The Consumer Financial Protection Bureau Embraces Privacy-By-Design Principles for Payment Systems

By Daniel L. Farris

Embracing Privacy-By-Design concepts, the Consumer Financial Protection Bureau (CFPB) released new Guiding Principles for Faster Payment Networks last week.  The goal of the CFPB’s Guiding Principles is to ensure that “new payment systems are secure, transparent, accessible, and affordable to consumers.”  Adopting traditionally more European concepts, the Consumer Protection Principles incorporate “minimum necessary,” control, transfer-restriction, and transparency concepts for U.S. electronic payment systems.

“It is a lot easier to build something right from the start than it is to retrofit it,” said CFPB Director Richard Cordray.  “The CFPB will continue our work to help ensure that financial services marketplaces are safe and transparent for consumers.”

Notably, the CFPB determined that, “[A]ll existing payment systems – including those that involve the exchange of cash – expose consumers to some risk of loss or security, including in some cases, risks of unauthorized or fraudulent debits.” To combat these risks, privacy and data security should be embedded in new system development.  In particular, the CFPB advises financial institutions to focus on nine primary factors when developing new payment systems:

  1. Consumer control over payments
  2. Data and privacy
  3. Fraud and error resolution protections
  4. Transparency
  5. Cost
  6. Access
  7. Funds availability
  8. Security and payment credential value
  9. Strong accountability mechanisms that effectively curtail system misuse

If you or your organization have questions or concerns about the CFPB’s Guiding Principles for Faster Payment Networks, or the creation and/or implementation of a cybersecurity plan, contact the author or a Polsinelli Privacy and Data Security team member.