They will be operating as an SSL proxy. Your connection to them is encrypted and then their connection to your bank would be encrypted. This sounds horrible at first until you realize that you can disable the silk connection and that Amazon probably already has your debit/credit card numbers.
Sadly the Park Service used to stand up for Civil Rights. They desegregated even in states that had banned it and the officer guarding King during his iconic "Dream" speech was a Park Ranger (see image below).
I am pretty sure this can't be prevented. If you can get a Certificate Authority to issue a certificate for a domain then 99.99% of people won't be able to tell if the certification is legit or not. Most people couldn't tell the difference between certs issues by Verisign, Thawte, Startcom, or Comodo if they were shown the information and even those who could would still be hard pressed to guess which CA a website is using. I know Google uses Thawte and PayPal uses Verisign but that is it. CAs just need to keep up with their security I suppose.