Industry News

American Express and Twitter Launch Hashtag-Based Shopping System

If you spend a lot of time shopping online, you can now turn to Twitter to place your orders, provided that you have an American Express credit card.

Since Monday, the service is available to try for any American Express customer if they pair their credit card with their Twitter handle on the bank’s website. Since all information about the user’s credit card is stored on the bank’s file, there is no risk about this data falling into the wrong hands if the associated Twitter account gets compromised.

However, since the micro-blogging platform itself becomes a payment mechanism with access to the user’s credit, a hacker could send purchase tweets and confirmations until the credit limit is reached. Even though the purchased goods will be delivered only to the billing address, unauthorized purchases will still force the legit owner of the card to go through the refund process, not to mention the inconvenience of reaching your credit limit when you have to take the check for a romantic diner.

Twitter is the most dramatic manifestation of what our technology can do because it’s all happening in 140 characters or less and showcased in a hashtag,” said Shari Forman, vice president of global strategy at American Express in an interview for Computerworld. “The beauty of the Card Sync platform is it’s very flexible and portable.”

As mobile payment systems gain traction with smartphone users, so do dangers related to credit card and transaction security. Google Wallet, contactless payment and the latest addition – Twitter-based payments – will prove helpful to mobile users, but will likely open new opportunities for cyber-crime. And, since we’re talking about mobile devices that have a way of their own of getting stolen or lost, maybe it would be time to consider installing a remote lock & wipe killswitch, if your software platform supports it.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.