Dwolla Fined $100,000 for its Data-Security Practices

Dwolla, an online payment processing startup, receive a $100,000 fine from the Consumer Financial Protection Bureau (CFPB).

CFPB claims that Dwolla misrepresented its data-security practices, misleading customers.

The app that was launched back in December 2010, aimed as a competitor for PayPal and other online payment networks, has a system that does not require any money transfer or bank fees between users. According to CrunchBase, the startup raised $32.45 million in equity funding from investors including Andreessen Horowitz, CME Group and Union Square Ventures.

In the claim, CFPB says that the app “did not adopt or implement reasonable and appropriate data-security policies and procedures governing the collection, maintenance, or storage of consumers’ personal information” from its launch to at least September 2012.

In a lengthy blog entry titled “We are never done” and posted after the CFPB levied its fine, Dwolla did not directly reference the bureau, but defended its data-security practices before detailing some of its data protection and encryption measures:

“Since its launch over five years ago, Dwolla has not detected any evidence or indicators of a data breach, nor has Dwolla received notification or complaint of such an event,” it said. “We’ve continuously matured our data security practices since that snapshot in time and have never been more proud of our information security, procedures, and technologies.”