Editor’s Note: Cross-posted from Regulatory Cyber Security/FISMA Focus
From: The National Law Journal
C. Ryan Barber, The National Law Journal
The Consumer Financial Protection Bureau has fired a shot across the bow of the burgeoning online-payment industry, taking an enforcement action this week that marked the agency’s first foray into regulating cybersecurity.
Dwolla Inc., a Des Moines-based digital payment startup, agreed to pay a $100,000 penalty and improve its data security practices as part of a consent order that the bureau issued Wednesday. Without alleging that the company was breached, the bureau accused Dwolla of overstating the measures it took to protect consumers’ personal information between December 2010 and 2014.