PayPal has reached a settlement with the Federal Trade Commission (FTC) over failure to disclose information to costumers on security and privacy issues.
The commission claims that PayPal’s social payments platform Venmo misled users on the speed of the transfer of funds and on the availability of those funds once a transfer was initiated. FTC said company told Venmo users that money credited to their balances could be transferred to external bank accounts without adequately disclosing that the transactions were still subject to review and that funds could be frozen or removed.
It also alleges that it misled consumers about the extent to which they could control the privacy of their transactions. Venmo also ‘misrepresented the extent to which consumers’ financial accounts were protected by bank grade security systems. The Commission claims that Venmo violated the Gramm-Leach-Bliley Act’s Safeguards Rule, which requires financial institutions to implement safeguards to protect the security, confidentiality, and integrity of customer information, and Privacy Rule, which requires financial institutions to deliver privacy notices to customers.
“Consumers suffered real harm when Venmo did not live up to the promises it made to users about the availability of their money,” said Acting FTC Chairman Maureen K. Ohlhausen. “The payment service also misled consumers about how to keep their transaction information private. This case sends a strong message that financial institutions like Venmo need to focus on privacy and security from day one.”
As part of the proposed settlement, Venmo is prohibited from misrepresenting any material restrictions on the use of its service, the extent of control provided by any privacy settings, and the extent to which Venmo implements or adheres to a particular level of security.
Venmo is also required to make certain disclosures to consumers about its transaction and privacy practices, and is prohibited from violating the Privacy Rule and the Safeguards Rule. Consistent with several past cases involving violations of Gramm-Leach-Bliley Act Rules, it is required to obtain biennial third-party assessments of its compliance with these rules for 10 years.
Copyright © 2018 RegTech Analyst
Copyright © 2018 RegTech Analyst