The two times I have bought e-books on my kindle over the 3g connection I have also had an unauthorized charge to my credit card. Once from netflix and once from a website c28.com. I find it odd that this only happens when I bought e-books with the kindle. Where is the security hole the Kindle, whispernet, Amazon, or did my number get skimmed elsewhere and this is all a coincidence?

Did you use a stored credit card on Amazon and use the one-click ordering, or did you enter a credit card number? (I thought you had to use one-click ordering, but I may be wrong.) Using a stored card should prevent this from happening since you're never transmitting your credit card information.

Yes I used one click ordering on the kindle with a credit card that was already stored at amazon

Its never happened to me (knock on wood).

I'm guessing coincidence.

Yea that is my thinking too. Was it the same CC both times? It might be time get a new number issued.

When you buy a book from the Kindle device, you aren't transmitting your credit card over the air -- just the order to Amazon, which already has your credit card info stored. Coincidence seems the most likely explanation.

Along with Amazon account info?

Amazon's been in the business long enough to know the importance of data security. But for argument's sake, let's say that your Amazon account name and password are transmitted over the air in cleartext by the Kindle. Now what? You're a bad guy, you used Aircrack-ng, and now you've got access to an Amazon account. But you can't get the credit card number out of the Amazon account, just the last four digits. So you can't buy stuff on Netflix, or from the random web site mentioned by the OP.

Maybe your account name, but why would it transmit a password? It knows that it's receiving the order from a Kindle device you have physical access to. Why would it transmit a password, especially in the clear? Doesn't make sense. And even if it did, all the bad guy would get access to is the Amazon account, which never shows full credit card numbers once they're entered anyway.

ETA: I see boberonicus posted essentially the same thing. Sorry

Would it make a difference if the books were purchased through a set Wi-Fi network? (In terms of security)

It's just my habit, but when I purchase books on Amazon, I make it a point to transfer through some of the Wi-Fi networks I've set on my Kindle. I only use 3G if I absolutely need to.

Can't see it making a difference.

Huh, eavesdropping on 3G is not exactly the most trivial thing in this world. (Esp compared to a weakly or not at all secured wifi.)

Also, those charges, i dunno, do you have a rogue family member maybe ?

Me either.

pwrdwnsys_*immed, I happened across your forum post by accident. I am one of the website developers for c28.com.

I do believe that the charges were a coincidence - though you should change your card asap. Most frauds that we deal with are fraudsters who have gotten credit card numbers some how and are trying to verify whether the cards are valid. They will make small purchases with websites like netflix, us, and others. If they receive validation of the card, they will usually resell the card number.

There are a few ways of getting credit card numbers. One way common way is to get a number from a particular bank and then, using a script and an algorythm, try other combinations. Once you have one card number from a bank, you can use an algorythm to calculate each successive valid card number, and using website shopping carts, you can then try expiration dates with each number until you get one that processes.

We do try to do what we can to reduce these issues and our customer service department will cancel orders as soon as we find out about them.

I'm sorry it took so long to answer your question and if you have any questions, feel free to contact me.