Amazon has been slapped with a $2.25 million penalty by the Federal Trade Commission (FTC) after the e-commerce company allegedly refused to provide identity theft victims with records of fraudulent transactions. In its complaint, the FTC said Amazon subjected victims to a “Kafkaesque ordeal” where a support agent wouldn’t provide records related to the fraudulent account unless they could identify the person who opened it.

You can read the FTC complaint against Amazon here.

What the US law says: Under Section 609(e) of the Fair Credit Reporting Act, a business entity is required to provide identity theft victims with application and business transaction records evidencing any fraudulent transactions within 30 days of the request.

However, before February 2025, Amazon routinely failed to provide victims with records of fraudulent transactions.

What Amazon did: In one instance, the company asked a victim to guess the fraudulent account owner’s name more than 30 times before the victim gave up, and allegedly still didn’t remove the victim’s credit card information from the fake account.

In several cases, Amazon refused to share details about the other account that had used the victim’s credit card, citing “privacy” and “security” reasons, even though Section 609(e) does not permit Amazon to deny a request for application and business transaction records related to identity theft on those grounds.

“In other instances, some Amazon representatives told identity theft victims that they were not able to access the requested records. While the statute permits a company to refuse to provide records in limited circumstances, a particular customer service representative’s claim of not having personal access to such records is not one of those exception,” said the FTC.

No written policy to comply: What’s more baffling is that Amazon did not even have a policy in place till early 2025 to respond to Section 609(e) requests. It only implemented it after learning that the FTC was investigating the company’s failure to comply with the law.

The FTC’s investigation raised substantial concerns that, despite that policy, Amazon continued to deny certain Section 609(e) requests for unlawful reasons.

What India can learn from this: The FTC’s $2.25 million penalty against Amazon comes as a wake-up call for India, where digital payments and e-commerce fraud are rampant. While US regulators, under Section 609(e) of the FCRA, can require companies to hand over records of fraudulent transactions to victims, India’s regulatory landscape has several loopholes.

In India, the primary legal frameworks addressing such issues are the Digital Personal Data Protection Act (DPDPA) 2023 and the IT Act. However, neither contains a direct, actionable equivalent to FCRA 609(e). The DPDPA focuses heavily on data processing and consent, but lacks a specific mechanism that empowers identity theft victims to…


Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at [email protected]

 

 

Categorized in:

Blog,

Last Update: July 2, 2026