Vendors
日本語
search
  2. //
  3. Reports & insights
  4. //
  5. A Major Blip in Blippy's Security

A Major Blip in Blippy's Security

Create a vendor selection project
Click to express your interest in this report
Indication of coverage against your requirements
A subscription is required to activate this feature. Contact us for more info.
Celent have reviewed this profile and believe it to be accurate.
We are waiting for the vendor to publish their solution profile. Contact us or request the RFX.
Projects allow you to export Registered Vendor details and survey responses for analysis outside of Marsh CND. Please refer to the Marsh CND User Guide for detailed instructions.
Download Registered Vendor Survey responses as PDF
Contact vendor directly with specific questions (ie. pricing, capacity, etc)
23 April 2010
Jacob Jegher
If only it were just a blip. Mashable just reported that a simple Google search reveals Blippy users' credit card numbers. As much as I love the social web, I could never wrap my head around the concept of folks providing their credit card number in order to share info on what they are purchasing. While this may be fun and "cool," it is a great example of what not to do. This is obviously a major error on Blippy's part, but I also blame users who so easily give up confidential info. If this type of practice continues, card companies are going to stop reimbursing customers. It's one thing if a merchant or a processor is a victim of fraud. It's another issue if a startup does something inexcusable, even if it is unintentional. Interestingly, just yesterday Techcrunch announced a new round of funding for Blippy, bringing their valuation to a whopping $46.2 million. [caption id="attachment_1387" align="alignnone" width="640" caption="Image courtesy of Mashable"]blippy-fail-21[/caption] Update 2:06pm EDT. Blippy issues a reply. Celent believes that this issue is far more serious than Blippy is making it out to be. Pointing fingers at Google's cache and claiming that consumers are protected is not the right approach. I am sure Blippy will improve their security efforts, but this is nonetheless an incorrect approach to take with the public.

Comments

  • Jacob, this blip actually begs the question of who is responsible for this non-PCI compliance? The data exposed seems to be the transaction memo. So who is responsible? Blippy or their back end provider (Yodlee) or the bank/bank processor?

  • Thanks for your comments Guillaume. Agreed, fault could lie elsewhere. However the public goes to Blippy.com and that is all they care about.

  • [...] off - is it secure to provide my banking credentials to this site ? I think the Rudder and Blippy mishaps have taught us enough about this. This startup doesn’t have the bank-level security that [...]