It's a triple encoded payload that loads in a large HTML blob onto the page. The payload is 99% similar to Amex's actual page, it just submits the data to the attackers domain, and has a few extra fields like mothers maiden name, elementary school, etc.
The purpose of the obfuscation is 1) to prevent automated scanners and 2) prevent debugging of the script.
Since we did static analysis it did not impact the result.
