Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Moreover, even if an online thief gets hold of a user’s PayPhrase and PIN, he could only use it to send goods to the address that person has on file. The payment technology cannot be used to buy digital goods, and an attacker could not change the address on file without the password to the user’s Amazon account.

“It is one layer removed from your account and your password,” Williams says. “You cannot change the shipping address or payment method with just the use of the PayPhrase.”

Robert Vamosi, an analyst covering security, risk and fraud for Javelin Strategy & Research, says that many consumers may trust Amazon to protect their information better than smaller websites.

“If I saw a recognizable logo online, I might be more willing to buy,” Vamosi says. “I could see it as beneficial, in that it could open up more places for me to shop online. It also offers more stores my purchasing power.”

In addition, PayPhrase lets people set allowances on their accounts. This feature would allow parents to give their children access to an account that the parents control, or provide workers with limited access to an account controlled by their employer. Such additional restrictions could also offer consumers some protection against fraud.

Amazon’s Williams stresses that PayPhrase is more than just financial information–it’s instructions on how that information can be used. “A PayPhrase bundles a set of instructions,” he says. “At launch it is your payment method and shipping address.”

Such assurances do not completely convince Aite Group’s Holland. “With the address, it reduces the potential for fraud, but there will still be ways around it,” he says. Holland argues that Amazon should not underestimate the impact of social engineering. Malicious sites could imitate the look of the Amazon PayPhrase service to get users to hand over their credentials. “You can have the most robust security in the world, but if you give someone your keys when they ask, then it doesn’t matter,” he says.

0 comments about this story. Start the discussion »

Credit: Technology Review

Tagged: Computing, Web, Internet, Amazon, online payment technology

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me