American Express Membership Rewards - Employee Can View Your Personal $spend Information With Amex=no Privacy=amex Business

If you are a business owner who has your business amex linked to your personal amex cards with membership rewards be aware that a secondary card holder such as an employee can view the following private information online without your permission or knowledge:

1.View all of your personal amex cards linked to membership rewards and view partial act numbers and type of amex card product.

2.View all of your spending on your personal cards and business cards that earn MR. Including how much on each card by seeing how much you earned in membership reward points each month on each amex product.

3.View what you have spent or redeemed your membership reward points on.

4.View your frequent flyer numbers for any airline you have linked

5.View your frequent guest numbers for hotels you have linked.

All your employee has to do to get the above information is register the secondary card online. This does not require employers permission. The employee then clicks on the Membership Reward Link and can view business owners personal and business information. The actual charge information of the primary or other secondary card holders will not be disclosed but obviously it is very easy to deduct that $1=1MR point. With Frequent flyer/guest numbers other information can easily be obtained.

IMHO Amex needs to fix this immediately and disclose customer privacy breach :(

If you are a business owner who has your business amex linked to your personal amex cards with membership rewards be aware that a secondary card holder such as an employee can view the following private information online without your permission or knowledge:

1.View all of your personal amex cards linked to membership rewards and view partial act numbers and type of amex card product.

2.View all of your spending on your personal cards and business cards that earn MR. Including how much on each card by seeing how much you earned in membership reward points each month on each amex product.

3.View what you have spent or redeemed your membership reward points on.

4.View your frequent flyer numbers for any airline you have linked

5.View your frequent guest numbers for hotels you have linked.

All your employee has to do to get the above information is register the secondary card online. This does not require employers permission. The employee then clicks on the Membership Reward Link and can view business owners personal and business information. The actual charge information of the primary or other secondary card holders will not be disclosed but obviously it is very easy to deduct that $1=1MR point. With Frequent flyer/guest numbers other information can easily be obtained.

IMHO Amex needs to fix this immediately and disclose customer privacy breach :(


How do you do that? I can't see any other account than mine and they are all linked online. I am an "additional" on an Open Rewards Business Gold and can't see anything about the "primary" at all, not even her account number. I can log into the rewards section, but I can't see a rewards statement, nor can I evidently redeem them as an "additional". When ever I click on any link it always tells me I can't "view" this.

Wouldn't you have to "Add an Authorized User to a Card Account" at the Authorized Access link?

I'm "pretty" sure the primary cardholder has to at least first authorize the additional cardholders to redeem rewards before the add'l cardholder(s) can see primary holder's MR info. Outlined in this thread: http://www.flyertalk.com/forum/showthread.php?t=580944


Not 100% sure though.

I'm "pretty" sure the primary cardholder has to at least first authorize the additional cardholders to redeem rewards before the add'l cardholder(s) can see primary holder's MR info. Outlined in this thread: http://www.flyertalk.com/forum/showthread.php?t=580944


Not 100% sure though.

I had read the other thread, but not replied (I have now). The point in this thread was as an "additional" I could not do what the OP was saying we could do as additional. All I can see is that she is a Plat, I am a Gold and we have 35,000+ points. I can't see any of her account information at all.

Posters such as Bassmount please do not confuse the readers of this message board. Bassmount you seem very confused to say the least since in another recent thread you started you state you were told by your employer to redeem Membership Rewards because they were expiring quicker then they could be used. Membership Rewards do not expire. I never stated an employee holding a secondary card could redeem miles without authorization.

Wouldn't you have to "Add an Authorized User to a Card Account" at the Authorized Access link?

NO. That is what is so disturbing.

Posters such as Bassmount please do not confuse the readers of this message board. Bassmount you seem very confused to say the least since in another recent thread you started you state you were told by your employer to redeem Membership Rewards because they were expiring quicker then they could be used. Membership Rewards do not expire. I never stated an employee holding a secondary card could redeem miles without authorization.

