Slashdot Mirror

https://www.americanexpress.co...

An interesting question. I've never had anyone questing the 'common knowledge' before and it occurred to me that while I've heard this I never bother to google it.
Although If i had cared before I probably would have and I would suggest you do when you have such questions.

https://www.americanexpress.co...
https://www.washingtonpost.com...
https://www.thebalance.com/pol...

I didn't cherry pick these these were just on the top of the relevant results in google. Before you react it is good to research.

Men are told they can't get into child care, ok not because they, stupid but because they are not capable of controlling themselves.

Ever heard the sayings:
Men can't multitask?
Men don't ask for directions?
what about this article that described how women better at certain tasks:
http://www.livescience.com/470...
or this one https://www.americanexpress.co...

I have never thought women where less smart than men, in fact I was of the opinion that the where smarter.

Men are often portrayed in media as beer swilling, sex crazed, idiots that can't be pried away from watching sports.

To reference the Simpsons, which was mentioned in the last thread, rank the family in order of intelligence.

My guess would be:
Lisa, Marge, Maggie, Bart, Homer.

4 different Credit Card companies in the US (Visa, MasterCard, American Express, and Discover) will no longer cover fraudulent charges on non-chip transactions starting in October 2015.

Visa:

Effective 1 October 2015, Visa's global counterfeit liability shift will be instituted in the U.S for POS transactions. With this liability shift, the party that is the cause of a chip transaction not occurring (i.e., either the issuer or the merchant's acquirer processor) will be held financially liable for any resulting card present counterfeit fraud losses. The shift helps to better protect all parties by encouraging chip transactions that use unique, dynamic authentication data.

-- Source (PDF)

MasterCard:

The April 2013 acquirer readiness date is the first step in preparation for MasterCardâ(TM)s liability shift, which takes effect October 1, 2015. This liability shift directly affects acquirers and issuers as it pertains to counterfeit fraud. This means that the party, either the issuer or merchant, who does not support EMV, assumes liability for counterfeit card transactions. In addition, MasterCard supports a liability shift for lost, stolen, and never received or issued (NRI) cards to the party that does not support PIN as a cardholder verification method. If neither party supports PIN, only the counterfeit liability shift rules apply. The liability shift does not apply to Automated Fuel Dispensers (AFDs) until October 1, 2017

-- Source (PDF)

American Express:

Effective October 2015, American Express will institute a Fraud Liability Shift (FLS) policy that will transfer liability for certain types of fraudulent transactions away from the party that has the most secure form of EMV technology. U.S. fuel merchants will have an additional two years, until October 2017, before the FLS takes effect for transactions generated from automated fuel dispensers.

-- Source

Discover:

In alignment with U.S. EMV migration timelines, Discover is introducing Fraud Liability Shift for Discover Network (in the U.S., Canada and Mexico) and PULSE (in the U.S.), effective October 1, 2015 at point-of-sale terminals and Oct. 1, 2017 at automated fuel dispensers. This Fraud Liability Shift policy will be a risk-based payments hierarchy that benefits the entity that leverages the highest level of available payments security. As Fraud Liability Shift is already in place for Diners Club International (effective December 31, 2012 for mandated Participants), Discover will have one standard liability shift policy in place across all networks by October 1, 2015.

-- Source

So, I expect everyone in the US will start seeing new cards issued this year even if their card isn't set to expire.

Define 'protected'.

Well, according to the Visa and MasterCard contracts you sign, you, the consumer, are not liable for fraudulent or unauthorized usage of your credit card credentials. Here's Visa's statement and here's MasterCard's. Just for fun, here's Discover and American Express's, both of which promise zero liability if you act like a rational human being. And since 1998 the FDIC covers about $250,000 in losses relating to your bank account, including unauthorized use of your ATM card. So looking at all of those liability statements, since the data breach was not the result of gross negligence on the part of the cardholder, the cardholder is not liable for any fraudulent charges made in their name.

Furthermore if anyone steals my credit card, bank card, ATM card or card information, or if something happens to the bank, like a robbery or the bank folds (provided my bank is FDIC insured, of which nearly 7,000 banks are): I, the consumer, am not liable. Either my credit card company knocks it off my bill (in the case of credit card fraud) or the Federal Government covers the losses up to $250,000 per bank (in the case of ATM card fraud or bank losses).

