WASHINGTON (Legal Newsline) – The Consumer Financial Protection Bureau (CFPB) has ordered online payment platform Dwolla Inc. to pay $100,000 and fix its security practices after allegations of deception.
“Consumers entrust digital payment companies with significant amounts of sensitive personal information,” CFPB Director Richard Cordray said. “With data breaches becoming commonplace and more consumers using these online payment systems, the risk to consumers is growing. It is crucial that companies put systems in place to protect this information and accurately inform consumers about their data security practices.”
Dwolla operates an online payment system and has allegedly collected sensitive personal data from its consumers since 2009. Personal information allegedly collected includes names, addresses, dates of birth, telephone numbers, Social Security numbers, bank account and routing numbers, a password and a unique four-digit PIN.
From December 2010 until 2014, Dwolla claimed to use safe and secure transactions. The company claimed its security practices exceeded industry standards and were compliant to the Payment Card Industry Data Security Standard. The CFPB alleges, however, that Dwolla fell short of these promises.