[rfonseca]

I was about to make that connection, this is similar to Brazil's boletos. The difference is that in Brazil it is a standardized system that spans all banks: anyone with a bank account that wants to receive money can have their bank issue a "boleto", which is essentially a barcode that routes money to the destination account. A payer can go to any participating place (post office, convenience store, bank tellers, etc) and surrender cash, which then gets routed through the banking system to the right account.

Which brings us to a potential problem: there has been a tremendous amount of fraud in this system (Brazil's Boletos), with all sorts of malware changing the barcode when it is downloaded in an infected computer to issue a boleto with a different destination account.

Back in 2014 this was well documented by Krebs[1], and at amazing detail by @assolini from Kaspersky[2]. I also documented a specific case that happened to a friend[3]. While it should be possible to mount similar attacks on the Amazon system, having people deposit money into others' accounts, it should be straightforward for Amazon to detect this, since it is a single issuer system...

[1] https://krebsonsecurity.com/2014/07/brazilian-boleto-bandits... [2] https://securelist.com/analysis/publications/66591/attacks-a... [3] http://cs.brown.edu/~rfonseca/notes/net-bb-dns-poison.html