Amazon.com Inc.'s new high-end e-reader, the Kindle Fire, has a lot of features that could let it substitute for a portable computer or tablet — but is lacking in at least one regard: Payment security.

The Fire does not let users turn off the ability to spend money, so letting a child or friend use the device to read or watch movies is like letting them borrow one's entire wallet, Ars Technica reported Friday.

"The security settings that control buying items don't cover most of the ways someone can wreak havoc on your debit or credit card," the article said.

For example, although Amazon.com lets customers adjust a setting on its website to turn off its "1-click" buying capability, that button "didn't really do anything" in Ars Technica's test. Eventually the option just disappeared.

The Fire does allow users to require a password or PIN to spend money within an app, such as to buy digital content within a downloadable game. The option to make in-app purchases can also be turned off entirely, the article said. But purchases of full apps, books, movies and other content remain possible even when in-app purchases are blocked.

Apple Inc. learned the hard way that in-app purchases can be a threat. It used to allow customers to make in-app purchases without entering a password if the password had been entered recently (such as to download the original app). This became a problem when, in a Smurfs game, kids were able to spend hundreds of dollars on virtual 'Smurfberries' without being prompted for a password. After parents complained, Apple changed its policy on how it authenticates purchases within apps.

Until Amazon.com adds stricter spending controls, Ars Technica advises users to either lock the Fire itself or to remove all payment cards from the Amazon.com account that it's attached to.