I never said you did, I was restating what I could not do.

So to clarify, Not only can I not do the rewards, I CAN'T SEE HER INFORMATION AS YOU CLAIMED EITHER.

The first time I ever went into the rewards section was when she told me to. She said we had rewards points "expireing" so I took her at her word. AND this is what I see...

http://i20.photobucket.com/albums/b233/bassmount/forfit.jpg

If Forfeited is not expiration, than what is it?

I can also see that she has a Plat. and I have a gold (as well as 2 other additionals and I can't see their information either), but I can't see who she has it linked to as far as airmiles, partial account numbers... nothing. Want a print screen for that too?

Oh and THANKS for being rude, it is much appreciated.


ETA: Anytime I click the links you say should be active for an "additional" I get this:

http://i20.photobucket.com/albums/b233/bassmount/authorize.jpg

[QUOTE=bassmount]
If Forfeited is not expiration, than what is it?
QUOTE]

The forfeited points you describe and were so kind to show me a picture are from not paying the bill on time and NOT EXPIRATION. I am sorry if I am rude but your confusion causes a distraction from a serious privacy breach issue by Amex that is described in my Original Post. I guess you could show more pictures if you want me to explain why you can not view what I describe in my Orignal Post.

[QUOTE=bassmount]
If Forfeited is not expiration, than what is it?
QUOTE]

The forfeited points you describe and were so kind to show me a picture are from not paying the bill on time and NOT EXPIRATION. I am sorry if I am rude but your confusion causes a distraction from a serious privacy breach issue by Amex that is described in my Original Post. I guess you could show more pictures if you want me to explain why you can not view what I describe in my Orignal Post.


I did, I edited to add it. Maybe you have to call and block additionals from seeing some of the information you are concerned with. Evidently she has a block for us to only see certian things. Maybe you need to call AMEX and have a talk with them.

[QUOTE=angrywithamex]


I did, I edited to add it. According to AMEX you have to call and block additionals from seeing some of the information you are concerned with. Evidently she has a block for us to only see certian things. Maybe you need to call AMEX and have a talk with them.

Do I have to prove everything you write is not correct?

I can assure you I have spoken with amex regarding this issue and was told they are aware of it and can not stop it/block it. The only reason I posted was becuase of Amex's response or should I say "lack of response" to this serious privacy breach. When Amex fixes this problem I will post imediately

[QUOTE=bassmount]

I can assure you I have spoken with amex regarding this issue and was told they are aware of it and can not stop it/block it. The only reason I posted was becuase of Amex's response or should I say "lack of response" to this serious privacy breach.

Then why can't I see what you are seeing?

I just thought of something. Do you think it is "how" it is linked? I mean I can't see anything on log-in except my own account to pay the bill (no other accounts are listed). Can your additionals see all of the accounts and what has been charged?

Meaning when I go into the dashboard, I can click "pay bill now" and see a total of what we owe. Then I can click on "recent activity" and see only my charges (no other cards linked). So, say we have a total of $5000.00 outstanding and I have only charged $400.00 then I can see the total of $5000.00 in the "Pay bill now" tab, but can not see how the others have charged and I have the option to "pay what I owe, or "pay in full".

I'm not trying to fight with you, but in a way I do resent your condescending tone. I'm sorry I do not see, nor can I access what you are saying "we" as additionals should be able to and the reason you are so upset with AMEX.

I have no reason to lie, I don't really care, but when I posted to say I could not see what you claimed and you came back in a rude way... WELL if you spoke to AMEX the way you typed to me, I can see why they didn't try to help.

Does anyone know if there is a federal law regarding a security breach? It seems to me California requires companies to disclose security breaches.

Does anyone know if there is a federal law regarding a security breach? It seems to me California requires companies to disclose security breaches.


Why not post under your real sign on. Why make a profile and post only a complaint about amex?

