[kyrra]

For countries that are cash heavy, it's a common way to pay for online services. Some examples:

Brasil Boletos: this is interesting as there are registered and unregistered versions of Boletos. With unregistered customers can pay any amount of money to it.

Taiwan has a similar system. You take vouchers to various stores (like 7-11 or the post office), pay cash, then it'll make its way to the online company.

[0] https://en.wikipedia.org/wiki/Boleto

[rfonseca]

I was about to make that connection, this is similar to Brazil's boletos. The difference is that in Brazil it is a standardized system that spans all banks: anyone with a bank account that wants to receive money can have their bank issue a "boleto", which is essentially a barcode that routes money to the destination account. A payer can go to any participating place (post office, convenience store, bank tellers, etc) and surrender cash, which then gets routed through the banking system to the right account.

Which brings us to a potential problem: there has been a tremendous amount of fraud in this system (Brazil's Boletos), with all sorts of malware changing the barcode when it is downloaded in an infected computer to issue a boleto with a different destination account.

Back in 2014 this was well documented by Krebs[1], and at amazing detail by @assolini from Kaspersky[2]. I also documented a specific case that happened to a friend[3]. While it should be possible to mount similar attacks on the Amazon system, having people deposit money into others' accounts, it should be straightforward for Amazon to detect this, since it is a single issuer system...

[1] https://krebsonsecurity.com/2014/07/brazilian-boleto-bandits... [2] https://securelist.com/analysis/publications/66591/attacks-a... [3] http://cs.brown.edu/~rfonseca/notes/net-bb-dns-poison.html