Login and Pay with Amazon Offers Convenience and Security Threats

log-in-and-pay-with-amazon-300Ecommerce merchants lose up to $3 billion in revenue each year to cybercrime attacks. Much of this revenue loss can be avoided if consumers take strategic steps to protect individual accounts. To protect against cybercrime, ecommerce customers should avoid engaging in suspicious activity such as clicking on suspicious links and offers from third-party sources and they should always use use unique logins and passwords for each ecommerce website they purchase from.

While cyber security experts discourage using the same login credentials across ecommerce sites, a new feature from Amazon, Login and Pay with Amazon encourages a single login for multiple retailers. Through participating partners, Amazon’s 215 million customers can purchase products using their existing Amazon account login and credit card credentials.

This service enables merchants to collect insights on customer shopping behavior and preferences using information from the Amazon database. Customers also benefit because they can make several purchases without entering account information on multiple sites each time.

While Login and Pay with Amazon offers convenience for merchants and consumers, there are severe security concerns associated with this service. Specifically, if one of the participating retail websites is compromised, login and credit card credentials for several websites can be exposed to cybercriminals.

In addition to consumers taking caution through unique passwords and other measures, ecommerce merchants must put preventative measures in place to protect against cybercrime – especially during the busy holiday shopping season.  One way retailers can protect consumers is by leveraging collective intelligence from a global network to stop cybercriminals before they have the chance to compromise accounts.

Leveraging Intelligence from a Global Network

Due to the high volume of transactions during the holiday shopping season, retailers often do not have the bandwidth to scan individual transactions for fraudulent activity.  To effectively differentiate between fraudulent and authentic transactions, ecommerce merchants should leverage collective data from a global intelligence network comprised of device identification characteristics, user and persona profiles, past behavior, detected relationships and threat assessments. Specifically, retailers can link customer accounts to their devices, addresses and previous transactions to build a repository of legitimate customers and fraudulent account credentials that require additional screening.

Leveraging a collective network enables ecommerce merchants to analyze logins, payments and accounts to evaluate the data relating to both the user and their associated devices from desktops, laptops, Web browsers and mobile apps. Evaluating the data across channels helps protect against the following cybercrime threats:

Payment Fraud: A collective network helps ecommerce merchants protect transactions from payment fraud while creating a more convenient customer experience by reducing false negatives – incorrectly labeling an authentic transaction as fraudulent.

Account Takeover: Using a collective network, ecommerce merchants can spot red flags associated with account takeover, including multiple devices accessing one account, spoofed browser settings and changing account data such as billing or shipping addresses. Such technology also protects customers from malware targeting credit cards online and protects against automated logins from compromised devices.

Following the launch of Login and Pay with Amazon, consumers must remember to take caution when it comes to using login credentials across accounts. While such services may be convenient, they pose a severe cybecrime risk. Ecommerce merchants must also play their part in protecting customers against payment fraud and account takeover. Given the significant amount of revenue lost each year to cyber attacks, consumers and ecommerce merchants must make cybersecurity a top priority.

Andreas Baumhof is chief technology officer at ThreatMetrix.