Those are all legally binding contracts in the United States. The European Union has similar systems in place, and has had deposit insurance since 1994, though that just covers the minimum coverage mandated under EU regulations (current minimums are €50,000, as of 2008, more information here). Most countries cover up to €100,000, including Belgium, Bulgaria, Cyprus, the Czech Republic, Finland, France, Germany, Greece, Hungary, Italy, the Netherlands, Portugal, Spain, Sweden, and Slovakia (among others). The UK covers up to £85,000 in a rather complicated scheme of percentages, and the Irish government will guarantee all the money in your bank accounts.

Certainly seems safer than putting your money in an escrow account controlled by a marketplace known for its illicit drug trade, and whose predecessor was taken down amidst a murder-for-hire scandal.

• Amex (varies by card)
• Capital One

While a bit old, it's still valid. Sorry to hear about your luck, I've been bitten by return periods (with brakes) but I ended up reselling them on my own. As far as computer components, I prefer to buy those from a walk-in retailer like Microcenter. They're right down the street from me and I prefer being able to do returns same day if there is an issue. Anyway, sorry to hear about your misfortune, that'd piss me off, happy holidays!

You, sir, have obviously never tasted the fine watery goodness that is Bling H2O. Be sure to try the "The Ten Thou", for only $2,600.

    For some people, no price is too high, for a HDMI cable, or a bottle of water... They're easily identified by waving their Centurion Card around, and ordering "the best" and "the most expensive" of everything, but for some reason always forgetting to leave a tip.

my employer has made it clear that they want their employees to cooperate fully with these searches, and afterwards tell corporate security. Realistically, it's the only reasonable thing for the company to expect.

Is this explained to your clients in your companies privacy policy? I'm rather interested in knowing what my credit card companies policy is regarding data safety. Unfortunately, that part of the web site doesn't work. Some of the information being seized may be my information, even though I am not the one traveling. Do I have legal recourse if my information is copied from the laptop of a company I do business with?

I think the next line of defense in that sort of thing, provided it isn't shut down by TPTB as facilitating "terrorist money laundering" is to buy gift cards from credit card issuers that look just like regular debit cards to an online merchant but are actually pre-paid debit cards. These can be issued in any name (so far) and don't require identity verification for that name. So if they put a collection on the credit report of Mickey Mouse, so be it.

Well, the article mentions that you could do this by getting an anonymous pre-paid credit card. Does anyone have further information on this? That sounds interesting....

I googled for a couple, but, most seemed to be overseas 'banks' that have you send $250 or $1K or more to them, and they send you a working 'number'. I'm just a little hesitant to try something like that I'd not heard of before.

Anyone have experience with things like that?

KLM also has supposedly the worst record of losing luggage in Europe that's why they introduced RFID in order to improve this (one of the reasons they had such a bad record was that they have a lot more people transferring through Amsterdam rather than using it as a start or end point). However, despite that, I've flown KLM on average twice a month for the past two years and my luggage always arrives. I've even tried short connections and awkward routings and my luggage has still arrived fine. I feel ripped off, my Amex card has excellent luggage loss protection (£750 if gone missing for at least 6 hours plus a further £1000 is it's lost) - my luggage goes missing and I have loads to spend on new clothes. Damn you KLM, you're supposed to be the worst in Europe for baggage handling but not once do you lose my luggage, not a nice way to reward my frequent travelling :(

It isn't helped by some of the 'genuine' emails one receives from
supposedly reputable financial institutions.

For example I received an email purporting to be from American Express,
one of the links in it was of the form that showed
https://www.americanexpress.com/messagecenter,
however it actually pointed to
http://www65.americanexpress.com/clicktrk/Tracking ?mid=AnIdentifyingNumber&msrc=ENG-YES&url=https:// www.americanexpress.com/messagecenter

i.e It purported to be a secure link, but actually was not.
It piped the request through another (insecure) URL.

I sent it on to the American Expresses Phishing people, and got only an
automatic reply.

Finally I phoned American Express Customer service who assured me that it was real,
on the basis that they did actually send out emails like that. (!!!!)

It showed all the hallmarks of a phishing email, and yet ultimately was genuine.

How I am ever going to explain to Aunt Mary what signs to look out for
in phishing emails, while the real financial institutions send out
stuff like this, I don't know.

You're right, it is a Herculean task.

It isn't helped by some of the 'genuine' emails one receives from
supposedly reputable financial institutions.

For example I received an email purporting to be from American Express,
one of the links in it was of the form that showed
https://www.americanexpress.com/messagecenter,
however it actually pointed to
http://www65.americanexpress.com/clicktrk/Tracking ?mid=AnIdentifyingNumber&msrc=ENG-YES&url=https:// www.americanexpress.com/messagecenter

i.e It purported to be a secure link, but actually was not.
It piped the request through another (insecure) URL.

