Web Survey Firm Stole Credit Card Data: FTC

Dennis Faas's picture

The Federal Trade Commission (FTC) says an Internet firm claiming it collected only shopper opinions about the products they bought was actually collecting personal data. The firm, Compete, is negotiating a court-approved settlement of the charges.

So far, the punishment the company will face has not been publicly revealed.

Compete used online ads to recruit customers into its "Consumer Input Panel", telling them they can give their opinions and win prizes. To participate, however, consumers needed to install special tracking software on their computers to monitor what websites they visited.

Compete also encouraged web users to install a special toolbar in their browser. Compete promoted the browser add-on by saying it would provide users with extra information about the websites they visited.

In reality, the software was doing more than just tracking sites that users visited. It was also collecting the information consumers typed into websites, including their user names and passwords.

Compete also reportedly collected consumers' search terms.

Credit Card Details Captured

Most seriously, Compete's software collected the information people typed when making online purchases, including credit card numbers, expiration dates, and security codes. (Source: redorbit.com)

Not only did Compete fail to reveal how much data it was gathering, but it lied about the way it used this data, the FTC says.

Compete reportedly told users it removed all personally identifiable information from the data and also took reasonable security measures to protect the data. (Source: ftc.gov)

In fact, Compete was collecting data from customers' computers and transmitting it to Compete's own servers, without encryption. This meant any hacker who intercepted the data stream would have full and immediate access to consumers' credit card details.

Although the FTC accused Compete of sloppy and misleading security practices, it has not suggested the company misused any of the credit card details it gathered.

Web Firm Faces Ongoing Supervision

Under a proposed settlement, Compete must now explain to consumers what data it collected and get express permission from users before collecting any data in the future.

The FTC is asking that Compete not mislead customers about its data collection practices and agree to undergo an independent security audit every two years until 2032.

In the future, Compete could be fined $16,000 for breaching any one of the agreed-upon rules.

Rate this article: 
No votes yet