Data is now essentially the lifeblood of today’s modern industries. Not only does it provide insights for effective decision-making but it can also be used to predict and influence consumer and user behavior. Companies like Amazon and Netflix, for instance, use big data and analytics to better understand their customers in order to create products and services that generate more sales and repeat business.
However, in the wrong hands, data can also be used for shady purposes. The Facebook and Cambridge Analytica scandal showed how data misuse could have history-defining consequences. Profiles generated from personal data can be used to promote political views and sell ideologies that are influential enough to determine the outcome of national elections.
Speaking of Amazon, the US-based e-commerce giant may just be involved in a brewing data debacle that could rival Facebook’s in terms of magnitude. Chinese payment processors are found to be requiring partner Amazon merchants to commit practices that expose customer and financial information. Given the growing tensions caused by US-China trade war, a data scandal involving Amazon and China could have global ramifications as well.
Another Mess in the Making
Amazon merchants looking to conduct business in China need to partner with Chinese payment processors such as LianLian Pay and Pingpong. As such, merchants have to integrate with these payment systems in order to streamline order management and fulfillment. What raises suspicion, however, are claims that these payment processors are asking merchants to provide their Amazon Marketplace Web Service (MWS) secret keys.
According to MWS developer guidelines, this isn’t the proper way to integrate systems. There are mechanisms provided by MWS’s application programming interface (API) for merchants to provide access to their data to third-party developers securely and without having to give out secret keys. Secret keys provide unrestricted access to a seller’s data on Amazon including information such as customer shipping data
, and bank and credit card information. Sellers do not have access to customer “bank and credit card information”. Accordingly, they cannot share information they do not have.
Considering that these payment processors may have been given access to secret keys, it is possible that customer data has already been exposed. Pingpong, for example, has processed more than $1 billion in US payments. Given that Amazon sellers are these processors’ principal users, their possession of merchants’ secret keys essentially gives them access to a goldmine of data involving US customers.
Potential Risk to Users
The leak of such information can be damaging across several levels. Customers whose data have been exposed may now be at risk of identity theft and fraud. Personal and financial information can be sold quite profitably in the global black market.
Once in the hands of cybercriminals, the information can be used for other hacking activities including gaining access to other services that use the stolen information or defrauding other businesses using financial data.
Information such as order and transaction histories could also provide insight into users’ preferences and behavior allowing malicious actors to use psychology and manipulation to influence views and perception much like how data from Facebook and Cambridge Analytica were used to promote certain political views.
What could raise even more concern is that these issues are emerging in the midst of US and China’s trade war. The US took a hardline stance in its drive to bring back businesses and jobs onshore by imposing tariffs on Chinese products. US also claims that China has long been engaging in unfair business practices. The Asian giant m however, responded with its own moves against US products.
The claims of Chinese manipulation can be observed even on e-commerce platforms like Amazon. Chinese merchants have brought in goods that are being sold at factory prices against which US merchants simply can’t quite compete. The proliferation of Chinese scammers and counterfeiters are also upsetting the balance of the marketplace and undercutting US intellectual property holders.
Whether there are larger forces at play remains to be seen but there have already been numerous efforts to disrupt US organizations through cyberattacks that originate from China. The recent massive data breach on Marriott hotel guest database that stole half a billion records is suspected to be a state-sponsored attack by the Chinese.
Better Protection Needed
These threats to data shouldn’t be taken lightly. Not by anyone. More people are shifting their day-to-day activities to digital and online, relying on services like Amazon to address their consumer needs. Companies, especially influential industry giants like Amazon, should exert even more effort to secure all aspects of their ecosystems. Otherwise, malicious actors could freely exploit weak links, steal data, and potentially perform acts that threaten even the most casual of users.