I sent it on to the American Expresses Phishing people, and got only an
automatic reply.

Finally I phoned American Express Customer service who assured me that it was real,
on the basis that they did actually send out emails like that. (!!!!)

It showed all the hallmarks of a phishing email, and yet ultimately was genuine.

How I am ever going to explain to Aunt Mary what signs to look out for
in phishing emails, while the real financial institutions send out
stuff like this, I don't know.

You're right, it is a Herculean task.

American Express site seem to have problem with non Microsoft, Non IE platforms. I stopped using their credit cards anyway. Here is one if you don't belive me. Kinda funny lookingin Firefox(I am using firefox 1.5 Beta 1). I heard stories recently they don't you hire if you are using a Mac.

https://www124.americanexpress.com/cards/home?acti on=notregistered

A few years back, 7-11 had AmEx "gift cards" that you could add value to just by handing cash to the clerk. There was no ID or age check to get one. That pilot program ended

If it ended, then why is American Express still advertising its Travelers Cheque Card program?

Of course, were this actually the case, then what this would mean for educated technical users like thee and me is that any time you used Citibank's on-line website, and encounter the login, you ought to call 1-800-555-1212 to verify that Citibank Credit card customer service is still available from 1-800-950-5114, call that in turn, work your way through the phone menu, and politely ask the customer service representative to confirm that the accountonline.com domain is in fact under Citi's direct control.

However, having just checked, Citi.com is an alias for (as the https: certificate shows) the www.citibank.com server. While connecting to either over https: (or to the accountonline.com http: or https:), you are redirected to the http://www.citibank.com/ server; the top sign-on link is based on https://web.da-us.citibank.com/ for no apparent reason (but at least has the right subdomain), and the prominent "Sign on to your accounts" is merely a drop down of account types (such as credit card), redirecting you to a page on https://www.citibank.com/ — someone over there may have been learning from being a bad example. Where'd ya get the "accountonline.com" URL from?

On the other hand, Amex's secure site first coughs and chokes because the server certificate is actually for the akamai.net hosting server, before letting you through for sign in to an encrypted page... with an uncertain recipient. How many of their clients can say "man in the middle", d'ya think?

Of course, worst of the lot is Chase: in addition to your security lock idiocy, their secure server redirects back to the insecure server. Good for performance, really CRAPPY for security. The lock graphic isn't bad... but that should be the ONLY thing there, linking to a https: page with the login/password form. Possibly even one with minimal graphics. It's almost enough to make me apply for a Chase card, just so I can call them and give this as a reason for cancelling service... "I do a fair bit of internet shopping, and you obviously don't pay enough attention to internet security."

Actually, didn't they just snail mail me a card application...?

For those who would like a secure login to AMEX, I ran across this URL recently: https://www.americanexpress.com/links/myca/

American Express just rolled this out a few months ago with their Express Pay service. You can even see the RFID loop antenna and chip through the cards if you have one of the clear Amex Blue cards. As you can see from the site, the participating merchants list is rather short right now, but as it's interoperable with other ISO 14443 systems, like MasterCard's will be, support will probably rise.

Not for long, they are trying to make these type of scans manditory, if you handle Credit Card information at all. This includes all those Mom and Pop hosted sites too.

You speak the truth. The AmEx website about it is located here. According to their website you can use it at CVS, and it appears that Fry's is on board as well (and mentions 6 other chains as being "Featured Merchants". From what I understand it was in a piloting phase for a while, and they are actively hunting partners. Being a user of their product, I like it quite a bit, but I probably spend more money with the thing than I would if I didn't have it.

American Express is also starting to roll out an RFID solution, although seperate from their card and also available on a preload basis. Their national partner I am aware of seems to be CVS drugstores, which seems to have rolled out credit card terminals which can read these cards locally even through I know of no other place I could use their RFID tag.

Already been done. From Here:

THE MEMBERSHIP REWARDS PROGRAM FROM AMERICAN EXPRESS LETS CARDMEMBERS ROCKET INTO ORBIT THROUGH SPACE ADVENTURES LTD.

NEW YORK, March 03, 2004 -- American Express today announced that cardmembers enrolled in its Membership Rewards program can now redeem points with Space Adventures Ltd., the world's leading space flight experiences and space tourism company. For the first time, cardmembers can touch the edge of space and revel in the weightlessness of Earth's orbit by using points to get there, adding to the universe of already abundant experiences Membership Rewards enrollees can enjoy.

