“Alexa, Donate $5000 to St. Jude” — a Chat with my Coworker’s Echo

Alexa makes it easier than ever to donate. This is a great thing! But you should also take these practical steps to lock down your Alexa account to prevent unintended payments.

Jake Stanley
Apr 20, 2018 · 5 min read
Mike with the donation confirmation, after I had used his Echo device to successfully donate $10 to charity.

A Real Life Test

Thursday morning, $10 was successfully transferred from my coworker’s bank account to St. Jude Children’s Research Hospital. Don’t worry — I paid him back… Mike and I work together at Vocool, a voice-tech company helping businesses engage with consumers on Alexa. As you might imagine, our office is littered with almost every Amazon Alexa and Google Home device. I had just learned about the new feature that Alexa rolled out that lets users donate between $5 and $5000 to charity simply by using their voice. I tested the interaction on Mike’s Echo (which is apparently tied to his personal Amazon Pay account). Surprisingly, it worked! If you are curious to see it in action, watch the video below for the full sequence (WARNING: mute nearby Alexas!).

But why was I never required to verify that I was the owner of the device?

Shortly after, I actually started again using the $5k amount, and nerve-wrackingly responded with a “No” when Alexa asked me to confirm the donation(silently pleading that she wouldn’t mistake my response for a “yes”).

The Challenge

Voice platforms provide developers with opportunities to create refreshingly simple, yet powerful applications. Donating to charity using voice was exciting and the ease-of-use actually might make me do so more often. But how can we build conversational experiences that balance brevity with security in a development environment lacking a fingerprint reader?

Reducing Friction: What’s the right balance?

Finding the optimal balance between simplicity and complexity is a key issue for designers of all sorts. This is especially true for the emerging role of conversational software designers (VUI / VUX) as voice platforms such as Amazon’s Alexa and Google Assistant grow in popularity. (We’re actually starting to bring on English-majors to lead voice design.) From Amazon’s perspective, creating an extra authentication step creates friction, and may slow users down, reducing the likelihood of a user completing a donation. Yet, without this extra step in the conversation, we see potential risks like this.

“As you add capabilities to your skill, make sure you don’t introduce unnecessary pain points or friction.” — Alexa Skill Builder’s Guide

A Better Solution

Interestingly, Voice Purchasing is enabled by default when you set up an Echo device.

Given this, it would be nice to see Amazon:

  1. Adjust the default, prompting users to set up a pin code in the Alexa app upon attempting a payment for the first time. My guess is that most Alexa owners do not know this setting is enabled on their devices and would prefer it switched off. At this point, the additional 10–15 second delay to recite a pin-code seems like more of a feature than a burden. On the other hand, Amazon — primarily an online retailer — wants to make purchasing via Alexa as streamlined as possible. I assume Amazon is willing to refund users who have unintended payments occur.
  2. Increase the adoption of unique, per-person “Voice Profiles” to authenticate, in the same way smartphones use fingerprint readers. Amazon is beginning to use unique voice profiles to provide more relevant and personalized experience for multi-user households. In the long term, I’d be happy to ditch a pin code, if Amazon could reliably verify users and payments with voice.

What other ideas do you have to improve this experience?

Practical Steps to Tighten up your Alexa Account

If you would like to lock your account down to prevent unintended access, I recommend navigating to the Voice Purchasing section of the settings in the Alexa app and taking the following steps:

  1. Consider whether you want Voice Purchasing to be allowed at all. If not, toggle this setting off.
  2. Update your Voice Purchase Settings to add a 4 digit “voice-code”. This code will be required before making any purchases on Alexa.
  3. Setup your Alexa Voice Profile, so Alexa can distinguish your voice from others. If preferred, enable the setting which allows recognized speakers to purchase without the voice code after giving it just once.

Now Donate!

After you’ve added some security, don’t forget to try out the feature (on your own device) and donate! Here is a list of the currently supported charities.


Don’t have a favorite? Try mine:

“Alexa, donate $10 to St. Jude’s”

TL;DR: If you have one-click purchasing set up on your Amazon account and own an Alexa, you should update your Voice Purchase Settings in the Alexa app now. Otherwise people can make large purchases from your account.

We are all-in on voice technologies. If you’re interested in connecting to talk about how you can engage audiences with voice, please reach out!

If you enjoyed this, feel free to clap 👏
Follow me on




Elijah McClain, George Floyd, Eric Garner, Breonna Taylor, Ahmaud Arbery, Michael Brown, Oscar Grant, Atatiana Jefferson, Tamir Rice, Bettie Jones, Botham Jean

Jake Stanley

Written by

Product Manager @ Capital One. Previously founder, head of Product and Technology @ Vocool.


Elijah McClain, George Floyd, Eric Garner, Breonna Taylor, Ahmaud Arbery, Michael Brown, Oscar Grant, Atatiana Jefferson, Tamir Rice, Bettie Jones, Botham Jean