-
Overlapping missions and jurisdictions are fueling competition between the Consumer Financial Protection Bureau and the Federal Trade Commission, according to former officials at both agencies.
January 15 -
As it launches instant payments using Dwolla, BBVA Compass joins a growing list of banks that are seeking "internal disruption" by giving innovative tech companies access to their inner workings.
April 8 -
The bank's partnership with a hot payments startup comes as regulators nudge the industry to speed transactions and as some who initially resisted such calls start to embrace quicker settlement.
October 30
LAS VEGAS — The Consumer Financial Protection Bureau on Wednesday ordered the online payment processor Dwolla Inc. to pay a $100,000 fine for deceiving customers about its security practices — the first action it has taken related to data security.
The agency said that the Des Moines company misrepresented its data security practices from December 2010 to 2014 by failing to encrypt some personal consumer information. On its website, the company had stated that its security practices ensured personal data was "safe" and "secure," when Dwolla released applications to the public before testing whether they were secure, the agency said.
"Consumers entrust digital payment companies with significant amounts of sensitive personal information," CFPB Director Richard Cordray said in a press release. "With data breaches becoming commonplace and more consumers using these online payment systems, the risk to consumers is growing. It is crucial that companies put systems in place to protect this information and accurately inform consumers about their data security practices."
Though data security breaches typically fall under the jurisdiction of the Federal Trade Commission, the CFPB is authorized to take actions against institutions that engage in unfair, deceptive or abusive actions or practices, known as UDAAP. Both agencies
"The investigation covers a snapshot in time that ended almost two years ago, and the claim focuses on practices that trace to 2011 and 2012," the company said
The CFPB's action may come as a surprise since Dwolla is a member of the
Though the Dodd-Frank Act granted the CFPB enforcement authority under UDAAP, industry lawyers suggested the action was another sign of overreach.
"It ups the ante and escalates the concern that companies have in this area of data security and data breaches," said Alan Kaplinsky, who leads the consumer financial services group at Ballard Spahr. "My belief until this action was that the CFPB was going to let the FTC handle this area."