Comment AMEX security (Score 1) 68
I have a corporate AMEX card and compared to my personal Visa/Mastercard cards, security is unbelievably worse.
For Visa/Mastercard cards issues by a local bank, authentication and operations like changing the PIN is done by an IVR system with a preshared password. Sometimes for extra security a live person asks some basic questions like the passphrase or you last weeks' expenses. In fact the bank warns me that I should NEVER tell anyone the card details such as its number, expiration date and CVC code. They rely on other details for authentication, which means if an unreliable bank employee or an eavesdropper records all this info, they will be unable to use it to spend your money.
When I activated my AMEX card, the customer rep asked me for all information printed on the card (including the number, all codes, expiration date etc.), and even was helpful enough to set the PIN retrieval number to the batch code of the card (printed clearly on the front of the card)!
Also, it appears they have no SecureCode/3DSecure system. Sometimes (but not always) online charges ask for your ZIP code (but not a one-time password like other banks do).
AMEX security looks like it was designed by a first-year student. Maybe it's a common thing for US banks to put convenience before security. European merchants frown upon chipless cards and ask for proper ID, and almost all online purchases require 3dSecure/SecureCode authentication with a one-time password (usually sent by SMS or a hardware token).