he CFPB initiated its first data security enforcement action last week, ordering online payment platform Dwolla, based in Des Moines, IA, to pay a $100,000 penalty for allegedly deceiving consumers about its data security practices, to stop misrepresenting those practices and to fix them. According to the bureau, from December 2010 until 2014, Dwolla claimed to protect consumer data from unauthorized access with safe and secure transactions. The company also claimed that it encrypted all sensitive personal information and that its mobile applications were safe and secure. As a result of its investigation, the CFPB said that, among other issues, Dwolla misrepresented its data-security practices by falsely claiming they exceed or surpass industry security standards. “Contrary to its claims, Dwolla ...