Security Question and Answers
American Express realizes how important security is to you, so we've taken a number of steps that help enhance the safety and confidentiality of transmissions of private information sent from American Express over the Internet.
Q. Is my confidential information secure?
A. Whenever American Express asks you to send confidential information over the Internet, including personal account data, we require that a "secure session" using SSL first be established.
Q. What is a "secure session" and how does it help keep my information safe?
A. During a secure SSL session, data passed back and forth between your computer and American Express systems is secured by using public key cryptography. Your computer exchanges key information with American Express computers to create a private conversation that only your computer and American Express systems can understand
Q. What specifically is SSL?
A. Any time you access or supply Card account information in one of our secure online areas, that information is encrypted by a technology called Secure Sockets Layer, often abbreviated as SSL. SSL technology secretly encodes information as it is being sent over the Internet between your computer and American Express systems, helping to ensure that the information remains confidential. The use of SSL requires two components: an SSL-compatible browser and a web server to perform the "key-exchange" that establishes an SSL connection to American Express Web server systems.
Q. What type of browser do I need?
A. To benefit from SSL technology, you will need a browser with SSL capabilities. Examples of SSL browsers include Firefox 3.0, Microsoft's Internet Explorer 7.0, and the Web browser for America Online version 4.0 for Windows. (Note that some older versions of browsers will not support SSL sessions). If you don't already have a browser with SSL capabilities, you can download an SSL browser from either of the links below.
Q. What type of connection do I need?
A. Nearly all Internet Service Providers (ISPs) automatically enable the SSL session described above, as do most online services such as America Online or Sympatico. If you use your company's internal connection to access the Internet and you find you can not access American Express' secured pages with an SSL browser described above, your company may be blocking access via a "firewall". Please speak to your firm's Internet access systems administrator for further details on your network's Internet access.
Q. When do I enter into a "secure SSL session"?
A. Secure SSL sessions are established in American Express Online Services areas where your personal information is being transmitted, including:
- Check Your Bill
- Online Services Registration
- My Account
- Check Your Points
- Card Applications
- Customer Service areas
- Membership Rewards Online
- Activating a Card online
Q. Why do I need an ID and password?
A. Many areas require the use of an ID and password as an additional security measure that helps protect your confidential information. This lets American Express verify exactly who you are, thereby allowing you access to your account information, and helping prevent unauthorized access.
Q. What should I do when I have finished accessing confidential data?
A. When you have finished using a secure area of American Express Online Services (e.g., view billing details), make sure you always click on the red "Exit Secure Area" link which appears on the left hand side of every secure page. When you click on it, you will be given the option to end your secure session. No further secure transactions can be conducted without re-entering your User-ID and password.
Q. Why can I still see some of my account information even after I have pressed the "Exit Secure Area" link?
A. Browser software often "caches" pages as you look at them, meaning that some pages are saved in your computer's temporary memory. Therefore, you may find that clicking on your back button shows you a saved version of a previously viewed page. Please keep in mind that caching in no way affects the security of your confidential User-ID or password. If you use your computer in a public place, please read "What should I do if I am using a 'public' computer?" below.
Q. What are "Cookies" and “Web Beacons”? Do I need to accept “Cookies”?
Q. After I type in my User-ID and password and then press submit, instead of seeing my account information, I just see the same page all over again. Why does this happen?
A. Most probably, you are using Netscape browser software, version 7.0 or higher, with "disable cookies" chosen. For reasons described in "Why do I need to accept a 'cookie' to access my Card account data?" below, you should make the following changes, please click on the "Edit” menu and select " Preferences ". Select the triangle next to "Privacy & Security" and select "Cookies". Select "Allow all cookies" or one of the other two enable options to accept cookies. Select "OK" to close the Preferences window. This change will allow us to confirm your identity and send you confidential account information..
If you are utilizing a different browser software, please consult the details on how to set cookie preferences on your version here
Q. I am trying to access my Card account information [or Membership Rewards information or Register for online services] and I keep getting sent to a page that talks about browsers and security. Why?
A. American Express believes strongly that we have a responsibility to protect your confidential information to the best of our abilities. In order to securely access your Card account information [or Membership Rewards information or Register for online services] via the Internet, we recommend you use the latest browser versions available. Access with Netscape versions before 1.12 (Mac or Unix) or 1.22 (Windows) is prohibited due to security concerns.