We have talked about how it is important for attorneys to be able to accept online payments from your clients. Your clients can make online payments everywhere else, and they expect to be able to pay you that way as well. Now that we are well into the PayPal era, they may wish to pay through a third-party service instead of via credit card. However, not all online payment processors are created equal, and you definitely want to ensure that the data security protocols of your provider are up to snuff. Otherwise you might end up accidentally using something like Dwolla, which positioned itself as a PayPal rival.
Online payment processing startup Dwolla has been hit with a $100,000 penalty by the Consumer Financial Protection Bureau (CFPB). The CFPB, a government agency, said in a consent order that Dwolla misrepresented the safety of its data-security practices.
Worse still for Dwolla, they have the dubious honor of being the first company fined for the CFPB for data security issues. The consent order is pretty damning, noting that Dwolla failed to perform appropriate threat assessments and didn’t really train its employees on data security. Perhaps worst of all, Dwolla stored and transmitted sensitive data, such as bank account information and Social Security numbers, in unencrypted formats.
Dwolla says it has since updated and refined its security protocols, but the entire incident is a good reminder to always be vigilant about the data security protections of the service you choose to use.
Featured image: “man in black holding credit card and lock using computer laptop for criminal activity hacking bank account password and private information cracking password for illegal access in cyber crime concept” from Shutterstock.