AmEx Security Lapse Discovered
A computer engineer found that a supposedly secure portion of the company's web site isn't.
A computer engineer has discovered that a supposedly secure portion of American Express' web site is sending private information in the clear.
"Joe Damato wrote in a blog post Tuesday that he received a promotional email from American Express encouraging him to sign up for the Daily Wish service, through which cardholders can receive hefty discounts on a limited amount of merchandise, such as computers and camcorders," writes SC Magazine's Dan Kaplan.
"If users click on the 'Sign up for Daily Wish' button, they are prompted to enter personal information, such as name, card number, security code, expiration date and billing zip code, into a pop-up box," Kaplan writes. "The box includes a 'This page is secure' notification link, but upon further review, Damato found this not to be the case."
Click here to read the SC Magazine article.