> Amazon values customer satisfiction above their fraud write-off
I do get this, and as an Amazon customer, I'm glad this is their stance overall, but on the other hand it seems like they could handle this situation more securely than they do. It seems to me that you could have some sane middle ground where you do no-questions asked replacements, but with some caveats like no ability to change the address the item is being sent to from the original order unless the person you are communicating with can prove they are the account owner.
Maybe have a sort of two-factor system where the CSR can mark the order as "replacement approved" but you have to login to your Amazon account and take some action (just click a confirm button or whatever) to actually send the order out. At least in that case you wouldn't get cases like mine where someone managed to pull a replacement order without (seemingly) ever having actually had access to my Amazon account.
I'd think this could be prevented by a) stop giving out order numbers via chat and b) require customers to request replacements (or at least confirm them as you've suggested) by logging into their account.
As someone that moves around a lot, I appreciate how willing Amazon is to take care every order-related issue, with zero fuss.
I fail to see what the "security" issue is, other than Amazon choosing to lose some money on fraud. That's not a security issue to anyone outside of Amazon, and Amazon seems clear in their stance.
Edit: A much bigger problem is Amazon's use of OnTrac, which repeatedly fails to make deliveries. Even in downtown SF.
I do get this, and as an Amazon customer, I'm glad this is their stance overall, but on the other hand it seems like they could handle this situation more securely than they do. It seems to me that you could have some sane middle ground where you do no-questions asked replacements, but with some caveats like no ability to change the address the item is being sent to from the original order unless the person you are communicating with can prove they are the account owner.
Maybe have a sort of two-factor system where the CSR can mark the order as "replacement approved" but you have to login to your Amazon account and take some action (just click a confirm button or whatever) to actually send the order out. At least in that case you wouldn't get cases like mine where someone managed to pull a replacement order without (seemingly) ever having actually had access to my Amazon account.