Dive Brief:
- Cloud and mobile security vendor Wandera said it discovered 16 companies that failed to encrypt payment card information in transit in their mobile apps, CIO reported.
- The companies included easyJet, Chiltern Railways, San Diego Zoo, CN Tower, Aer Lingus and others.
- Wandera said the apps were not using SSL/TLS (Secure Sockets Layer/Transport Layer Security), an encryption protocol that scrambles data as it's sent across the Internet.
Dive Insight:
Wandera said it detected the problems as it was analyzing traffic flows of customers that use its mobile security app and gateway technology. Five of the 16 companies named have now fixed the issue. All of the companies were notified of the issue by Wandera.
"With so many breaches and costly data loss incidents in the news, it's hard to believe that any business would fail to take such a basic precaution as to encrypt sensitive traffic as it's transmitted to or from a website," said Michael J. Covington, Wandera senior product manager.
In some cases the primary websites did use encryption, said Covington, but users were not protected when using mobile browsers or apps. Mobile apps often have multiple connections to backend services, and all need to be treated with the same protection, Covington said.
