
Amazon Payments plus VPN = account closed - ksdev
I tried to pay for Humble Bundle with Amazon Payments while connected through VPN... Goodbye my account and all connected Amazon services together with AWS (with all the files and sites hosted...). As you can see below(1), &quot;your account cannot be reopened&quot; - I cannot even use AWS contact form, because I must sign in before. Amazon people from the main contact site don&#x27;t know how to help me. So here I am, with a few sites hosted on AWS and no access to them.<p>(1)
&quot;Hello from Amazon Payments.&quot;<p>&quot;We are writing to inform you that we have closed your Amazon Payments account and cancelled all open orders.&quot;<p>&quot;We took these actions because our records indicate that an unauthorized person has logged into your account. For your security, the credit card information stored on your account cannot be accessed via our website and your full credit card number is not displayed in your account.&quot;<p>&quot;Due to this unauthorized access, your account cannot be reopened. In order to continue shopping with Amazon Payments, we ask that you open a new Amazon account. Your order history and additional features such as Wishlists cannot be transferred to your new account.&quot;<p>&quot;We are unable to say how your sign in information was obtained since the activities used to obtain these details occur away from our website. Some techniques used to gain access include using malicious software to capture a user&#x27;s keystrokes and Internet activity, trying commonly-used passwords, and sending fraudulent e-mails requesting recipients provide or update personal, financial, or other account information (commonly known as &quot;phishing&quot;).&quot;<p>&quot;For information about safe online shopping, please visit the &quot;Security, Privacy &amp; Accessibility&quot; section of our Amazon.com Help pages.&quot;<p>&quot;We regret any inconvenience, and we hope you will provide us the opportunity to serve you as a customer again.&quot;
======
dangrossman
A month ago I asked this: "Can Amazon terminate an AWS account because you
returned a shirt?" [1]

I didn't get any satisfactory answers, but this is exactly the kind of
scenario I was afraid of.

A business that relies on AWS can be wiped out by an automated script in a
different department. There is no mitigation since Amazon will also close
"linked accounts", so having separate business and personal Amazon accounts
isn't enough. It's super scary.

I tried tweeting @jeffbarr and posting in the AWS forums about these risks,
but got no response from Amazon.

1:
[https://news.ycombinator.com/item?id=10248690](https://news.ycombinator.com/item?id=10248690)

~~~
joesmo
Must've missed that post. Yes, they can. Even if you're a Prime __paying
customer __, whose main purpose in addition to fast shipping is to to allow
you to return things without hassle. See the letter I got below for returning
~$100 worth of shitty merchandise. _Mind you, I did not violate any terms or
conditions and there was no misuse whatsoever._ I replied and got back a very
confusing, generic email that didn't answer any of my questions. I figured it
was their way of telling me they don't want me as a customer.

Since this is the way Amazon treats its customers, Amazon can go fuck itself.
I don't plan to ever buy anything from them again and I strongly urge people
to think of the ramifications of this happening to a business run on AWS. I'm
currently working on moving our company's infrastructure off their system and
writing a blog post about it.

\---

Hello,

We have noticed that you have returned a large number of your orders. While we
expect occasional problems with orders, such large numbers of returns can
suggest that customers are unaware of our return policies.

We want to call your attention to our returns policies because repeated misuse
can result in the closure of your Amazon account. To learn more about our
policies, search “About Our Returns Policies” in the Help section of
Amazon.com.

If there is something we can do to help solve any recurring problems you are
having with your orders, please reply to this email to reach an Account
Specialist.

Sincerely,

Account Specialist

~~~
UnoriginalGuy
Just because I'm nosy, how many individual returns did you generate? I've
returned three motherboards in a row (all from the same malfunctioning batch)
that cost over $150 each, and never got a warning or whatever.

So for less than $100, I cannot imagine why they'd take this action. Is it a
lot of returns on inexpensive things (e.g. 20 $5 items).

------
jordsmi
"Due to this unauthorized access, your account cannot be reopened. In order to
continue shopping with Amazon Payments, we ask that you open a new Amazon
account."

This seems like a very odd way to handle this situation. Just making a new
account wouldn't really help anything if you are compromised. Also i find it
strange that they are ok with you bypassing their ban, and just making a whole
new account.

------
atmosx
What you're describing is rather alarming. They should at least call, send a
notification of sorts, before hitting the big red button. I don't use amazon
pay, so I'm not familiar with it. Do you the the VPN had something to do with
it?

I know PayPal has an automated system which is rather pedantic about IP
addresses. I think that it's safer to setup a proxy and use it every time you
log into a service like PayPal because from I realized by reading user
experiences it's either their way or the highway, even when their autmated
alarm systems are 100% wrong.

~~~
ksdev
There was no notification before closing my account. I've just received an
email: "Your Amazon Payments account has been closed" and thats it. It
happened a good few hours after receiving "Payment initiated" email (about my
Humble Bundle payment).

I'm using NordVPN. It's the first time I've used Amazon Payments through VPN.
As Amazon writes: "our records indicate that an unauthorized person has logged
into your account" \- I don't think it can be connected to anything other than
using the payments through the vpn from another country.

~~~
pki
I'd say NordVPN's shared IPs are almost all definitely completely rampant with
histories of abuse, fraud, carding, theft, and history of use with spammers on
AWS, history of use with stolen credit cards on Amazon, etc.

The response would likely be slightly different if you were using a VPN on
your own self hosted VM or something.

------
signaler
Fraud filter is my Occam's Razor for this one. When it comes to any sort of
e-commerce always use a 'Kosher IP' or an IP which is not tunneled in some
way. 3G/4G/5G? Sims are perfect for this.

------
RexRollman
This whole scenario, and the one Dan Grossman experienced, is just awful and
customer unfriendly. I really hope someone from Amazon fixes this.

