23 July 2017
visit www.avoka.com

Credit Karma settles with FTC over app security failings

20 August 2014  |  4846 views  |  1 Security

Credit and financial management service Credit Karma has been ordered to beef up its security after a US watchdog found that its mobile app left users' sensitive personal information vulnerable.

After a settlement was reached in March, the Federal Trade Commission (FTC) has now approved final orders against Credit Karma and cinema ticket sales outfit Fandango.

The FTC says that both firms disabled SSL certificate validation for their iOS and Android apps, which would have verified that communications were secure. This left the apps vulnerable to man-in-the-middle attacks.

Credit Karma's actions left social security numbers, personal details and credit scores and credit report details such as account names and balances exposed to third parties. Among the data left vulnerable by Fandango were payment card details.

The FTC has ordered the firms to set up security programmes designed to address risks during the development of their apps and to undergo independent assessments every other year for the next 20 years. Fandango and Credit Karma are also prohibited from misrepresenting the level of privacy or security of their products and services.

Founded in 2007, Credit Karma provides free credit scores, reports and monitoring to Americans who, in exchange, see personalised offers from advertisers based on their credit profiles. Earlier this year it closed an $85 million round of funding, led by Google Capital.

Comments: (1)

A Finextra member
A Finextra member | 20 August, 2014, 12:33

Good to see that the regulators look into app security as well. Multiple mobile malware reports from the press calls for an increased focus on application hardening.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Twitter settles FTC security charges

Twitter settles FTC security charges

25 June 2010  |  7983 views  |  1 comments

Related blogs

Create a blog about this story (membership required)
visit www.worldpaymentsreport.comvisit vasco.com/news/PSD2-compliant-solutionsvisit www.niceactimize.com

Top topics

Most viewed Most shared
German fintech factory FinLeap raises EUR39 millionGerman fintech factory FinLeap raises EUR3...
14150 views comments | 19 tweets | 15 linkedin
Mastercard to buy AI outfit BrighterionMastercard to buy AI outfit Brighterion
10400 views comments | 14 tweets | 20 linkedin
Barclays rides payments-as-a-service wave with investment in Form3Barclays rides payments-as-a-service wave...
9280 views comments | 16 tweets | 12 linkedin
Mastercard and Scotiabank join Enterprise Ethereum AllianceMastercard and Scotiabank join Enterprise...
7909 views comments | 25 tweets | 16 linkedin
PayPal strikes deals with Chase and CitiPayPal strikes deals with Chase and Citi
7361 views comments | 9 tweets | 5 linkedin

Featured job

Competitive
London, UK (or flexible)

Find your next job