At American Express, we take cybersecurity seriously and value the contributions of the security community at large. The responsible disclosure of potential issues helps us ensure the security and privacy of our customers and data. If you believe you’ve found a security issue in one of our products or services please send it to us and include the following details with your report:

• A description of the issue and where it is located.
• A description of the steps required to reproduce the issue.

Please note that this should not be construed as encouragement or permission to perform any of the following activities:

• Hack, penetrate, or otherwise attempt to gain unauthorized access to American Express applications, systems, or data in violation of applicable law;
• Download, copy, disclose or use any proprietary or confidential American Express data, including customer data; and
• Adversely impact American Express or the operation of American Express applications or systems.

American Express does not waive any rights or claims with respect to such activities.

Please email your message and any attachments to responsible.disclosure@aexp.com