What Does The First CFPB Order On Data Security Compliance Signal?
Payments and fintech firms must consider very carefully how they furnish privacy policies and build in early compliance protections, legal experts have warned, following a ground-breaking consent order issued by a forceful U.S. regulator. PaymentsCompliance explores the issue.
The Consumer Financial Protection Bureau (CFPB) entered the field of cybersecurity enforcement for the first time recently when it issued a consent order against online payment processor Dwolla.
The U.S. company was accused of misrepresenting safety claims, telling consumers it was PCI-DSS compliant, and had features exceeding the expected industry standards.
Despite the comparatively small $100,000 fine, legal experts have stressed the importance of understanding why the CFPB has, some believe, trod on the toes of the Federal Trade Commission (FTC) in pursuing this case.
For the full article, which is available with a subscription to PaymentsCompliance, click here.