U.S. Markets closed

Amazon Tells Shoppers That PayPal’s Honey Is a Security Risk

Julie Verhage and Spencer Soper

(Bloomberg) -- PayPal Holdings Inc. made a big bet in November with its $4 billion acquisition of Honey, a web browser extension that helps online shoppers find the lowest prices. Now Amazon.com Inc. is warning customers not to use the tool.

Shortly before Christmas, Amazon said Honey posed a security risk, which was reported Thursday by Wired. The warning perplexed some online shopping experts since the tool has been available for several years and Amazon makes no similar warnings about other browser extensions such as price tracker camelcamelcamel.com.

“Amazon’s fight against Honey while letting a dozen other tools go on is confusing,” said Juozas Kaziukenas, founder of New York e-commerce research firm Marketplace Pulse. “I don’t buy their security risk message. They just want Honey and PayPal to be squashed.”

There is no love lost between Amazon and PayPal, which spun off from e-commerce competitor EBay Inc. in 2015. Amazon has its own online payments service that competes with PayPal and doesn’t allow PayPal payments on its site.

PayPal executives were surprised by the Amazon warning about Honey and are communicating with Amazon to resolve it, according to a person familiar with the situation, who requested anonymity to discuss an internal matter. One possibility for PayPal: alerting federal antitrust regulators since the Honey warning could be interpreted as Amazon using its size and clout to harm a competitor. Regulators have encouraged Amazon rivals to provide information about potential anticompetitive practices.

If PayPal thinks Amazon’s warning is unwarranted, it can accuse Amazon of deceptive practices, requiring Amazon to explain why it did so.

“As markets become more concentrated and firms grow larger, we are seeing more attempts to protect market positions and eliminate rivals through deceptive practices,” said Diana Moss, president of the American Antitrust Institute.

Just before Christmas, banners started popping up on Amazon that told shoppers to be cautious when using Honey, calling it “a security risk” and “to keep your data private and secure, uninstall this extension immediately.”

“Our extension is not – and has never been – a security risk and is safe to use,” a Honey spokesperson said. “We have a team dedicated to ensuring the security of our users’ information and we regularly engage expert third-party security firms to assess our security protections. If ever an individual or independent researcher contacts us about a potential vulnerability, we engage with that person to understand and remedy the issue (if there is one).”

Los Angeles-based Honey has more than 17 million users, who use the extension to save money at Amazon and other online retailers.

Amazon shoppers using Honey could be less inclined to follow Amazon suggestions, which don’t always direct shoppers to the lowest-priced product since it considers other factors such as shipping speed. Honey’s use could undermine Amazon’s own algorithm, diminishing the company’s power of suggestion over its shoppers. Amazon has been accused of favoring its own products over competitors, which the company disputes.

In an emailed statement, an Amazon spokeswoman said: “Our goal is to warn customers about browser extensions that collect personal shopping data without their knowledge or consent such as customer name, shipping and/or billing address and payment method from the checkout page.”

(Updates with antitrust comment in seventh paragraph.)

--With assistance from Matt Day.

To contact the reporters on this story: Julie Verhage in New York at jverhage2@bloomberg.net;Spencer Soper in Seattle at ssoper@bloomberg.net

To contact the editors responsible for this story: Robin Ajello at rajello@bloomberg.net, Molly Schuetz

For more articles like this, please visit us at bloomberg.com

Subscribe now to stay ahead with the most trusted business news source.

©2020 Bloomberg L.P.