Running head: E-COMMERCE PAYMENT GATEWAY AND WEBSITE SECURITY: THE

CASE OF AMAZON.COM

E-Commerce Payment Gateway and Website Security: The Case of Amazon.Com

Name:
Institution:

E-COMMERCE PAYMENT GATEWAY AND WEBSITE SECURITY: THE CASE OF

AMAZON.COM

E-Commerce Payment Gateway and Website Security

Perhaps technology ranks as one of the greatest phenomena to grace the 21st century. The
progress of technology over the years was very influential in shaping consumer shopping
preferences. In the modern world, customers can purchase various items online. However, as the
number of people submitting personal and confidential information to online shopping websites
increases, the risk of such information getting into wrong hands increases. Various websites in
the past have been exposed to a denial of service attacks (DOS), Trojans, malware and
contemporary hacking in the process of defrauding clients their money (Chaffey, 2009). Website
security becomes a predominant factor in determining the likelihood of people shopping for
goods online. On the other the nature of a payment gateway plays a critical role in ensuring the
authenticity of a seller to deliver goods. What if a seller receives a payment and does not deliver
goods? Thus, this current paper uses the basis of these arguments as a stepping stone in
examining the payment gateway and payment security for the Amazon website.
Amazons Payment Gateway
Any software application that allows the communication of online transactions
information between the buyer and the merchants bank is known as a payment gateway. It is a
tool for online businesses, such as Amazon, to process and authorize customer transaction. It is
an essential tool in e-commerce, as, without this, it is not possible for a business to get paid.
Some of the top known payment gateways include Amazon and PayPal payment gateways
(Quarton, 2015). When a merchant, such as Amazon, in this case, is selecting a payment gateway
they have to critically consider various issues. First, they have to recognize the compatibility of
the system with their selected e-commerce platform. Secondly, they have to evaluate the

E-COMMERCE PAYMENT GATEWAY AND WEBSITE SECURITY: THE CASE OF

AMAZON.COM

usability experience of the gateway for their customers. Third, it is vital to check on the cost of
the service.
Amazon is a trusted name in the e-commerce business. When various websites use the
options of paying with Amazon, they offer trust to customers. The customer logs into their
Amazon account, the Amazon details of the customer are encrypted and passed on to the selling
website in a very efficient checkout. Customers using the Amazon experience often report a
peace of mind. Unlike PayPal gateway service that directs customers to another site, Amazon
allows customers to make payments while still on the site. Amazon gateway payment is available
in the United States, United Kingdom, and Germany. Secondly, they charge 2.9% + $ 0.30 on
every transaction with no setups fees, monthly maintenance fees of woo- commerce costs.
Another advantage of using Amazon is that customers who pay with Amazon gateway never
leave the merchants website and they can pay via any payment means supported by Amazon.
The downside of using the Amazon gateway for businesses that do not sell a great deal on
Amazon is how it re-directs customers. Customers purchasing on a website are re-directed to
Amazon once they complete the processing of the order. This may jeopardize the professionalism
aspect of the business (Wang, 2010). PayPal, the comparison payment gateway, pops a dialog
box that allows a customer to make the payment without leaving a merchants website.
Security is a vital part of Amazon as confidential information such as credit card numbers
are submitted on the website. The card association designs security standards, rules and
regulations that payment gateways must follow since they have access to credit card information.
The rules are commonly referred to as PCI or Payment Card Industry Security Standard- PCIDSS . When customers submit a payment request through Amazon, the order request is processes
through HTTPs protocol, which encrypts the personal information for both the client and the

E-COMMERCE PAYMENT GATEWAY AND WEBSITE SECURITY: THE CASE OF

AMAZON.COM

merchant. Amazon allows for real time transaction while still showing customers with currency
transaction when making payments to a different country.
Website Security Analysis for Amazon
Websites storing significant personal information from customers are very prone to
attacks by intruders. Through their design, websites allow an open window between the network
and the outside world. Websites with financial assets of confidential information such as credit
card information have a higher web security risk. In exploring the security of data and
transactions of Amazon, Marco Balduzzi et al. 2011, installed over 5000 windows and Linux
images available at the Amazon catalog to check for security challenges such as data theft, a
prevalence of malware and the privacy proximity of sharing such images on the Amazons
Elastic Compute Cloud Service (Kirda, Balduzzi, Zaddach, Balzarotti & Loureiro, 2012).
Their research identified three major threats relating to the service: secure image against
intruder attacks, secure image against malicious image providers and sanitizing the image to
protect users from obtaining private information residual in the disk from the provider of the
image. Before looking at the challenges Marco et al., present, this paper will evaluate the
Amazon website infrastructure from the information presented on Amazons website. The
Amazon website service prescribes several security features that increase privacy or control
network access (Noyes & MacInnes, 2006). They have firewalls created on Amazon VPC and
site application firewalls that allow users to build private networks as well as control access to
applications and instances. Since security is an important aspect for Amazon, they provide highly
encrypted in transit transport security layer (TSL) on all services. Further, they allow users to use
tools that can mitigate DOS and DDOS to protect websites from going down.