Does anyone know if there is a federal law regarding a security breach? It seems to me California requires companies to disclose security breaches.
That wouldn't be a security breach. Looking at others here, you're the only one seing the problem. If what you say is true, it would be something programmed into the system, not a breach.

Creating an account and posting complaints about a company and nothing else doesn't really help your credibility. Post some screen shots.. edit out names/account numbers.. Others have posted shots where the main cardholder has to authorize the newly added person, as well as another thread listed. Call Amex and express your dissatisfaction. Maybe they will rectify the situation for you.

First, only one very confused person ( a poster who thought her reward points were expiring becuase of time and not late payment)has said they could not see the problem.

Second, It is a security breach when we are talking about someone who is a not related and non authorized party viewing personal information which is much different than lets say a spouse with a secondary card.

Third, If you read carefully you would have read I have called amex and was told sorry they can not stop it/fix it. If amex contacts me or fixes the situation I will post imediately.

Furthermore credibility should not be an issue since anyone who reads the orginal post and has same type of accounts (business card and personal with primary on both and all earning MR , including secondary employee) should be able to duplicate the situtation.

Second, It is a security breach when we are talking about someone who is a not related and non authorized party viewing personal information which is much different than lets say a spouse with a secondary card.
secondary cards were originally setup for spouses, or other people you trust. I wouldn't give a secondary card to anyone unless I completely trusted them to the point that if they did see my spending, I wouldn't be too upset.
Third, If you read carefully you would have read I have called amex and was told sorry they can not stop it/fix it. If amex contacts me or fixes the situation I will post imediately.
Its a feature quite afew people do like, I'm sure, even if some don't. I'd also be curious to see if the original MR agreement contains anything about this access someone gets when you add them as a secondary party.
Furthermore credibility should not be an issue
I'm assuming you have another account on here. I don't know many people who would come to an aviation related forum out of the blue to complain about amex. Why wouldn't you use your regular account? I will accept that you may have found this amex forum via a search engine or something, but it seems odd.

First, only one very confused person ( a poster who thought her reward points were expiring becuase of time and not late payment)has said they could not see the problem.

Second, It is a security breach when we are talking about someone who is a not related and non authorized party viewing personal information which is much different than lets say a spouse with a secondary card.

Third, If you read carefully you would have read I have called amex and was told sorry they can not stop it/fix it. If amex contacts me or fixes the situation I will post imediately.

Furthermore credibility should not be an issue since anyone who reads the orginal post and has same type of accounts (Small business and personal with primary on both and all earning MR , including secondary employee) should be able to duplicate the situtation.


You are a sad little person. I actually asked a question about a function I have no experience with, got my answers and greatfully thanked people IN another thread other than this one I might add.

You on the other hand, even after proof, choose to only gripe and complain here (and degrade someone at every turn after I had left this thread alone. Yet you continue to sucker punch me).

Why don't you get on the phone and call the FTC, BBB, your state attorney general and gripe to them (and give them a good laugh), instead of nit picking those that are trying to help.

I have never ignored anyone on any message board in all the years I have been on the net, but there is always a first and that is you.

Good luck in you battle.

secondary cards were originally setup for spouses, or other people you trust. I wouldn't give a secondary card to anyone unless I completely trusted them to the point that if they did see my spending, I wouldn't be too upset..

I will try and make it more clear. I agree that a secondary on a personal account should be trusted to the point of seeing the primary spending. I am pointing out that an employee of a business can see personal information about the owner inlcuding their personal business

Why don't you get on the phone and call the FTC, BBB, your state attorney general and gripe to them (and give them a good laugh), instead of nit picking those that are trying to help.


People like you are dangerous. You say you are trying to help me yet you do not even have the necessary knowledge. Worse you spread mis-information such as Membership Reward points expire, etc. Please put me on ignore and quit posting on this thread. I find it hard to believe any government agency would laugh about this situation since lately task forces have been created just to locate a a missing laptop containing private information of individuals.

Just to make it clear. I DO NOT NEED YOUR HELP.