[unknownsavage]

> They forwarded from one card to another? AWS charged a closed card and the bank forwarded it?

Yup.

> By the way, if you can't authenticate with Amazon as the rightful owner of that account, it sounds unreasonable for them to comply to a stranger asking them to simply remove a credit card number of some account.

I disagree. If I can provide a full credit card number, they should be able to remove it from all accounts. Either the card is compromised, or I'm telling the truth.

[cmurf]

The AWS account is what's compromised. And Amazon is aiding the attacker in committing fraud. Both AWS and the attacker benefit from the continued charges to your account.

Every AWS and bank account has clear terms including how to unilaterally close the account. I'm not sure why you're slow walking this rather than pulling the fire alarm on both accounts.

[detaro]

So anyone you ever bought something from with that credit card should be able to kill your AWS account with a simple phone call?

[Nextgrid]

They could send an email to the owner of the account asking to reauthenticate the card (re-enter the numbers & CVV, go through 3D-Secure or provide a picture of the card or bank statement).

This would mitigate incidents like this - as far as I’m aware the attacker doesn’t actually have the card number, so giving them 24 hours to confirm it (or the card gets removed after that) would be a good solution while remaining only a minor inconvenience for legitimate usage (realistically speaking, how many online stores who might have your card number are malicious enough to call companies and try to get your accounts shut down, with no benefit to themselves?)

[wjnc]

I feel for the Kaskaesk nightmare, but isn't this what courts are for? A judge should be able to adjudicate this conflict especially if you give convincing evidence of your communications with both Amazon and the Bank. My venue of legal approach (ianal and not even US) would be that once you show you are not the account holder (since hacked any fully shut out) anymore you don't have a contract with Amazon and they don't have the title to bill you. If they can show you ARE the account holder, than you can cancel. Both ways of that approach before a judge will get your problem sorted?