Monday, November 27, 2017

Be sure to deregister Amazon devices purchased as gifts

Buying Amazon devices as holiday gifts? Be sure to deregister them from your account!

Now that post-Thanksgiving shopping is in full swing, here's a brief tip for those purchasing Amazon gadgets as Christmas gifts: if you are giving an Amazon Device to someone outside your household, take a moment to deregister the device from your Amazon account. Otherwise you may inadvertently give more gift than you bargained for.

Amazon devices ship pre-connected to the purchaser's account -- and thus to the purchaser's payment settings. This is the the case for Fire TV devices; it may also be true for Fire tablets and Echo voice control devices. Straight out of the box, an Amazon Fire TV device can purchase digital media and games, billed to the original purchaser of the device.

I actually like this user experience decision: it is quite consumer-friendly, making it simple to unbox it, plug it in, and immediately start using it. Sure there's a potential abuse case here: a device stolen out of the mailbox could be abused to make digital purchases billed to the rightful owner - but those purchases are still tied to your account, not to the device, so there's no transferable value to the thief*. On top of that the purchaser gets a notification as soon as the device is first activated, limiting the window to make fraudulent purchases. And of course fraudulent purchases can be disputed and reversed.

This leads to another tip: where possible use a low-limit credit card, or a prepaid debit card, for any online accounts. That way any fraud is with the bank's money and not yours. A debit card is tied directly to your bank account, meaning fraud immediately hits your cash balance. Sure, you'll get fraudulent transactions reversed and the money back. Eventually. But eventually doesn't help if the rent is due today.

*Digital media is not transferable. However, some apps feature in-app shopping, suggesting it may be possible for a mail thief to plug in a Fire TV and purchase physical items for delivery. Alexa voice commands theoretically would allow for purchasing hard goods independent of any app features.

Do you have something to add? A question you'd like answered? Think I'm out of my mind? Join the conversation below, reach out by email at david (at) securityforrealpeople.com, or hit me up on Twitter at @dnlongen

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.