That’s definitely not the message Amazon meant to give to cyber criminals, but recent research exposed certain loopholes in Amazon’s payment hosting software that would have done just that.  Research conducted by Indiana University and Microsoft Research revealed “logic flows” in Amazon’s payment software that can be “exploited to cause inconsistencies between the states of the CaaS and the merchant.”

One of the researchers explained this glitch in the software with the analogy of a kid exploiting miscommunication between parents. “The kid may tell slightly different stories to the mom and the dad, and eventually gets an approval that he does not deserve,” said the researcher, Rui Wang, a Ph. D. student at the Indiana University. In the case of the merchants who use Amazon’s payment software, this “approval” could be discounted merchandise or even merchandise that is ordered at no cost at all.

Some of the ways a criminal could have gamed the system were to swap items after the payment was already made, reuse previous proofs-of-payment for a new item, or issue the payment to his or her own Amazon seller account.

During their research, and only after consulting with a lawyer, the researchers were able to accumulate a diverse collection of loot, including a power strip, body cream, and a DVD. Most of these items were given back to their respective merchants along with the results of their findings. Amazon has said that they’ve fixed the holes in their software and published a new software development kit.