Transaction and Account Security
We know how important account security is to you, and we've taken several steps to help keep your Pay with Amazon account information secure. There are also some steps you can take to protect your personal information and your account.
Account Verification Processes
Your Pay with Amazon account is subjected to several verification procedures to maintain the highest levels of security, trust, and protection.
If you are a new Amazon customer and you create a new Pay with Amazon account using the Pay with Amazon website, you must select two security questions and complete the e-mail verification routine.
When you're logging in to your account, we take precautions to protect your account. First, whenever you log in to your Pay with Amazon account, you log in using a secure server connection (https://). We use Secure Socket Layer (SSL) with 128 bit encryption, the industry standard in secure server protection.
Your account is also protected by a unique password created by you. You should not use common words or phrases as your password. Instead, your password should be at least six characters comprising both numbers and letters in both upper and lower case. We also request that you keep this password confidential. Sharing your password can compromise the security of your Pay with Amazon account.
Be Wary of Internet Scams
- DO NOT make a payment to claim lottery or prize winnings, or on a promise of receiving a large amount of money
- DO NOT make a payment because you are "guaranteed" a credit card or loan
- DO NOT respond to an Internet or phone offer that you aren't sure is honest
- DO NOT make a payment to someone you don't know or whose identity you can't verify
When in doubt, ask the intended recipient for more information about the purpose and safety of the requested payment. Do not send the payment until you are comfortable with the transaction.
Identifying Phishing or Spoofed E-mails
From time to time you may receive e-mails that look like they come from Pay with Amazon, but they are falsified. These e-mails may direct you to a website that looks similar to the Pay with Amazon website; you might even be asked to provide account information such as your e-mail address and password combination.
These false websites can steal your sensitive login or payment information which is then used to commit fraud. Some phishing messages contain potential viruses or malware that can detect passwords or sensitive data. (We recommend that you install an anti-virus program and keep it updated at all times.)
Here are some key points to protect yourself from fraudulent e-mails:
1. Know what Pay with Amazon won't ask for by e-mail
- Your bank account number
- Your credit card number, PIN, or credit card security code (including "updates" to any of the above)
2. Be wary of attachments in suspicious e-mails
We recommend that you do not open any e-mail attachments from suspicious or unknown sources. E-mail attachments can contain viruses that can infect your computer when the attachment is opened or accessed. If you receive a suspicious e-mail purportedly sent from Pay with Amazon which contains an attachment, we recommend that you delete the e-mail -- do not open the attachment.
3. Look for grammatical or typographical errors
Be on the lookout for poor grammar or typographical errors. Some phishing e-mails are translated from other languages or are sent without being proofread, and as a result, contain bad grammar or typographical errors.
4. Check the return address
Is the e-mail from Pay with Amazon? While phishers can send forged e-mail to make it look like it came from Pay with Amazon, you can sometimes determine whether or not it's authentic by checking the return address. If the "from" line of the e-mail looks like "email@example.com" or "firstname.lastname@example.org", or contains the name of another Internet service provider, you can be sure it is a fraudulent e-mail.
5. Check the website address
Genuine Pay with Amazon websites are always hosted on one of the following domains:
Sometimes the link included in spoofed e-mails looks like a genuine Pay with Amazon address. You can check where it actually points to by hovering your mouse over the link--the actual website where it points to will be shown in the status bar at the bottom of your browser window or as a pop-up.
We never use a web address hosted on a domain other than the ones listed above. For instance, variant domains such as "http://security-paywithamazon.amazon.in/" or an IP address (string of numbers) followed by directories such as "http://123.456.789.123/paywithamazon.amazon.in/" are not valid Pay with Amazon websites.
Alternately, sometimes the spoofed e-mail is set up such that if you click anywhere on the text you are taken to the fraudulent website. Amazon will never send an e-mail that does this. If you accidentally click on such an e-mail and go to a spoofed website, do not enter any information; instead, just close that browser window.
6. If an e-mail looks suspicious, go directly to the Pay with Amazon website
When in doubt, do not click the link included in an e-mail. Go directly to https://paywithamazon.amazon.in and click Your Account in the top right menu to view recent purchases, or review your account information. If you cannot access your account, or if you see anything suspicious, let us know right away.
7. Protect your account information
If you did click through from a spoofed or suspicious e-mail and you entered your Pay with Amazon account information, you should immediately update your password. You can do this by going directly to https://paywithamazon.amazon.in and click Your Account. On the next page, click the Change your name, e-mail address, or password link.
If you submitted your credit card number to the site linked to from the forged e-mail message, we advise that you take steps to protect your information. You might want to contact your credit card company, for example, to notify them of this matter. Finally, you should delete that credit card from your Pay with Amazon account to prevent anyone from improperly regaining access to your account.