A grieving mother was left distraught by Amazon after a laptop bought to plan her child’s funeral disappeared in an alleged scam – despite the website claiming to protect the purchase with a one-time password.

  • jordanlund@lemmy.world
    link
    fedilink
    arrow-up
    25
    ·
    10 months ago

    Not sure what the “scam” here is. Are they saying the delivery person triggered the OTP and walked off with the pacakge?

    Seems like that would be a super easy problem for Amazon to fix.

    • Wermhatswormhat@lemmy.world
      link
      fedilink
      arrow-up
      32
      ·
      10 months ago

      I’m feeling the exact same way. This isn’t a scam as much as it is just plain theft. Amazon employees are stealing the packages plain and simple. And I also feel like Amazon doesn’t want to investigate itself and find out that they’ve hired thieves instead of employees.

    • tsonfeir
      link
      fedilink
      arrow-up
      13
      arrow-down
      1
      ·
      10 months ago

      I ordered an iPhone from Apple using their new-ish courier service. It’s just a Spark Driver (Walmart). The driver stole it. Apple said “call the police” which, lol, went nowhere.

      • seathru
        link
        fedilink
        arrow-up
        21
        ·
        10 months ago

        Credit card chargebacks are usually much more helpful than the police.

        • tsonfeir
          link
          fedilink
          arrow-up
          15
          arrow-down
          1
          ·
          10 months ago

          That’s the road I went down. Sadly, $150 of that was a gift card that is not salvageable. Fucking drivers.

      • andrewta@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        10 months ago

        This is why I’m so glad I have the ability to go to my cell phone provider store and buy directly there( for cell phones), and best buy for most other electronics. If I have to order I have it sent to the store. Stolen in shipping? Not my problem. Again I’m glad I have that ability.

    • towerful@programming.dev
      link
      fedilink
      arrow-up
      8
      ·
      10 months ago

      Yeh, Driver should trigger OTP delivery.
      Recipient should get a text/app-notification with a “is the driver in front of you (physically in front of you, at your door)? Be aware of OTP scams” prompt.
      Then release the OTP code to the recipient.
      Driver types it in, and hands over the package.

      Equally, the driver-contact-customer SMS normally has a “your driver is trying to contact you. Please reply STOP to opt out” pre-message, before delivering the drivers message. This could include a “remember, OTP codes should be exchanged in person and not via SMS” warning.

      • IHeartBadCode@kbin.social
        link
        fedilink
        arrow-up
        11
        arrow-down
        1
        ·
        10 months ago

        OTPs only ensure that you “physically have” the thing that the OTP presents.

        UPS used to hand over a signature pad to collect a signature. Amazon’s OTP implementation should have an OTP that the customer enters into a pad that the driver hands over. The driver gets the pad back once the package is given to the customer. The package is then marked delivered when the driver enters their OTP into the pad.

        The entire point is that the delivery pad is the presentation of the OTP. The customer entering their OTP into the pad indicates they physically have the pad (not the product), the driver entering their OTP into the pad means they have recollected the pad (ideally in exchange for the parcel). The OTP only proves that someone physically holds the device that the OTP was entered on, it proves nothing else.

        No good OTP implementation has in it a point where the OTP is told to another person. Amazon’s OTP implementation is just flawed from the word start. I think more people would understand it if the whatever digit number was called something like “signature code”, in that the set of numbers constitutes the equal to a signature. You wouldn’t let someone, especially the driver themselves, sign for your package, so you shouldn’t tell the OTP to anyone, except those who you think should be able to sign for your package.