Based on the CFPB, through the duration from January 2011 to March 2014, Dwolla made different representations to customers concerning the security and safety of deals on its platform. Dwolla reported that its data security techniques "exceed industry standards" and set "a precedent that is new the industry for security and safety. " The business advertised it encrypted take a look at the site here all given information gotten from customers, complied with requirements promulgated by the Payment Card business protection guidelines Council (PCI-DSS), and maintained customer information "in a bank-level hosting and protection environment. "
Notwithstanding these representations, the CFPB alleged that Dwolla hadn't used and implemented appropriate written information protection policies and procedures, didn't encrypt sensitive and painful customer information in most circumstances, and had not been PCI-DSS compliant.
Notwithstanding these representations, the CFPB alleged that Dwolla hadn't used and implemented appropriate written information safety policies and procedures, didn't encrypt painful and sensitive customer information in most circumstances, and had not been PCI-DSS compliant. The CFPB did not allege that Dwolla violated any particular data security-related laws, such as Title V of the Gramm-Leach-Bliley Act, and did not identify any consumer harm that resulted from Dwolla's data security practices despite these findings. Instead, the CFPB claimed that by misrepresenting the degree of safety it maintained, Dwolla had involved with misleading functions and methods in breach associated with customer Financial Protection Act.
Long lasting truth of Dwolla's safety techniques at that time, Dwolla's error was at touting its solution in overly aggressive terms that attracted attention that is regulatory.