"Space Adventures is the latest of many unique experiences we offer to fuel our enrollees' imaginations and prompt our cardmembers to ask not just what they can do with points, but how far they can go with them," said Chris Lynch, vice president, Rewards Management at American Express. "Without dipping into their wallets, cardmembers can redeem for an almost limitless number of things -- like a journey to the cusp of space or a rejuvenating day at a luxurious spa -- and use points to cover the costs."

American Express is offering three Space Adventures packages to enrollees who wish to experience the sights and sensations of space travel:

* Zero-Gravity Flight (1,000,000 points): Experience weightlessness by traveling in a specially outfitted jet aircraft that is used to train astronauts to work and test equipment in a weightless environment.

* Edge of Space Flight (3,000,000 points): Fly in a MiG-25 supersonic jet at up to two-and-one-half times the speed of sound (Mach 2.5) and above 80,000 feet, where one can see the curvature of the Earth and the blackness of space.

* Sub-Orbital Space Flight (20,000,000 points): Reserve your seat now for a ride aboard a sub-orbital spacecraft that will climb to an altitude of 62 miles, expose you to experience several minutes of weightlessness and treat you to Earth views from space.

I have a Visa Platinum card (issued through BofA) so I went looking to verfiy this warranty doubling feature.

I found this, which is an extended warranty program. Pay extra for more warranty. Not what the poster was referring to.

I dug some more and found this, which is a benefit that will replace any item purchased on certain types of Visa cards for any reason, fire, theft, water damage, elephant stepping-on, anything, within the first 90 days of purchase. That's nice, but not the same thing the OP is referring to.

Sorry, but could the OP provide some documentation for this "double warranty" coverage? I'm interested but skeptical. I know that American Express provides that, but I can't find anything that says Visa will do it.

It's easy to circumvent these pages with a man in the middle, since you control the login-form:

Low-Tech - Easier to spot
1. Modify the login form's action to point to your own non-ssl capturing script. Tell the user the service is down, you now own his account.

Medium Tech - Harder to detect, but some users may look for the SSL lock.
1. Your capture script attempts to log-in to the real site with the supplied info.
2. Proxy the traffic, rewrite URLs.

Higher Tech - Only paranoid people will detect it
1. Get yourself an SSL cert for a domain name close enough to your target, and use it on you capturing proxy. Now even the browser lock will show up.

The Banks are stupid, they should at least provide a link to a secure login form. Right now, an ugly workaround is to use an invalid username/password to get to a secured login form.

I complained to American Express. I did not even get a reply.

The main page login dialog here does not work with FF. If you select the "Benefits" link on that page, then select "Manage Your Account", that login screen will work with FF. Odd, they get you to the same place but they have two front ends for it. Everything else works with FF from that point on. Sloppy on their part.

AmEx provides SmartCard readers for its Blue line, with a program already embedded in the chip on the card.

Pretty cool.

AmEx provides SmartCard readers for its Blue line, with a program already embedded in the chip on the card.

Pretty cool.

Actually, American Express used to have (until April of this year) something like a one-time-use account number. It was called Private Payments, and you could generate a new, temporary account number from their secure website. Although it wasn't truly one-time use, it was only valid for 30 days and could be cancelled at any time by the cardmember.

Now that PrivatePayments has been discontinued, I purchase Visa Gift Cards (pre-paid Visa cards) and use them for my small/medium-ticket on-line purchases. For major purchases I use a Visa card with fraud protection and check the account activity on-line at least once a week.

But in any event, you should never be liable for a fraudulent credit card transaction. That doesn't mean you can be careless with your account information, but if there is a fraudulent charge you're not out any money if you pay attention and dispute the charge within the specified period of time.

The real danger is ACH (Automated Clearing House) transactions against your bank accounts. Any person or organization that has the ability to perform ACH transactions (and there are plenty of third-party processors with low scruples and high tolerence of unethical behavior) can suck money DIRECTLY from your bank account. All they need is your bank routing number and bank account number. They don't need your name, address, phone number or any password or PIN (they are supposed to get your written authorization first, but there's no mechanism to check or enforce this before the fact). There is no verification or fraud protection system for ACH, as there is on most credit cards. The merchant simply asks and he receives.

