Fandango Inc. and Credit Karma Inc. are agreeing to settle Federal trade commission charges that the companies’ mobile apps left consumers’ sensitive personal information, including credit card information and Social Security numbers, vulnerable to interception by third parties.
The lawsuits allege that the companies disabled a process called SSL certificate verification that would have protected consumers’ information.
The settlements, first announced in March 2014, require Fandango and Credit Karma to establish security programs designed to address security risks during the development of their applications and to undergo independent security assessments every other year for the next 20 years.
The settlements also prohibit Fandango and Credit Karma from misrepresenting the level of privacy or security of their products and services.
The orders will be final following a public comment period.