Fandango, Credit Karma agree to settle FTC complaints
Fandango and Credit Karma agreed today to settle complaints by the Federal Trade Commission that they failed to properly secure data that consumers imputed on their mobile apps, leaving them at risk of being hacked.
The companies disabled a "critical default process" (called SSL certificate validation) that would have verified that the communications over the apps were secure, according to an FTC press release.
By overriding this process, movie ticket provider Fandango compromised the security of purchases made through its Apple (AAPL) iOS app by failing to secure consumers' credit card information as well as their email addresses and passwords. Credit Karma, which provides credit score information, exposed even more personal information of their customers including Social Security Numbers, names, dates of birth and home addresses along with credit report details such as account names.
"Consumers are increasingly using mobile apps for sensitive transactions. Yet research suggests that many companies, like Fandango and Credit Karma, have failed to properly implement SSL encryption," said FTC Chairwoman Edith Ramirez, in a press release. "Our cases against Fandango and Credit Karma should remind app developers of the need to make data security central to how they design their apps."
The settlements requires Fandango and Credit Karma to add new security measures and procedures during development of their applications, and to undergo independent security assessments every other year for the next 20 years.
In a statement, a spokesman for Credit Karma said, "Credit Karma is actively cooperating with the FTC and entered into this agreement to reinforce its commitment to data security. This issue was limited to mobile applications operating on unsecured networks only, and has since been addressed. There are no known individuals who were affected as a result."
Representative from Fandango were not immediately available for comment.
Jonathan Berr
Jonathan Berr is an award-winning journalist and podcaster based in New Jersey whose main focus is on business and economic issues.
TwitterDisclaimer: The copyright of this article belongs to the original author. Reposting this article is solely for the purpose of information dissemination and does not constitute any investment advice. If there is any infringement, please contact us immediately. We will make corrections or deletions as necessary. Thank you.
