Credit Karma Has Its BBB Rating Fall Due to FTC Settlement

Credit Karma BBB rating falls on FTC agreement
The Credit Karma settlement with the FTC seems to have hurt its Better Business Bureau (BBB) rating. While many of its competitors have a rating of “A” or “A+” with the BBB, Credit Karma only has a “B” rating. This is due primarily to the fact that the company had to settle charges with the Federal Trade Commission (FTC) over security issues with its mobile app.

Although Credit Karma has a number of factors which help to raise its BBB score (length in business, complaint volume for business size, response to complaints, resolution of complaints and sufficient background of the business), the BBB website states the main factor which decreased the BBB score was government actions taken against the business.

The FTC charged that Credit Karma claimed to follow “industry-leading security precautions,” including SSL certificate validation with its mobile app, but in reality failed to secure customer’s information. This left customer’s financial information on the credit-monitoring app vulnerable to hackers, which could access the sensitive information with man-in-the-middle attacks. Although they could have easily prevented this vulnerability and were warned about it, they failed to remedy the vulnerability in their iOS app. They then released their Android app with the same vulnerability a month later.

This security flaw could have been quite damaging if an identity thief had taken advantage of it. Those using the app had vital financial information exposed including their names, birth dates, home addresses, phone numbers, credit scores, social security numbers and passwords. Anyone who had access to this information could have easily stolen the person’s identity.

As part of the settlement, Credit Karma is required to create and establish a comprehensive security program to address security risks when they develop applications for their customers. In addition, they must undergo an independent security assessment every two years, over the next 20 years, to verify their security program is properly working. Another component of the agreement is that when they do advertise their products, they are prohibited from misrepresenting the level of privacy their products and services have to the public.

It’s never good when a company falls below an A rating with the BBB. Over time, they should be able to raise their rating back to the level it was before the incident if they comply with the FTC agreement. What’s somewhat curious about the BBB rating fall for Credit Karma is that Fandango, which was also hit with the same FTC charges at the same time as them, didn’t see their BBB score decline. Fandango currently has an “A” BBB rating.

(Photo courtesy of Credit Karma)

This entry was posted in Personal Finance and tagged , , , , , , , , . Bookmark the permalink.

6 Responses to Credit Karma Has Its BBB Rating Fall Due to FTC Settlement

  1. Jim says:

    It seems to me if Fandago’s BBB rating remained at an A, then there must be more going on with Credit karma for it’s rating to decrease to a B.

  2. David says:

    Seems like Credit Karma has some bad karma. A bit sleazy for doing false advertising and not protecting consumers data – ironic for a company claiming to do identity protection.

  3. Merica! says:

    I’ve stopped recommending the service to clients. I can’t believe that a company that requires that much personal data didn’t have something in place. “B” is a long way to fall. There must be more to the story than meets the eye?

  4. Robert says:

    I don’t think they do ID protection. I think they give free credit scores and do credit monitoring. Still, no excuse for them to not secure their apps. I would make me question how well they protect all the information you give them.

  5. S3Jensen says:

    Their app has more issues than just a lack of SSL certificate pinning. You can read more about the issues at the link below:

  6. Argon Branch says:

    CreditKarma also doesn’t tell the truth about credit scores. They would like you to believe that the credit scores they give you are FICO scores, but they’re not. They’re some other credit score. Most people think that they’re getting their FICO score, when, in truth, the score CreditKarma gives you can vary greatly from one’s FICO score, and lead to credit decisions made with misleading data. For example, my FICO score differed by over 50 points from CreditKarma’s score. When dealing with credit issues, a company must have credibility. CreditKarma has lost a lot of it. It’s going to hurt them in the long run.

Leave a Reply

Your email address will not be published. Required fields are marked *