According to the FTC’s complaints, the companies’ mobile apps left consumers’ sensitive personal information, including credit card information and Social Security numbers, vulnerable to interception by third parties. Among other things, the complaints allege that the companies disabled a process called SSL certificate verification that would have protected consumers’ information.
The settlements, first announced in March 2014, require Fandango and Credit Karma to establish comprehensive security programs designed to address security risks during the development of their applications and to undergo independent security assessments every other year for the next 20 years. The settlements also prohibit Fandango and Credit Karma from misrepresenting the level of privacy or security of their products and services.
The Commission vote approving the final orders and letters to members of the public who commented on them was 4-0, with Commissioner McSweeny not participating. (FTC File Nos. 132-3089 and 132-3091; the staff contacts are Nithan Sannappa, 202-326-3185, and Jarad Brown, 202-326-2927.)
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.