Security Q & A
American Express realises how important security is to you, so we've taken a number of steps that help enhance the safety and confidentiality of transmissions of private information sent from American Express over the Internet.
Q. Is my confidential information secure?
A. Whenever American Express asks you to send confidential information over the Internet, including personal account data, we require that a "secure session" using SSL first be established.
Q. What is a "secure session" and how does it help keep my information safe?
A. During a secure SSL session, data passed back and forth between your computer and
American Express systems is secured by using public key cryptography. Your computer exchanges key information with
American Express computers to create a private conversation that only your computer and American Express systems can
understand.
Q. What specifically is SSL?
A. Any time you access or supply Card account information in one of our secure
online areas, that information is encrypted by a technology called Secure Sockets Layer,
often abbreviated as SSL. SSL technology secretly encodes information as it is being sent
over the Internet between your computer and American Express systems, helping to ensure
that the information remains confidential. The use of SSL requires two components: an
SSL-compatible browser and a web server to perform the "key-exchange" that
establishes an SSL connection to American Express Web server systems.
Q. What type of browser do I need?
A. To benefit from SSL technology, you will need a browser with SSL capabilities. Examples of SSL browsers include
Netscape, Microsoft's Internet Explorer, and the Web browser for America Online for Windows. (Note that some older
versions of browsers will not support SSL sessions). If you don't already have a browser with SSL capabilities, you
can download an SSL browser from either of the links below.
Q. What type of connection do I need?
A. Nearly all Internet Service Providers (ISPs) automatically enable the
SSL session described above, as do most online services such as America Online
and CompuServe.If you use your company's internal connection to access the Internet and you find
you can not access American Express' secured pages with an SSL browser described above,
your company may be blocking access via a "firewall". Please speak to your
firm's Internet access systems administrator for further details on your network's Internet access.
Q. When do I enter into a "secure SSL session"?
A. Secure SSL sessions are established in American Express Online services areas where
your personal information is being transmitted, such as Account access and Card Application pages. The letters "https"
will appear in the URL when you enter a secure SSL session.
Q. Why do I need an ID and password?
A. Many areas require the use of an ID and password as an additional security
measure that helps protect your confidential information. This lets American Express
verify exactly who you are, thereby allowing you access to your account information, and
helping prevent unauthorised access.
Q. What should I do when I have finished accessing confidential data?
A. When you have finished using a secure area of American Express Online Services
(eg, View Billing Details), make sure you always click on the red "Exit Secure
Area" link which appears on the left hand side of every secure page. When you click
on it, you will be given the option to end your secure session. No further secure
transactions can be conducted without re-entering your User-ID and password.
Q. Why can I still see some of my account information even after I have pressed the "Exit Secure Area" link?
A. Browser software often "caches" pages as you look at them, meaning that
some pages are saved in your computer's temporary memory. Therefore, you may find that
clicking on your back button shows you a saved version of a previously viewed page. Please
keep in mind that caching in no way affects the security of your confidential User-ID or
password. If you use your computer in a public place, please read "What should I do
if I am using a .public. computer?" below.
Q. What should I do if I am using a "public" computer?
A. If you use a computer that others also work and you are uncomfortable that they
may view "cached" pages after you have left the station, then please quit/exit
your browser software before leaving. This will decrease the possibility of anyone viewing
confidential information. No other users will be able to access your Card account
information online without your User-ID and password.
Q. What are "Cookies"? Do I need to accept them?
A. A cookie is a text file on your computer that reminds our system of your particular
browser preferences and security requirements. We use a cookie to enable our server to recognise
you as an American Express online service user when you re-enter our site. If your browser
prompts you when a cookie is "served", you must accept it or access to confidential information
will be denied, because we will not be able to ensure that the data is being sent to the proper
parties. Because cookies are site specific, only American Express Online Services can access,
decode and make use of the information.
Q. After I type in my User-ID and password and then press submit, instead of seeing
my account information, I just see the same page all over again. Why does this happen?
A. Most probably, you are using Netscape browser software, version 4.0 or higher,
with "disable cookies" chosen. For reasons described in "Why do I need to
accept a 'cookie' to access my Card account data?" below, you should make the
following changes: click on "Edit", then select "Preferences", then
select "Advanced" (not the plus sign next to advanced). Finally, choose either
"Accept only cookies that get sent back to the originating server" or "Warn
me before accepting a cookie" and press "OK". This change will allow us to
confirm your identity and send you confidential account information.
Q. I am trying to access my Card account information [or Membership Rewards
information or Register for online services] and I keep getting sent to a page that talks
about browsers and security. Why?
A. American Express believes strongly that we have a responsibility to protect your
confidential information to the best of our abilities. In order to securely access your
Card account information [or Membership Rewards information or Register for online
services] via the Internet, we recommend you use the latest browser versions available.
Access with Netscape versions before 1.12 (Mac or Unix) or 1.22 (Windows) is prohibited
due to security concerns.
