There is nothing stopping anyone that has an e-commerce website from recording a clear version of your passwords along with all of your billing address and credit card informations.
There are audits a large enough retailer would need a QSA audited PCI compliance report and while they can have 2 versions to avoid being flagged by the auditor their liability when getting caught would be colossal.
Credit Card companies are very good at identifying the source of the leak from only a handful of fraud complaints you’ll be surprised how few places would be shared across even a small batch of cards say <50.
If the retailer is large enough to make an impact they’ll get caught and dealt with very quickly and the value of credit cards and matching PII/CHD today is very low a few million cards might be worth only a few 1000’s of dollars depending on their age, source and estimated credit limit.
I agree, the scale of amazon makes it nearly impossible for any type of remediation or penalty if its abused. It would hurt the consumers life far worse than anything Amazon would be interested in looking into. Identify theft for someone shopping to save the most money to help make ends meet might ruin their life, whereas the loss of business/revenue/profit by either the seller or buyer to Amazon is laughable.
Then people have to trust the people with the time, energy, and interest to know how to develop the stuff behind it. All it does is shift the trust to people who are even less accountable.
There is nothing stopping anyone that has an e-commerce website from recording a clear version of your passwords along with all of your billing address and credit card informations.
There's no audits or anything.