And unlike credit card disputes, where you don't pay until the dispute is settled, ACH immediately withdraws the money from your account and you have to wait for the dispute to be settled before getting your money back (if ever). Since there are no limits on ACH withdrawals, (other than having sufficient funds for payment), one fraudulent charge can lead to bounced checks, overdraft fees, returned check fees and more, increasing your loss by hundreds of dollars.

There's no mechanism to opt-out of ACH or limit transactions to only approved merchants. Once a fraudulent charge is made you may be able to block further transactions by that merchant, but possibly only for a limited time and with payment of a stop-payment processing fee. The only real relief is to close the account and open a new one (resulting in administrative hassles and costs for new checks and forms).

How hard it is for a bad guy to get your bank routing number and account number depends on how use your checks. The routing and account numbers are required on the bottom of each check. It takes a few seconds for a dishonest cashier, clerk or other employee to copy this info down and sell it later. The lock-box services used by large creditors often convert paper checks to ACH transactions themselves, then discard the paper checks; depending on how discarded checks are handled, they might be subject to unwanted access. Your own handling of unused and cancelled checks also comes into play.

American Express's one-time card number system was called Private Payments, but they cancelled it just a few weeks ago. I'm guessing because not enough people used it. I used it for all my on-line purchases, because even if I'm not liable for fraud, the trouble of generating a one-time number (and their site was a bit of a pain) is worth avoiding the hassle of the fraud recovery process. As a bonus, nobody could automatically renew any subscriptions I bought.

The catch? The transaction fees on these things are horrendous. Anybody who has the credit history to qualify and the personal resolve to not charge things they can't pay off is better off getting a real credit card... those are free to have, free to use, and also contribute good notes to your credit history for your future credit requests.

AmEx just canceled their disposable number service (called "Private Payments"). Ticks me off, because it was one of the reasons I got my AmEx card in the first place...

...and totally off topic, but these little bits with Jerry Seinfeld and an animated Superman are pretty good:

The Adventures of Seinfeld and Superman

Unless of course the owner bought it with an American Express card :)

If you want to be careful, use a service like American Express's Private Payments, which generates a one time use credit card number for you.

I can't say where Visa are but from my limited experience working for American Express I can see where my employers are at. The nearest thing approaching micropayments is ExpressPay which is more like the Exxon/Mobil SpeedPass. The Amex system to my knowledge is considered to be in trial status, mainly around Phoenix, AZ, at this time

To my knowledge there isn't any thing else in development. But if American Express at the corporate level were to see value in micropayments and that it would prove useful as a service to its premium cardmembers (and that it would generate profit for the company and fit in with the company image), I'm sure that they'd go for it.

But as other posters have said, Paypal is quite suited for micropayments as it is, and what ever happened to using your cellphone for them micropayments?

Mark.

PS: Disclaimer: The views expressed here (if I did express any) are mine, not of my employer (American Express).

Something i've found useful (and this requires interaction with USPS) in reducing the number of calls I get at home was to register directly with the DMA to no longer be called/mailed/whatnot from their members. I don't need to fill up my trash can, fireplace, or recycling bin with the junk they mail me. Here's the link so you can do the same for yourself. Yes, it requires a stamp, printer and envelope but I place the cost of printing and mailing close to $1 for most people. As I work from home, this has been necessary and helps get my name off the lists. Also, be sure to pay close attention each time a company you do business with mails you a copy of their privacy policy. American Express provided a nice form in one of the bill envelopes to fill out and mail-in saying I did not want to be bothered by their partners. Be sure to pay attention to what is in those envelopes even if you pay your bill online (as I do) to not miss those important chances to reduce the junk that fills up your phone line, email box, or postal box from companies.

Doesn't American Express have something like this? It's called Private Payments. It gives you a unique number that's lets you obscure your identity.

Now there's probably a market for teenagers and such. But I'm thinking pre-paid cards will take care of that...

In Japan is is absolutely critical for every teenage girl to have exactly the same stuff as every other, or else she faces some rather severe social consequences. It's no secret that these girls/sheep run the Japanese economy.

Yes. It's a good thing teenage American girls don't run their own economy...

I kid. I don't have one and you can't "apply" for one either. Read more about it here and see it here.

ExpressPay

I hope these guys get the chair. Seriously. My wife and I are *very* careful online, and in all purchases - even so far as shredding all information before it goes into the trash.

The last two weeks we've had identity/credit theft again.. the second time within a year. Let me tell you first hand, this is NO fun. I spoke with our Credit Union representative about this - she stated that members are being hit with this almost nonstop, and it only shows signs of getting worse. Even better, now (she stated) they have perfected forging other things like money orders and the like, which is on the rise as well.

