August 07, 2010

To Protect Me, Amazon Has Decided to Kill Me

For the amount of transparency I put online, combined with my preference to purchase things online wherever possible, I have to count myself lucky that nothing nefarious has ever happened to my data. I have never seen false orders on my behalf, been a victim of identity theft, had to cancel accounts and change passwords everywhere, cut up credit cards, or reverse charges due to anything related to my Web use, so far as I can recall. It's possible that winning streak came to an end this last week, thanks to a flag from Amazon, saying that my account had been suspended immediately, due to suspected fraudulent activity. Rather than take their good advice, I am instead hoping I can prove all is well, and the mistake lies with them. Foolhardy, I know, but worth a shot.

I have e-mail receipts of activity from shopping with spanning for more than a decade. Even though I don't use the site as much as I used to, no longer buying books (as I once did regularly) or CDs (long since replaced by iTunes, Spotify and others), the idea of the account getting zapped, and needing to start over with all-new personalization and buying history, seems odd. I am something of an Internet account packrat, and I like the consistency. And even if it seems naive, I still doubt somebody got enough data to make an order on my behalf - as no other account, anywhere, shows one micron of suspicion.

The odd behavior with Amazon started at the end of last month, I bet. When I moved across town, I changed the address associated with my VISA card. Later, I went to Amazon and changed it there as well, including on my Amazon Wish List, which I typically look at a mere once a year, just before Holidays.

A week later, on August 5th, I got an odd e-mail, which was so text-heavy and non-interesting I almost dismissed it as a phishing scam. Entitled "Account Closure: Please Read", the e-mail explained:
"After careful review of your account, we believe it may have been accessed and used by a third-party to place order(s) without your permission. It seems that someone obtained your personal account and/or financial information elsewhere, and used it on to access your account.

We have closed your account effective immediately because of this possible unauthorized account activity. If this recent account activity (HP Pavilion dv6-3010us 15.6-Inch Laptop) was authorized by you, please reply to this message as soon as possible and we will reactivate your account."
Anybody who knows me knows there is no way I would by an HP laptop. Not for me, not for a friend, not for anyone I actually cared about. So it's obvious something is amiss. After checking the message's details and ascertaining it really had come from, I tried to login to my account, and couldn't get through. It really had been closed after all!

Morbidly curious, I checked activity on the credit card associated with the account, and found nothing weird. Similarly, no other account had a hair of concern associated. Every notification from Blippy could be traced to myself or my wife, and Chase, ETrade and Wells Fargo all came back clean. This only reinforced my thought Amazon goofed somewhere. So I reached out this week to follow up, and there's still a ways to go to finding out the truth.

Amazon makes it hard to reach anybody by phone on their site. Clearly with their scale, they want to avoid inbound calls, if possible. To get there, you have to hit Help, find the Contact Us button, and "Sign In to Contact Us". Of course, I couldn't sign in. Duh. So I clicked to skip sign in and found another set of questions to fill out to describe my story. Again, thwarted by tech, I could only put about 100 characters of description to explain. Try that. It's harder than it sounds.

Needless to say, I made it through and the young woman on the line couldn't solve my issue. There's simply no account assigned the e-mail address any more. After a decade's time purchasing on Amazon with the same ID and having them know me as well as they do, I'm locked out.

I completely understand their wanting to protect me as a customer, and stop problems before they start, but something is amiss. If my credit card data were truly compromised, would I not see spending somewhere else? What do you think? Should I convince Amazon they screwed up and get my account on, or should I start canceling and changing passwords everywhere? Either way, whether it is their fault or not, I don't think I will be shopping at Amazon very often going forward. It's a result of unintended consequences.