Magazine article American Banker

CFPB Takes First Action on Data Security, Hits Dwolla

Magazine article American Banker

CFPB Takes First Action on Data Security, Hits Dwolla

Article excerpt

Byline: Kate Berry

LAS VEGAS -- The Consumer Financial Protection Bureau on Wednesday ordered online payment processor Dwolla Inc. to pay a $100,000 fine for deceiving customers about its security practices -- the first action it has taken related to data security.

The agency said that the Des Moines-based company misrepresented its data security practices from December 2010 to 2014 by failing to encrypt some personal consumer information. On its web site, the company had stated that its security practices ensured personal data was "safe" and "secure," when Dwolla released applications to the public before testing whether they were secure, the agency said.

"Consumers entrust digital payment companies with significant amounts of sensitive personal information," CFPB Director Richard Cordray said in a press release. "With data breaches becoming commonplace and more consumers using these online payment systems, the risk to consumers is growing. It is crucial that companies put systems in place to protect this information and accurately inform consumers about their data security practices."

Though data security breaches typically fall under the jurisdiction of the Federal Trade Commission, the CFPB is authorized to take actions against institutions that engage in unfair, deceptive or abusive actions or practices, known as UDAAP. Both agencies share oversight of certain areas, including debt collection, payday lending and auto financing. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.