Amazon’s one-time passwords backfire on customers

Order something expensive from Amazon and the company may insist that you give their couriers a password to receive the package. But there is one major problem: there is no guarantee that the package delivered to you contains the expensive item in question.

The one-time password (OTP) system “adds an extra layer of security to your packages,” according to Amazon’s website. However, Amazon customers find that even after giving the six-digit code to the courier, they do not receive the expensive item they ordered. Worse still, Amazon may refuse to investigate the missing item, as the OTP is considered proof that it was delivered.

How Amazon OTPs Work

Amazon’s OTP system is, in theory, quite simple.

When an order for a big ticket item is placed, Amazon sends a text message to the customer with a six-digit code. The customer must provide this code to the Amazon courier at the delivery point to ensure that the package reaches the correct customer.

That’s what happened to Alex Bloor, director of a broadband company in England, who ordered an Apple Watch last week.

The watch was just one of three packages Bloor was expecting that day, and when the courier arrived at his house, Bloor provided the requested code. It wasn’t until the courier had left that Bloor realized the delivery only contained two of the three items he was expecting – the Apple Watch was missing.

When Bloor raised the missing watch with Amazon, the company’s customer support team dismissed his complaint. “The Apple Watch has been delivered so no it’s not lost,” replied an Amazon support representative in a support chat, the transcript of which was sent to me.

After Bloor explained the situation, the customer service assistant asked, “How did the courier get the OTP to mark the delivered item?”

Password issues

Bloor is not the only one to have suffered this fate. Post on Redditanother customer reported the same issue with multiple items being delivered simultaneously, but missing the password protected item.

The Reddit user said his courier rang to ask directions to his house and, while he was on the phone, asked for the password to the expensive item. “He arrived about 10 minutes later and handed me a bunch of packages (I had placed several orders, but most were low value items),” the Reddit shopper said. “It appears that every order has been delivered except for the high-value item.”

The customer also received little sympathy when complaining to Amazon. “Amazon claims it was delivered using a one-time password and therefore they will take no further action on it,” the customer wrote on Reddit. They had more than a thousand pounds left in their pocket.

Protect Amazon, not customers

The cases highlight the gaping flaw in Amazon’s password system. As Bloor told me, “I feel like Amazon has come up with a system that can tell couriers that it’s good to steal.” Especially if the password-protected item is just one of many delivered to the customer.

Amazon declined to answer several questions about how the OTP system works, but a spokesperson said: “We have very high standards for the delivery service providers we work with and how they serve customers. We have worked things out with the client and are investigating the incident.

In fact, at the time of this writing, Bloor was still waiting for a replacement watch to arrive, more than a week after the previous one went missing.

What if Amazon sends you an OTP for an expensive item? Be sure to check the package carefully in the presence of the carrier.

Comments are closed.