CFPB Targets Online Payment Platform in First Enforcement Action on Cybersecurity

The Consumer Financial Protection Bureau broke new ground with its recent Consent Order against Dwolla Inc., an online payment platform, for deceiving consumers about its information security practices. The Consent Order alleges that Dwolla made public statements regarding the efficacy of its data security system and failed to fulfill those promises. The enforcement action is especially striking because the CFPB imposed a $100,000 civil monetary penalty on Dwolla despite the lack of any evidence that the payment processor experienced a data breach or any kind of cybersecurity incident, and also because the CFPB imposed significant — and expensive — new compliance obligations beyond what other federal regulators have demanded in similar situations. In this article, partners Donald J. Mosher, former SRZ attorney Michael L. Yaeger, associates Melissa G.R. Goldstein and former SRZ attorneys Lisa A. Prager and Kimberly G. Monty discuss the implications of the CFPB’s Consent Order.

Click here to read the article on the Payments Journal website.