(keitai-l) Amazon Japan Payment Security

From: Andrew Shuttleworth <andrew.shuttleworth_at_gmail.com>
Date: 06/18/04
Message-ID: <480c12c704061722157fae51d7@mail.gmail.com>
I'm interested in how Amazon Japan is implementing security and log-in
on it's mobile site. I would like to implement a payment system on a
non-official (at the moment) mobile site.

If I visit http://www.amazon.co.jp/i  I can register at the site
including entering my credit card details. I'm not going through the
official menu and there is nothing pops up to suggest that the site is
secure. So question 1 is is this secure and does this security rely on
being an official site?

Second question would be how they recognise that I am a return user so
that I don't have to input my details again. I presume that they can
do this because they on the official menu. Even if I go to the URL,
the URL of the page I see is something like:
http://www.amazon.co.jp/exec/obidos/dt/i/flex-sign-in/000-0000000-0000000?uid?=NULLGWDOCOMO&page=aa/xml/h/h.html&response=subst/aa/xml/h/h.html
  (I changed the actual digit string to all zeros. I'm using a DoCoMo
P504iS)

I found the following mobile FAQ on their mobile site (in Japanese)
which answers some questions:
http://www.amazon.co.jp/exec/obidos/tg/browse/-/643024/ref=hp_hp_ct_5_5/249-2394455-7721118

The question interests me as it is very well implemented and is
completely transparent from the user perspective. I guess the real
debate is payment settlement systems for sites that are not on any of
the official menus.

A technical insight or references to good resources on this or related
issues would be appreciated.

Andrew
--
Andrew Shuttleworth
Tabemo Dining Club
www.tabemo.com
Received on Fri Jun 18 08:15:34 2004