CFPB fines Dwolla for misrepresenting data security practices

CFPB fines Dwolla for misrepresenting data security practices

Digital payments outfit Dwolla has been slapped with a $100,000 fine by a US watchdog for "deceiving" consumers about its data security practices.

Dwolla stores personal information - including names, addresses, dates of birth, telephone numbers, Social Security numbers, bank account and routing numbers, passwords, and unique 4-digit PINs - for some 650,000 customers.

According to the Consumer Financial Protection Bureau (CFPB), from December 2010 until 2014 the firm boasted on its website that its data security practices exceeded industry standards and were PCI DSS compliant, with all sensitive information encrypted.

But Dwolla's actual practices "fell far short of its claims," says the CFPB and "such deception about security and security practices is illegal".

In addition to the fine, the CFPB has ordered Dwolla - which neither admitted nor denied the charges - to stop misrepresenting its security practices, train employees properly and fix weaknesses in its web and mobile applications.

In a blog alluding to but not directly mentioning the CFPB ruling, Dwolla stresses that it has never found evidence that it has suffered a data breach, adding that it has "continuously matured our data security practices" and has "never been more proud of our information security policies, procedures, and technologies".

Comments: (2)

Russell Bell
Russell Bell - Fastbase Ltd - Wellington 04 March, 2016, 04:121 like 1 like

100K? Slapped with a wet bus ticket.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 04 March, 2016, 19:28Be the first to give this comment the thumbs up 0 likes

LOL. Bus ticket will get wetter if Dwolla wrangles a deal to bypass ACH / FED rails and pay the fine via Dwolla rails! On a side note, these fintechs can't even disrupt banks by attracting $B fines!!