The Consumer Financial Protection Bureau (CFPB) has issued an order against ACI Worldwide Corp. and ACI Payments Inc., collectively known as ACI, a prominent payment processor based in Elkhorn, Nebraska. The order comes as a result of ACI’s employees improperly accessing and utilizing sensitive consumer financial information without employing adequate safety controls for internal testing purposes.
The Bureau’s investigation revealed that ACI’s internal tests involved creating fictitious payment processing files, which were treated as genuine consumer bill payment orders within ACI’s consumer bill payment platform. Unfortunately, due to vulnerabilities in their information security practices, these fraudulent bill payment orders were sent to consumers’ banks for processing, resulting in debits amounting to approximately $2.3 billion from nearly 500,000 borrower bank accounts. Shockingly, these actions occurred without the knowledge or authorization of the affected account holders.
After careful examination, the Consumer Financial Protection Bureau has concluded that ACI’s actions have breached both the Electronic Fund Transfer Act and its implementing rule, Regulation E. Additionally, these actions contravened the prohibition of unfair acts and practices stated in the Consumer Financial Protection Act of 2010. As a consequence, the Bureau has ordered ACI to cease these unlawful activities and to implement and enforce reasonable information security practices to prevent future breaches.
To ensure accountability, ACI has also been directed to pay a civil money penalty of $25 million. The purpose of imposing this penalty is to discourage any future instances of similar misconduct and emphasize the seriousness of the violation.
Also Check: Basic Income – How to Get $6,000 in Cash for a Year
Mishandling sensitive financial information belonging to consumers is a matter of great concern because it directly affects the trust and confidence that individuals have in financial institutions and payment processors. The consequences of such actions can have wide-ranging effects, leading to significant financial and emotional hardships for unsuspecting customers.
By intervening in this case, the Consumer Financial Protection Bureau showcases its dedication to protecting the financial well-being of consumers. By taking decisive action against ACI, the Bureau aims to hold the company accountable for its failure to protect consumer data and to encourage the adoption of robust information security practices across the financial industry.
ACI Worldwide Corp. and ACI Payments Inc. must now diligently work towards rectifying their security shortcomings and strengthening their internal protocols to prevent unauthorized access to sensitive financial information. It is their responsibility to take the necessary steps to restore public trust and provide reassurance to consumers that their personal data will be treated with the highest level of care and security in the future.
It is crucial for individuals to stay alert and diligently monitor their bank accounts on a regular basis to detect any unauthorized transactions or suspicious activities. In case of any concerns, customers should promptly contact their banks and report any irregularities to ensure swift action can be taken.
As this incident highlights the potential risks associated with the mishandling of sensitive consumer data, regulators, financial institutions, and payment processors must collaborate to establish robust safeguards and stringent security measures. Only by prioritizing the protection of consumer information can the financial industry truly deliver on its promise of reliability and trustworthiness.
Also Read: 13 Strategies to Pay Off Your Debt Faster if You’re Close to Retirement
In conclusion, ACI Worldwide Corp. and ACI Payments Inc. have been ordered by the Consumer Financial Protection Bureau to cease improper activities, pay a $25 million civil money penalty, and implement stronger information security practices. The breach resulted in unauthorized mortgage payments totaling $2.3 billion, highlighting the need for increased vigilance and stringent data protection measures across the financial industry.