AmazonCard is a decentralized application, designed to create a new payment method for Amazon. When you’re a user of Amazon, you have to pay with your credit/debit card to buy a product. Amazon may then use your payment details to facilitate sales to merchants on its site. The addition of AmazonCard to the system makes buying products just a bit more useful and efficient for the user.
Amazon is probably one of the most successful online retailers in the world, and while they offer great support on their site, they haven’t made their software open source for users to fix or improve. Amazon, for those of you who aren’t familiar with the company, was founded by Jeff Bezos, and is currently the most valuable private company in the world.
The AWS ecosystem is Amazon’s cloud service that provides hosting and bandwidth to many applications in the modern digital world. With Amazon’s own payments system, AWS, the number of users of Amazon’s platform and the development time to do so is significantly reduced. With many digital content stores, including Amazon, customers must upload their own payment information, which is often duplicated across multiple sites. When you order a book from amazon, Amazon has the entirety of your payment history and record, along with the credit card information, to work with in order to give you the service that you paid for. This is where AmazonCard comes in.
AmazonCard allows Amazon to use your payment information in their payment system without actually storing it on your behalf, on their server. The card is distributed to merchants on their site, and their transactions take place using Amazon’s payments system.
The System
AmazonCard is written in Java, and leverages the payment systems of both Amazon and Google. In the case of Google Checkout, the transaction is completed in plaintext, which can be intercepted in order to conduct malicious activities. Amazon, on the other hand, uses their own native payment system, Amazon Web Service Payment Method API. It works by sending a special type of cryptographic token to the merchant to validate the transaction. After that, the merchant sends it back to Amazon to add to their database. All the Amazon needs is that token, and they have all the information about the purchase. You can read more about how it works on the Amazon web site.
For Amazon, all the data is stored in a decentralized manner. This means that the company could change its system at any time without the need to break the data off into a separate system, which means that as Amazon’s system changes, so does the infrastructure of the card’s service, meaning you are still able to use your credit or debit card, and Amazon will be able to continue to provide your service.
Partnership with Google Checkout
Google Checkout is a payment platform that offers a very similar service to Amazon. The main difference is that the Google Checkout network uses a relational database instead of an immutable key value store. This gives the company the ability to add new merchants to the system and to handle new payment methods, all of which are compatible with their payment method. However, as of right now, there is no integration between the two systems. However, there are a few advantages to using Google Checkout as opposed to Amazon’s system, such as a smaller merchant approval process, and a wide variety of payment methods, and pricing options.
The Current Status
The system works in its current state. It requires one Google account, a unique transaction ID, a unique transaction token, a unique merchant ID, and the solution must be activated by a particular website that will run the card. Once all of the data has been submitted, the system will work as intended, and your transaction will be approved.
The biggest question people have at this time is whether it would be possible for hackers to abuse the system in order to steal money from users. One of the biggest problems is that the system has not been exposed to the public, and therefore no one has had the chance to do an internal audit and validate its security. When Amazon first announced the system, they advised users to never type in their card numbers. The reason for this was that the actual system is built on very secure, unbreakable standards and is completely open source. The credit card companies have agreed not to interfere with the system, and no data from their systems is sent to Amazon’s servers.
Even if one of the credit card companies did decide to interfere, there are other ways to remove funds from the system. For example, if a merchant is hacked and their system is hacked, the card will not be usable anymore. If you enter a number that is rejected by the payment system, the card will not be usable anymore.
To answer the question of whether or not it is possible to steal money, the system is completely decentralized and requires no centralized point of failure. Any person, even if they are the system’s owner, has the ability to end the transaction if they do not like the price. The only problem is if the merchant itself can no longer perform its role in order to process the transaction. This is why the system’s owner is required.
Recommendation
If your transaction is going to be made using a credit or debit card, you would be wise to set up Google Checkout or an equivalent system in place in your business. The overall security of the system is not as strong as Amazon’s, but it is still better than a system that does not offer you any protection at all.
This article is part of our free online eCourse to Design Secure Payment Systems.
Tags:
Sign up for the free monthly newsletter for security specialists: Subscribe