WASHINGTON, DC--(Marketwired - Apr 15, 2014) - Last month the two mobile apps, Fandango and Credit Karma, settled with the Federal Trade Commission (FTC) over charges that both companies had falsely represented the security of their mobile apps, leading to an insecure transmission of sensitive personal data of millions of customers. The FTC argued that the credit monitoring company, Credit Karma, and the movie ticketing service, Fandango, both failed to take appropriate measures to guarantee secure transmission of customers' sensitive personal data, allowing attackers to intercept and access email addresses, names, passwords, social security numbers, credit card information and credit report information. Now, the FTC ordered the two companies to put comprehensive security measures in place to minimize security risks during the use of their mobile apps. On top of that, Fandango and Credit Karma agreed to undergo security assessments every other year for the next 20 years. After the settlement, Edith Ramirez, FTC Chairwoman, said: "Our cases against Fandango and Credit Karma should remind app developers of the need to make data security central to how they design their apps."
Fandango and Credit Karma both could have avoided the charges by the FTC if they had enabled SSL certificate validation. SSL, short for Secure Sockets Layer, is an industry standard that ensures that no attacker can intercept the transmission of sensitive data and secures the communications of an app. Applications that use the SSL protocol verify certificates presented by online services to guarantee a safe and encrypted transmission. If the SSL certificate validation enabled, as in the case of Fandango and Credit Karma, the mobile app becomes vulnerable to man-in-the-middle attacks. While the FTC demonstrated an existing vulnerability, no consumer information was compromised by Fandango's nor Credit Karma's failure to put security measures in place, which could explain why the FTC agreed to a settlement without monetary penalties. In an article regarding the recent development of FTC case against Fandango and Credit Karma, Sarah Coffey of Ifrah Law, a Washington-based law firm founded by attorney Jeff Ifrah, points out the importance for companies to take necessary security steps before launching a new mobile app.
Jeff Ifrah and his team of attorneys are experienced in advising companies that are approached by the Federal Trade Commission or other state agencies. Jeff helps his clients to put appropriate policies and procedures in place and develops a sound legal strategy in case a company gets involved in potential security or data breach accusations. With the growing representation of companies on the Internet, collecting, using and protecting consumer information plays an increasingly important role. As a result, consumer advocacy groups and government regulators are keeping a watchful eye on companies to ensure they adhere to all rules and regulations. Jeff helps clients from various industries as well as website operators to draft their privacy policies to avoid legal issues with regards to data protection.