American Express may not Encrypt Your Online TransactionBy Dipankar Das, Gaea News Network
Wednesday, May 26, 2010
It must be scary to think that the biggest credit card companies have some serious lapses in online security. Unix man Joe Damato recently found that American Express is not maintaining the basic rules of security online. So, it is a word of caution if you are an American Express card holder, it is better that you avoid online banking in the short term.
When he requested among other things his credit card number, expiration date, and security code, he took a look behind the scene. He found that American Express is not using Secure Hypertext Transfer Protocol (HTTPS). They are sending the data (which contains full credit card numbers) back to their servers in plain text form. There is no encryption, no hiding, no scrambling, no nothing. So, the credit card company is running all of the transaction which is pretty much open to all without the knowledge of the owner. So, the information is free for hacking and picking.