stuff. Never had any issue. On most of cheaper stuff, Amazon doesn't even want it back, they just refund. My rough estimate is I return 5-10% of orders.

This scares me and makes me want to diversify my shopping with other retailers. :(


"Due to this unauthorized access, your account cannot be reopened. In order to continue shopping with Amazon Payments, we ask that you open a new Amazon account."

This seems like a very odd way to handle this situation. Just making a new account wouldn't really help anything if you are compromised. Also i find it strange that they are ok with you bypassing their ban, and just making a whole new account.


What you're describing is rather alarming. They should at least call, send a notification of sorts, before hitting the big red button. I don't use amazon pay, so I'm not familiar with it. Do you the the VPN had something to do with it?

I know PayPal has an automated system which is rather pedantic about IP addresses. I think that it's safer to setup a proxy and use it every time you log into a service like PayPal because from I realized by reading user experiences it's either their way or the highway, even when their autmated alarm systems are 100% wrong.


There was no notification before closing my account. I've just received an email: "Your Amazon Payments account has been closed" and thats it. It happened a good few hours after receiving "Payment initiated" email (about my Humble Bundle payment).

I'm using NordVPN. It's the first time I've used Amazon Payments through VPN. As Amazon writes: "our records indicate that an unauthorized person has logged into your account" - I don't think it can be connected to anything other than using the payments through the vpn from another country.


I'd say NordVPN's shared IPs are almost all definitely completely rampant with histories of abuse, fraud, carding, theft, and history of use with spammers on AWS, history of use with stolen credit cards on Amazon, etc.

The response would likely be slightly different if you were using a VPN on your own self hosted VM or something.


Fraud filter is my Occam's Razor for this one. When it comes to any sort of e-commerce always use a 'Kosher IP' or an IP which is not tunneled in some way. 3G/4G/5G? Sims are perfect for this.


This whole scenario, and the one Dan Grossman experienced, is just awful and customer unfriendly. I really hope someone from Amazon fixes this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: