CFPB Takes Action Against Dwolla for Data Security Failures
Image: Pixabay

CFPB Takes Action Against Dwolla for Data Security Failures

March 2, 2016

The Consumer Financial Production Bureau (CFPB) has taken action against Dwolla due to its engagement in deceptive trade practices.

The online payment platform has been accused of deceiving consumers about its data security practices and the safety of its online system. The CFPB has ordered Dwolla to fix its security protocol in addition to paying a $100,000 penalty.

"Consumers entrust digital payment companies with significant amounts of sensitive personal information," CFPB Director Richard Cordray said in a statement. "With data breaches becoming commonplace and more consumers using these online payment systems, the risk to consumers is growing. It is crucial that companies put systems in place to protect this information and accurately inform consumers about their data security practices."

As of May 2015, Dwolla had more than 650,000 users. To register, consumers provided sensitive information such as addresses, dates of birth, Social Security numbers, passwords, and bank account numbers. The company claimed to protect consumer data from breach with safe and secure transactions.

However, the company's data-security practices did not match its claims. The CFPB asserts that the company falsely claimed that its practices exceeded industry security standards and that its information was securely encrypted and stored. Neither of these statements were true.

As part of the enforcement action, Dwolla must stop misrepresenting its data security practices, train employees properly, and fix security flaws. The $100,000 penalty will be paid to the CFPB's Civil Penalty Fund.