The title of this link is very misleading. Amazon is actually going out of its way to provide excellent customer service, and is being exploited by a scammer. It is therefore not "Amazon's Scam", but a scam perpetrated against Amazon.
As to whether or not something should be done, this is a sensitivity/specificity tradeoff. Too far in the other direction of distrusting customers and Amazon ends up like Paypal.
Paypal's customer service isn't bad because they don't trust the customer in terms of authentication - it's bad because they have horrible policies in place, and their reps are unintelligent, untrained, and unhelpful.
In any case, some authentication aside from "Full Name" would be nice. When I was with Liquid Web, I had a pass phrase set up, which I could pass off as regular conversation even in a crowded room without anyone suspecting it was my authentication. That works best. Even a birth date and city of birth would be better than a name.
> Paypal's customer service isn't bad because they don't trust the customer in terms of authentication - it's bad because they have horrible policies in place
This is true. I got locked out of my Paypal account because I had the audacity to log in from a nearby country (Germany). Fair enough, though maybe a bit overzealous. To get control back they then had to charge a small, random amount of money to my account and phone my registered phone number to give me a code to input. Reasonable, perhaps, except that it didn't work! and to this day still hasn't. I can't count the number of times I entered in the code. So I just created a new account with an alternative email instead . . .
This was a few years ago admittedly, so maybe they're better now, but it's one thing to have overzealous policies and quite another to implement those policies poorly. And that's not even getting into the one time I actually needed PayPal buyer protection, because I'm sure we could all be sharing PayPal horror stories all day if we go down that road.
As a such, perhaps you have some interesting insights into what might be causing PayPals uniquely poor (it seems) CS record? It seems that the majority of PayPals public CS failures could have been avoided with a minimum of, well, intelligence, training and helpfulness.
I don't know what the hell you were doing then because I've never had any good interactions with Paypal. Ever. Last time I tried disputing a charge when the seller disappeared on me (and several other buyers) I couldn't even get a response from PayPal at all. That was the last time I used it.
FWIW customer service survey results were not bad at all but it was five years ago, I know nothing about current situation, and each market is different.
Exactly. This is why we can't have nice things. Here is a company that has given its CSRs enough power to resolve issues, and someone is taking advantage of it. Clearly, they need to implement something like the pin number challenge Chris mentioned, but I for one am impressed that Amazon trusts their customers to this extent. Someone has just found a weak link to exploit, and Amazon needs to fix it, but I hope this doesn't make them change their policy of trusting the customer.
I'm mostly surprised they allow so much power to phone reps. In my way-too-many years of using Amazon I've had to call them precisely once, about trying to get an SSD replaced that had died just outside of warranty (yes, they did replace it). I've placed at least 150 orders with them in the last three years alone, probably closer to 200, and have had to perform a handful of returns; all but that one were done online, very easily, and that special case existed only because I was outside the standard return window.
As the article points out, their web-based security seems pretty darn solid. Nearly any account change requires reauthenticating with your password, and only recently did they start to roll out support for a more persistent auth for viewing what most people would consider non-critical info (order history, etc). With the exception of a phone-based password reset - which should not cause a problem like the one described here - they could require even a web-based PIN (behind the login-wall, of course) for chat and phone support; live chat could skip this if the user already has a fresh auth.
I hope for everyone's sake that Amazon is able to prevent this kind of problem without harming their fantastic customer support. There's a reason I've averaged an order every 5.3 days this year (I can stop any time I want to, but thank you for your concern!)
As a customer, I would prefer they do _not_ trust people claiming to be me. I've called customer support all of once, and almost never buy anything from Amazon these days, so anyone claiming to be me probably isn't. I'm not impressed, and would like them to stop doing that, since otherwise the safest thing is for me to close my account.
As to whether or not something should be done, this is a sensitivity/specificity tradeoff. Too far in the other direction of distrusting customers and Amazon ends up like Paypal.