American Express owns up to security bloomer

Must have got carried away with the festive spirit...

silicon.com has noticed quite a few online festive bloomers this year and it seems even global giant American Express can't get it right. The credit card company has launched into the festive spirit by offering cardholders the chance to win a luxury holiday to the Cayman Islands. All customers have to do is input their details - including their credit card number - on a simple web form, print it off and pop it in the post. Leaving aside the obvious clanger of having to print out a web form and send it by snail mail (so 1998), the form contains no SSL and caches the data, leaving users of shared machines, or in office environments, vulnerable to someone hitting the 'back' button on the browser to reveal all. A spokeswoman for the credit card firm's interactive division admitted the web page was not designed with security in mind: "We'll look at the design and change it if necessary. "Going forwards we probably should look at how people can reset or delete their information properly," she admitted.