This isn't a problem. You're not "paying" by inputting your IBAN, you're "allowing" them to take the money out of your account. This worked pre-IBAN in most EU countries.<p>The burden or proof is on the seller, in this case Amazon. If they take money out of your account for an order you did not make, just tell your bank - the money will be back in your account in no time and Amazon will, if that happens more often, get a problem with their bank.<p>Here's another "security risk": at many shops, you can order and pay once you get the goods. And just like this "critical flaw", it's pretty useless because Amazon will just let law enforcement know and they will come knocking at your door.