Fandango, Credit Karma Settlements OK'd

FTC Charged Companies with Failing to Secure Customer Info
Fandango, Credit Karma Settlements OK'd

The Federal Trade Commission has granted final approval of settlements with Fandango and Credit Karma on charges that they failed to secure the transmission of millions of consumers' sensitive personal information from their mobile apps.

See Also: Is Cyberstorage the New Paradigm for Data Security?

The settlements, which were proposed in March, require the two companies to establish comprehensive security programs designed to address security risks during the development of their applications and to undergo independent security assessments every other year for the next 20 years (see: Fandango, Credit Karma Settle with FTC).

Fandango is an online service for purchasing movie tickets and finding movie times. Credit Karma is a Web-based credit and financial management service for U.S. consumers.

The FTC alleged the companies failed to take reasonable steps to secure their mobile applications, leaving consumers' sensitive personal information at risk. The agency's complaints charged that Fandango and Credit Karma disabled a critical default process, known as SSL certificate validation, which would have verified that the apps' communications were secure.

The disabling of SSL certificate validation made the companies' applications vulnerable to man-in-the-middle attacks, which allow cyber-attackers to intercept any of the information the apps sent or received, the FTC says.

"Consumers are increasingly using mobile apps for sensitive transactions," says Edith Ramirez, FTC chairwoman. "Yet research suggests that many companies, like Fandango and Credit Karma, have failed to properly implement SSL encryption. Our cases against Fandango and Credit Karma should remind app developers of the need to make data security central to how they design their apps."

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.