Online payment processing startup Dwolla has been hit with a $100,000 penalty by the Consumer Financial Protection Bureau (CFPB). The CFPB, a government agency, said in a consent order that Dwolla misrepresented the safety of its data-security practices.
Dwolla launched in December 2010 and is a competitor to PayPal and other online payment networks. Its technology allows users to send money to one another without paying money transfer or bank fees. According to CrunchBase, the startup has raised $32.45 million in equity funding from investors including Andreessen Horowitz, CME Group, and Union Square Ventures.
The CFPB claims that Dwolla “did not adopt or implement reasonable and appropriate data-security policies and procedures governing the collection, maintenance, or storage of consumers’ personal information” from its launch to at least September 2012.
In a lengthy blog entry titled “We are never done” and posted after the CFPB levied its fine, Dwolla did not directly reference the bureau, but defended its data-security practices before detailing some of its data protection and encryption measures:
“Since its launch over five years ago, Dwolla has not detected any evidence or indicators of a data breach, nor has Dwolla received notification or complaint of such an event,” it said. “We’ve continuously matured our data security practices since that snapshot in time and have never been more proud of our information security, procedures, and technologies.”
This is the first time that the CFPB, which was created by the Dodd-Frank Wall Street Reform and Consumer Protection Act in 2010, has fined a company for data-security reasons. TechCrunch has contacted Dwolla to see if it has additional comment beyond its blog entry.
Featured Image: Rrraum/Shutterstock