Cardcrypt – failure to encrypt transaction data

CardcryptCloud and mobile security service Wandera detected the problems as it was analyzing traffic flows of customers using the Secure Mobile Gateway technology.

Five of the 16 companies named have now fixed the issue. The companies include easyJet, Aer Lingus, Chiltern Railways, Dash Card Services, KV Cars, PerfectCard ie,, Oui Car, San Diego Zoo, Air Canada, CN Tower, American Taxi, Hotwire Communications, Tribeca Med Spa, AirAsia, and Sistic.

The vulnerability called “CardCrypt”, leaves mobile users exposed due to the failure of the companies to fully encrypt traffic between the customer to the payment portion of their mobile or tablet website or app. That means any customer that paid using a mobile device or app to these companies potentially may have exposed credit card information.

The Secure Mobile Gateway uses a proprietary compression engine to optimize all content across video, images and text, significantly reducing data usage without impacting users.  You can configure preferences based on content types, destinations, specific groups and where in the world the user has travelled, to control roaming charges.

Free Trial

Learn more about how to control the rising mobility costs and receive a full ROI audit report based on your actual usage.