Sunday, 1 November 2009

Amazon PayPhrase

Amazon has announced a new payment system, Amazon Payphrase. It has two interesting security properties:
  • Participating websites will not obtain the credit card information
  • Deliveries will only be sent to the address set up at Amazon
Stealing the passphrase or the PIN used for authorizing the checkout won't help cybercriminals so much because they cannot trigger a delivery of the goods to an address of their choice. It seems to me that the system is as secure as Amazon itself. As Amazon has my credit card data anyway I gain a little security because the other websites don't get my credit card number.
Small websites might be happy to be relieved from the burden of credit card handling.
Centralizing the sensitive information will also help when security is to be added to the handling of sensitive information, like using a hardened browser, for example.

No comments:

Post a Comment