I suspect that Amazon has behavioral metrics to back up their visible security measures. Not to mention that Amazon also relies on the scrutiny of each transaction by the financial institutions issuing credit cards. Had the person taking over the account changed shipping addresses and ordered expensive merchandise, I strongly suspect that Amazon and/or the credit card companies would have been alerted.

The absence of any sort of backup measures at Apple allowed a lost password access followed immediately by the wiping of three devices to go entirely unnoticed. It's not just the lack of rigor Apple implemented in the password recovery process, it's that that is all there was. Apple didn't defend in depth at all - there was just one call center employee between the black hat and mischief.

Why are they leaving so much in their accounts? Amazon is not a bank, and as such they're probably not subject to the same regulations. We've already seen this issue with people leaving too much money in winnings in online poker accounts, or PayPal accounts.

The question is what info you can change by calling. Can you change the destination account for payments?

The thing is that Amazon's previous risk assessment was probably about what sort of harm could be done directly with the info provided. Now they are worried about what can be done through other providers that will bring them bad press.

Leaving that amount of money anywhere other than in an FDIC insured bank is incredibly irresponsible. Arguably as irresponsible as Apple's decision to require the last 4-digits of a credit card to gain access to iCloud, where a malicious intruder could arguably do way more damage, on average.

I could walk up to an ATM behind someone and get the last 4 of their card all day long. It is printed on every single receipt you've ever gotten.

In addition to Amazon actually being an FDIC insured way to store your money, it should be realized that your bank is only going to have you covered up to $250k. Do you feel like storing more than that much money for a company is then "incredibly irresponsible"?

I could be wrong, but I feel like getting money back from my bank after fraud will be a bit easier than getting it back from Amazon.

Yeah, I do actually. Why would you need more than $250,000 liquid currency in the same bank? Nobody does that.

Anyway, you are wrong about Amazon being FDIC insured like normal banks. They can potentially insure you up to $100,000 via pooled accounts stored at FDIC banks. Amazon payment accounts themselves are not FDIC insured. So you can imagine how much fun it would be to get your money back as compared with a real bank.

You are not "potentially" insured up to $100,000: you "are" insured up to $100,000. This is critical to note, as the disdain you expressed was for people storing, specifically, "upwards of $100,000 in their accounts on Amazon".

As for storing $250,000 in the same bank, I am highly confused what a company otherwise does. I have a company, and while I don't actually own a lot of the money that I hold on to (it is almost entirely held liabilities for things like sales tax or vendors), at any given moment I am certainly holding more than $250,000.

Do you then contend that I should be having numerous bank accounts to hold this money? I can't invest it, as I need to have the money to pay the aforementioned liabilities at the end of pay periods that are too short to move money in and out of investments. (Note: I also do not believe my business is somehow crazy-weird.)