Following a public comment period, the Federal Trade Commission has approved final orders settling charges against Fandango, Inc. and Credit Karma, Inc.
According to the FTC’s complaints, the companies’ mobile apps left consumers’ sensitive personal information, including credit card information and Social Security numbers, vulnerable to interception by third parties. Among other things, the complaints allege that the companies disabled a process called SSL certificate verification that would have protected consumers’ information.
The settlements, first announced in March 2014, require Fandango and Credit Karma to establish comprehensive security programs designed to address security risks during the development of their applications and to undergo independent security assessments every other year for the next 20 years. The settlements also prohibit Fandango and Credit Karma from misrepresenting the level of privacy or security of their products and services.