American Express Security Q & A
American Express realises how important security is to you, so we've taken a number of steps that help enhance the safety and confidentiality of transmissions of private information sent from American Express over the Internet.
- Is my confidential information secure?
- Whenever American Express asks you to send confidential information over the Internet, including personal account information, we require that a "secure session" using SSL first be established.
- What is a "secure session" and how does it help keep my information safe?
- During a secure SSL session, information passed back and forth between your computer and American Express systems is secured by using public key cryptography. Your computer exchanges key information with American Express computers to create a private conversation that only your computer and American Express systems can understand.
- What specifically is SSL?
- Any time you access or supply Card account information in one of our secure online areas, that information is encrypted by a technology called Secure Sockets Layer, often abbreviated as SSL. SSL technology secretly encodes information as it is being sent over the Internet between your computer and American Express systems, helping to ensure that the information remains confidential. The use of SSL requires two components: an SSL-compatible browser and a web server to perform the "key-exchange" that establishes an SSL connection to American Express Web server systems.
- What type of browser do I need?
A. To benefit from SSL technology, you will need a browser with SSL capabilities. Examples of SSL browsers include Netscape 2.0, Microsoft's Internet Explorer 2.0, and the Web browser for America Online version 3.0 for Windows. (Note that some older versions of browsers will not support SSL sessions). If you don't already have a browser with SSL capabilities, you can download an SSL browser from either of the links below.
- What type of connection do I need?
- Nearly all Internet Service Providers (ISPs) automatically enable the SSL session described above, as do most online services such as Navigator, AOL, Pacific Supernet Ltd. If you use your company's internal connection to access the Internet and you find you can not access American Express' secured pages with an SSL browser described above, your company may be blocking access via a "firewall". Please speak to your firm's Internet access systems administrator for further details on your network's Internet access.
- When do I enter into a "secure SSL session"?
A. Secure SSL sessions are established in American Express Online Services areas where your personal information is being transmitted, including :
- Card Account Balance
- Membership Rewards
- Apply for a Card
- Why do I need an ID and password?
- Many areas require the use of an ID and password as an additional security measure that helps protect your confidential information. This lets American Express verify exactly who you are, thereby allowing you access to your account information, and helping prevent unauthorized access.
- What should I do when I have finished accessing confidential data?
- When you have finished using a secure area of American Express Online Services make sure you always click on the red "Exit Secure Area" link which appears on the left hand side of every secure page. When you click on it, you will be given the option to end your secure session. No further secure transactions can be conducted without re-entering your User-ID and password.
- Why can I still see some of my account information even after I have pressed the "Exit Secure Area" link?
- Browser software often "caches" pages as you look at them, meaning that some pages are saved in your computer's temporary memory. Therefore, you may find that clicking on your back button shows you a saved version of a previously viewed page. Please keep in mind that caching in no way affects the security of your confidential User-ID or password. If you use your computer in a public place, please read "What should I do if I am using a 'public' computer?" below.
- What should I do if I am using a "public"computer?
- If you use a computer that others also work and you are uncomfortable that they may view "cached" pages after you have left the station, then please quit/exit your browser software before leaving. This will decrease the possibility of anyone viewing your confidential information. No other users will be able to access your Card account information online without your User-ID and password.
- What are "Cookies"? Do I need to accept them ?
- After I type in my User-ID and password and then press submit, instead of seeing my account information, I just see the same page all over again. Why does this happen?
- Most probably, you are using Netscape browser software, version 4.0 or higher, with "disable cookies" chosen. For reasons described in "What are "Cookies? Do I need to accept them?" above, you should make the following changes: click on "Edit", then select "Preferences", then select "Advanced" (not the plus sign next to advanced). Finally, choose either "Accept only cookies that get sent back to the originating server" or "Warn me before accepting a cookie" and press "OK". This change will allow us to confirm your identity and send you confidential account information.
- I am trying to access my Card account information [or Membership Rewards information or Register for online services] and I keep getting sent to a page that talks about browsers and security. Why?
- American Express believes strongly that we have a responsibilty to protect your confidential information to the best of our abilities. In order to securely access your Card account information [or Membership Rewards information or Register for online services] via the Internet, we recommend you use the latest browser versions available. Access with Netscape versions before 1.12 (Mac or Unix) or 1.22 (Windows) is prohibited due to security concerns.