Andrew L. Sandler and Margo Tank Quoted in PaymentsCompliance Article, "Dwolla Fined As Tough Regulator Takes First Data Security Action"
March 3, 2016
Andrew L. Sandler and Margo Tank were quoted in Mark Taylor's PaymentsCompliance article, "Dwolla Fined As Tough Regulator Takes First Data Security Action," on March 3, 2016.
Online payment platform Dwolla is to pay a $100,000 fine for “deceiving” consumers over data handling as an aggressive U.S. regulator makes its first move on security practice issues.
The Consumer Financial Protection Bureau (CFPB) yesterday announced an order had been made against the U.S. payment platform for “misrepresenting” its safety claims.
Dwolla told PaymentsCompliance the issue dated from a snapshot between 2011 and 2012, and it had “not detected any evidence or indicators of a data breach”, nor received a notification or complaint of such an event.
Despite no evidence of consumer harm, the CFPB said Dwolla’s claims of exceeding the expected security standards were unfounded and this was enough to land a penalty.
It accused the platform of not encrypting some sensitive consumer personal information, and releasing applications to the public before testing whether they were secure.
CFPB director Richard Cordray said: “Consumers entrust digital payment companies with significant amounts of sensitive personal information.
“With data breaches becoming commonplace and more consumers using these online payment systems, the risk to consumers is growing.
“It is crucial that companies put systems in place to protect this information and accurately inform consumers about their data security practices.”
Legal experts told PaymentsCompliance the regulator is constantly evolving its case approach against payment industry players as its mission to redress consumer harm had drawn considerable success.
It is the CFPB’s first data security action, and builds off advances made by several other agencies.
“The CFPB’s action against Dwolla is significant in that it marks the Bureau’s first foray into an area that up until now was the domain of the Federal Trade Commission and sets up the enforcement stage in this area for the Bureau in 2016," said Andrew L. Sandler, chairman of BuckleySandler law firm.
Originally published PaymentsCompliance; reprinted with permission.