How Chinese Mercantilist Behavior Endorses Data Theft on Amazon

Amazon represents the pinnacle of globalization, and by itself has managed to consolidate nearly the entire retail commerce industry and relegate it to a single convenient corner of the web. Globalization is a trend that’s played out more frequently in the last two decades, as the internet transplants value into the accessible digital world, companies chase planet-sized slices of their respective pies, and governments seek to boost employment and productivity. Amazon brings these benefits in spades wherever it operates, but in recent years the company’s open doors have turned it into a battleground of sorts.

Chief among the changing tides for Amazon are trade wars and immigration restrictions flaring up in places like the United States. Platforms like Amazon—which exist to connect disparate international markets—contrast with the new reality and therefore allow some users to gain leverage over others. Not for retail competitiveness or profitability, Chinese users on Amazon are now exercising their country’s favorable status as a manufacturing hub to potentially compromise those they do business with in the West.

Amazon: Target or Target Range?

Amazon is a treasure trove in many regards. It battles against Apple, Microsoft, and Alphabet on a quarterly basis for the biggest company by market capitalization, and this year it reached the $1 trillion milestone for the first time ever. The household eCommerce portal boasts hundreds of warehouses around the world—enough to reduce shipping times to a handful of days regardless of the destination.

Cloud storage and hosting, TV and movie streaming, eBook and video game rental, retail, Whole Foods, and more—Amazon is a sprawling beast with its finger in countless pies. It’s also indirectly become a target, or at least provided a means for some to target others and exert influence over them.

What Amazon also has is an astounding user base—over 300 million people, rivaling the entire population of the United States. This is the key to Amazon’s business model—with enough data on its hordes of users, it should be impossible to wrest control of the sector from Amazon’s corporate claws due to pure omniscience. Events like the Equifax breach and Cambridge Analytica’s recent scandal also highlight the idea that data has value by virtue of what it reveals about a person or a system.

Data has quickly become the most valuable currency on the internet, never mind dollars, or even Bitcoin. Amazon, with its market dominance and having never been directly breached, is a priceless source of data on market forces, suppliers, financial institutions, payment channels, and of course the only variable to make it worthwhile: user identities and demographics.

China Changes the Game on Amazon

While Amazon is purportedly impenetrable, it’s recently had to face questions about bad faith use of its platform by Chinese payment processors. This has forced Amazon to weigh the importance of its laissez-faire model with the safety of its users’ data, though it has chosen not to act.

Chinese sellers represent over 30% of goods sold on Amazon and therefore, users with connections to Chinese low-margin manufacturers can be much more profitable. This is the natural flow of free markets and not by itself an issue until the clout of trade dominance is used to gain more than money.

A vast majority of Chinese sellers on Amazon employ a series of third-party Chinese services to streamline their operations, such as plug-ins and software for accounting, inventory, fulfillment, and more. Sellers everywhere that want to optimize and automate their stores follow the same strategy, and it’s accomplished by sharing API access to those services they elect to integrate.

For top Chinese sellers, two of the most popular are domestic payment services providers Lianlian Pay and PingPong. Unfortunately, both of these companies (and many more) have exploited their position in the mouth of China’s “digital harbor” to steal the most sensitive data on Amazon users.

Instead of asking for API access the normal way, which allows an external developer to plug into a partner store, Lianlian and PingPong have begun requiring Secret Access Keys from the Western sellers they work with. These keys grant deeper access into the seller’s account as well as the shallow API access that they’d otherwise obtain through the established channels.

This means they can glean all kinds of valuable data from foreign citizens, such as identity and credit card information, names and prices of suppliers, warehouse metrics, employees and affiliates, supply chain data and much more. In the hands of rival seller this is dangerous enough, but what is unknown is just exactly how many Chinese companies are engaging in this behavior and where all the data is going.

Red Alert on Amazon

This isn’t the first time that Amazon has found itself at the center of a data conflict, nor will it be the last. Jeff Bezos understands that his creation must be secured and has invested heavily into seeing it so, and his response to past emergencies give hope to those who believe Amazon will also put their foot down with China.

In 2015, Amazon was vetting a video compression company for potential acquisition, when its externally hired security team found Chinese microchips nestled in hardware that the same company was selling to clients like the Department of Defense, the Navy, and the CIA. Amazon is still cooperating with these institutions to investigate the issue and combat it.

At the end of the day, it’s up to the individuals on Amazon to protect themselves until something is done to resolve its latest problem. No matter how tempting it can be to sell Chinese goods, it’s safer to contract with established third-party services for one’s Amazon store.

While Amazon determines a response, others are stepping up in the meantime. Europe’s new GDPR is a move in the right direction for protecting consumer data, and private sector technology such as blockchain also holds a glimmer of hope for online security. For advanced as we might think we are, we’re still stumbling in the data security Dark Ages.