Amazon does not care. A fraudster used our startup bank account to pay at Amazon. We told them, they did not blacklist the user to use our account or take any actions beside removing the bank account (ours) from his Amazon account.
The fraudster did this at least 3 times with increasing amounts of money. Amazon did not care. Only when we went to the police did this stop.
Amazon sold me a phone, the box arrived empty (I wonder why they do not check the weight when it leaves their warehouse, DHL printed a weight on the box that was less than the phone alone). It took Amazon support months to solve this, especially they could or would not cancel the attached mobile phone contract for months.
I had a situation where Amazon couldn't bill my bank account, so they blocked logging in.
I verified with just name and address to a customer service rep and asked for the steps I'd have to do to unlock it again, and they told me that (a) the transaction failed, (b) they told me my IBAN. In plaintext. The full IBAN. (c) and then they told me the steps to fix it (wire them the money that I was owing them, plus 6 EUR. Standard procedure in Germany).
In the end, everything worked again, but, the fact that they gave out by IBAN — enough info for anyone to go and pull money from my account — is making me so angry.
Could you tell how knowing IBAN enables someone to take money from your account? As far as I understand, the only think that can happen with IBAN is to receive money.
Maybe you're thinking of credit card number? The CC's I had had different CC number and IBAN account.
SEPA direct debit allows you to pull money via IBAN (+ BIC, depending on the countries involved in the transaction).
Specifics vary from country to country. Some require active approval from the customer (IIRC France, probably more), others "just work".
Fraud is not as common, since bank accounts that are allowed to debit money this way are generally only available to companies who have to sign paperwork ensuring that they have written permission from each debitor. Additionally, although this might be country-specific as well, chargebacks can be initiated without providing any reason for at least 8 weeks, and in case of a fraudulent transaction, up to 13 months.
Thanks! That's something new that I didn't hear before. For interested parties seems [0] has some information. I need to check with my bank then to see how it works in my country.
If you call a bank or another entity, that has your bank information on record, and claim to be someone specific, can answer basic questions and knows the full IBAN - perhaps they believe you are who you claim to be. This is social engineering, and it works.
I think parent specifically mentioned that just IBAN is enough which sounded very unprobable for me. Another comment explained that it's possible but in very specific accounts.
How would you pull money from an account by knowing just the IBAN? That's just the public address of your bank account and can be used to give you money, but you need all kinds of authentication to actually get money out of that account.
SEPA Direct Debit, or "Elektronisches Lastschriftverfahren".
You can go to amazon, give them your IBAN, and buy things, and they’ll use direct debit to get the money from the account specified by the IBAN, no further authentication necessary.
Obviously, you can do chargebacks, but this is still something they shouldn’t publish.
I had a similar experience buying a somewhat expensive watch through them - my wife was surprised to receive a very fancy, and empty, box. However to their credit they sent another one immediately, no questions asked. I really hope for Amazon to fix the issues OP pointed at, as an amazon.de customer I'm extremely happy with them.
The fraudster did this at least 3 times with increasing amounts of money. Amazon did not care. Only when we went to the police did this stop.
Amazon sold me a phone, the box arrived empty (I wonder why they do not check the weight when it leaves their warehouse, DHL printed a weight on the box that was less than the phone alone). It took Amazon support months to solve this, especially they could or would not cancel the attached mobile phone contract for months.