E-COMMERCE PAYMENT GATEWAY AND WEBSITE SECURITY: THE CASE OF

AMAZON.COM

Macro et al. (2012) utilized their automated system to review, analyze and instantiate
various Amazon machine images in Asia, US west, US east, and Europe. While the catalogs of
the mentioned data center contain over 8448 Linux Amazon Machine Images and another 1202
windows Amazon machine pictures. Their research analyzed around 5393 AMIs. In their
findings, they report high risks of unauthorized access, loss of sensitive information, malware
infections. They reported their finding to AWS security team to consider and apply the needed
security steps. Thus, in the wake of the reported finding, Amazon added various layers of
security of data stored in the cloud. They offer data encryption tools on database services and
storage including, Redshift, SQL Server RDS, S3, EBS, Glacier, and Oracle RDS. Further, they
ensure that AWS key management options that allow users to choose between allowing AWS to
select the encryption or let the user control their keys.
The most secure server in the world is one that is not turned on. On the other hand,
having few open port and very few services are another easier way to maintain website security.
However, for a company like Amazon, this may not be a viable option since they use flexible and
powerful application which leads to vulnerability to security issues. The Amazon system has
open various ports, several scripting languages, and multiple services is vulnerable as it has very
many points of reference to investigate. The Amazon website security team correctly configured
their system and applies security patches to ensure there is constant mitigation on web security
risks. On the hand, the applications running are frequently updated alongside the website code.
Despite the few instances of mishaps and relative costs in setting up of the payment
gateway service, Amazons website is fairly a competent website due to the following reasons
("Amazon Web Services Cloud Security", 2016). First, Amazon boasts as a top name in the ecommerce business. It gives customers confidence when dealing with such a name. Secondly, the

E-COMMERCE PAYMENT GATEWAY AND WEBSITE SECURITY: THE CASE OF

AMAZON.COM

payment gateway has no setup fees or monthly charges that implicate on customers since they
only charge depending on each transaction. Further, the website is user-friendly to both new
users and seasoned users. Regarding security, the Amazon gateway service is regulated by PCI
and ensures the privacy and confidentiality of client information throughout the process.
With a cloud back up service, customers and merchants are assured of the security of
their data even during emergency disasters. The website also informs customers on the steps they
should take in reporting security malfunctions. Customers can also choose strong passwords to
avoid ease of hacking by intruders. The Amazon web services push clients to scale and innovate
according to the nature of the business. Regarding this, the customers only make payments for
services they use. Data transmission options including user accounts and user credentials, TSL or
SSL for data distribution and user activity are left for clients to configure.

E-COMMERCE PAYMENT GATEWAY AND WEBSITE SECURITY: THE CASE OF

AMAZON.COM

References
Amazon Web Services Cloud Security. (2016). Amazon. Retrieved 13 April 2016, from
https://aws.amazon.com/security/
Chaffey, D. (2009). E-business and e-commerce management. Harlow, England: FT Prentice
Hall.
Kirda, E., Balduzzi, M., Zaddach, J., Balzarotti, D., & Loureiro, S. (2012). A security Analysis of
Amazon's Elastic Compute Cloud service. IEEE/IFIP International Conference On
Dependable Systems And Networks Workshops (DSN 2012).
http://dx.doi.org/10.1109/dsnw.2012.6264685
Noyes, E., & MacInnes, I. (2006). Small Business Electronic Commerce Implementation: A Case
Study. Journal Of Internet Commerce, 5(1), 1-22. http://dx.doi.org/10.1300/j179v05n01_01
Quarton, S. (2015). PayPal vs Stripe vs Authorize.net vs Amazon Payments. CodeinWP Blog.
Retrieved 13 April 2016, from http://www.codeinwp.com/blog/paypal-vs-stripe-vsauthorize-net-vs-amazon-payments-for-wordpress/
Wang, J. (2010). E-commerce communities as knowledge bases for firms. Electronic Commerce
Research And Applications, 9(4), 335-345. http://dx.doi.org/10.1016/j.elerap.2009.11.005