Two top mobile apps, Fandango and Credit Karma, settled with the Federal Trade Commission (FTC) last month over allegations that both companies had falsely presented the security of their mobile apps, resulting in insecure transmission of sensitive personal data for millions of app users. The FTC argued that the credit monitoring company, Credit Karma, and the movie ticketing service, Fandango, both failed to take appropriate measures to guarantee secure transmission of customers’ sensitive personal data, allowing attackers to intercept and access email addresses, names, passwords, social security numbers, credit card information and credit report information. Now, the FTC ordered the two companies to put comprehensive security measures in place to minimize security risks during the use of their mobile apps. On top of that, Fandango and Credit Karma agreed to undergo security assessments every other year for the next 20 years. After the settlement, Edith Ramirez, FTC Chairwoman, said: “Our cases against Fandango and Credit Karma should remind app developers of the need to make data security central to how they design their apps.” —
Fandango and Credit Karma both could have avoided the charges by the FTC if they had enabled SSL certificate validation. SSL, short for Secure Sockets Layer, is an industry standard that ensures that no attacker can intercept the transmission of sensitive data and secures the communications of an app. Applications that use the SSL protocol verify certificates presented by online services to guarantee a safe and encrypted transmission. If the SSL certificate validation enabled, as in the case of Fandango and Credit Karma, the mobile app becomes vulnerable to man-in-the-middle attacks. While the FTC demonstrated an existing vulnerability, no consumer information was compromised by Fandango’s nor Credit Karma’s failure to put security measures in place, which could explain why the FTC agreed to a settlement without monetary penalties. In an article regarding the recent development of FTC case against Fandango and Credit Karma, Sarah Coffey of Ifrah Law, a Washington-based law firm founded by attorney Jeff Ifrah, points out the importance for companies to take necessary security steps before launching a new mobile app.
Jeff Ifrah and his team of attorneys are experienced in advising companies that are approached by the Federal Trade Commission or other state agencies. Jeff helps his clients to put appropriate policies and procedures in place and develops a sound legal strategy in case a company gets involved in potential security or data breach accusations. With the growing representation of companies on the Internet, collecting, using and protecting consumer information plays an increasingly important role. As a result, consumer advocacy groups and government regulators are keeping a watchful eye on companies to ensure they adhere to all rules and regulations. Jeff helps clients from various industries as well as website operators to draft their privacy policies to avoid legal issues with regards to data protection.
Attorney and Ifrah Law’s founder, Jeff Ifrah, specializes in the defense of federal investigations and litigation. Clients come from many regulated industries and involve primarily e-commerce, e-business, and government contracts. He started his career as a trial lawyer and officer in the U.S. Army’s Judge Advocate General’s Corps, followed by an appointment as trial counsel to the U.S. Army Communications-Electronics Command at Fort Monmouth. Jeff then gained experience as a special assistant U.S. Attorney in New Jersey. Jeff’s legal excellence is widely recognized - Chambers USA has recognized him for three years in a row as one of the leading lawyers in the United States for litigation in the fields of White Collar Crime and Government Investigations.
Jeff Ifrah Law - Hands-on Counsel, Gloves-off Litigation: http://www.jeffifrahlaw.com
Jeff Ifrah - YouTube: https://www.youtube.com/user/jeffifrah
Jeff Ifrah - Facebook: https://www.facebook.com/jeff.ifrah
Release ID: 201274