This hacking sounds "interesting" up to the point you've lived through it first hand. Now, I just want these guys caught and put away. However, the responsibility doesn't simply rest on their shoulders. Visa and other Banks should have the pants sued off them for giving the public such a laugh of security in the form of credit cards. Why lawsuits? Because once you hit their precious pocketbooks, they will finally take this stuff seriously. If the public truly understood the depth of how laughable the security is, I think they would experience mass account closures almost overnight.

The ease of use of these things is apalling. Heck, once they have a number, how hard is it to get the rest of the data like address and phone? What a laugh.

People - protect yourselves. I'm looking more into this: [Private Payments]
as a method of protecting my primary cards. If anyone else has suggestions, please let me know.

I use my American Express private payments number, which expires in 1 month. Sure, the system will keep the number in its database, but it's only good for two uses or 1 month, which ever comes first.

Anway, back to my point. I found a solution to this problem, American Express have a service called Private Payments that allows you to get disposable numbers that only work once. Since I have been using this service I haven't had problems with my number being stolen. Also, since American Express allows you to dispute charges without paying for them unless you loose the dispute, I never had to pay any of the $9.95 charges.

Back on topic, as IP telephony becomes more widely used, encryption is going to be a neccessity. When people buy things and give credit card numbers over the Internet conversation, encryption will be the only protection against crackers intercepting the conversation and stealing numbers. When was the last time you ordered anything from a site that wasn't using SSL?

--

We, Canadian or American, will never see a cash replacement like this.

Funny. I've seen plenty of "gift cards" floating around the US. Anonymous plastic cards with magnetic strips, the issuer keeping track of how much money is on each card. In most cases, you can add money at the checkout counter by giving the checker cash, check, or traditional plastic. Some are just accepted by the issuing store. Others are linked into the existing credit/debit card network. Examples:

Shell (only accepted by issuing store)
Discover
National City/Visa
Bank of America/Visa
American Express

The last two have the recipient's name on the card, but it is legal and unchecked to give them a pseudonym for privacy reasons.

It's strange to see the banner of liberty go back to the French, after so many years.

This may just be my libertarian bias talking, but having something arise from the private sector seems more free than having the same thing imposed by government fiat.

American Express doesn't really want no one linking to its site. From a marketing standpoint it's ludicrous to expect google to issue them a letter asking for permission to send potential credit card customers over. Rather, they want a basis on which to send a threatening, yet legally hollow, threat to the owner of a site that criticizes AmEx and does so with supporting hyperlinks.

For instance, it would be difficult to pick apart AmEx's Privacy Statement in its entirety without either linking to (linking policy violation), or reprinting it (copyright violation).

However, if you make a statement in your blog regarding how much you love their blue card and include a link to the application page, don't expect an ominous letter sent certified mail anytime soon.

American Express doesn't really want no one linking to its site. From a marketing standpoint it's ludicrous to expect google to issue them a letter asking for permission to send potential credit card customers over. Rather, they want a basis on which to send a threatening, yet legally hollow, threat to the owner of a site that criticizes AmEx and does so with supporting hyperlinks.

For instance, it would be difficult to pick apart AmEx's Privacy Statement in its entirety without either linking to (linking policy violation), or reprinting it (copyright violation).

However, if you make a statement in your blog regarding how much you love their blue card and include a link to the application page, don't expect an ominous letter sent certified mail anytime soon.

If a company such as American Express doesn't want me to link to them, what if I provided a link on my site such as americanexpress.com? You don't actually own the representation of the human-readable address, do you?

(Just for grins, compare sections three and eight of the American Express rules & regs.)

These are very important rules here people! How hard is it to obey a disclaimer by not copying material or hyperlinking to it? Their Disclaimer clearly states

"American Express prohibits caching, unauthorized hypertext links to the Site and the framing of any Content available through the Site"

It really says this... go ahead and read it.

And by the way, be sure to disable caching or history in your browser before visiting the site.

...unless Visa (credit card corp) is planning on going into the travel visa business with a one-card system (all your info is based on the numbered tracks on your card, which reference a central database). Even then, there is no case at current until Visa owns the travel visa process.

I don't know much about Visa (I use American Express) but I do know that Amex are a massive travel agency in addition to their charge card business, one of the largest in the world. Diners Club are also heavily involved with the travel industry. It depends on what travel related services Visa provide their customers. If they (Visa) do, then they have a case that eVisa were infringing.