recommended reading

Feds Sue Amazon Over Kids' Spending

A child plays on a Kindle Fire tablet.

A child plays on a Kindle Fire tablet. // Amazon/AP

Amazon should have done more to prevent kids from racking up huge bills on mobile apps, according to a federal lawsuit filed Thursday.

The Federal Trade Commission is seeking millions of dollars in refunds for parents whose children made unauthorized purchases for in-app items in Amazon's store.

For example, the app "Ice Age Village" allows users to buy additional "coins" and "acorns" using real money, the FTC said. The largest possible in-game purchase would be $99.99, according to the agency.

Some parents received bills for hundreds of dollars for their children's spending sprees, the FTC said.

Amazon keeps 30 percent of all in-app purchases, according to the complaint. The store offers apps for the Kindle Fire and other devices that use the Android operating system. 

"Amazon's in-app system allowed children to incur unlimited charges on their parents' accounts without permission," FTC Chairwoman Edith Ramirez said in a statement. "Even Amazon's own employees recognized the serious problem its process created."

The case is similar to one the FTC brought against Apple earlier this year. But Apple quickly agreed to a $32.5 million settlement and promised to change its practices to ensure that children have their parents' permission for purchases. Amazon is expected to fight the case in court.

The company sent a letter to the FTC last week, claiming that it has always refunded purchases that customers didn't want. Andrew DeVore, an Amazon associate general counsel, said that even at launch, the store included "prominent notice of in-app purchasing, effective parental controls and real-time notice of every in-app purchase."

But Jessica Rich, the director of the FTC's Bureau of Competition, told reporters on a conference call that Amazon imposed "obstacles" that prevented many consumers from getting refunds.

According to the complaint, Amazon didn't even require passwords when it first introduced in-app purchases in November 2011. The court document highlights an internal communication in which an Amazon employee said the policy was "clearly causing problems for a large percentage of our customers" and the problem was "near house on fire."

In March 2012, Amazon updated its system to require passwords for charges over $20, the FTC found. In 2013, Amazon required a password for more situations, but only in June 2014 did the company begin requiring passwords for all in-app purchases, according to the court document.

Amazon is the second company to face a major FTC lawsuit this month, following T-Mobile, which allegedly placed bogus charges on consumers' bills. 

Rich said both cases show the FTC is committed to cracking down on companies that fail to obtain "informed consent" before billing customers. 

The FTC voted 4-1 to file the lawsuit, with Republican Commissioner Joshua Wright dissenting. 

Threatwatch Alert

Network intrusion / Stolen credentials

85M User Accounts Compromised from Video-sharing Site Dailymotion

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.