Updates to Privacy and Security in Digital Payments
Posted by Gracie Nelson on January 14, 2025

As previously reported, the Consumer Financial Protection Bureau (CFPB) has been actively rolling out new initiatives and on January 10th, the agency introduced a new proposal focused on strengthening consumer privacy protections for digital payment platforms. While the future direction of recent efforts under the next Director remains uncertain, here’s a breakdown of the key updates regarding digital protections:
Proposed Interpretive Rule for Regulation E
The CFPB issued a proposed interpretive rule (which does not change the rule, but establishes how the rule will be interpreted going forward) clarifying how the Electronic Fund Transfer Act (EFTA) applies to emerging digital payment systems, such as apps, gaming platforms, and stablecoins. This rule focuses on key consumer protections like error resolution, liability for unauthorized transactions, dispute resolution and aims to close gaps in existing regulations to ensure fair competition across all payment systems.
The interpretive rule would make sure new digital payment systems follow the same consumer protection standards as financial institutions by further defining terms such as “funds” to include stablecoin or “account” to extend beyond a consumers direct checking and saving accounts, and cover assets established for personal, family or household purposes.
Consumers have gained protections through this interpretive rule on digital products, which will apply during member transactions involving these products. For example, issues with platforms like Zelle have shown that current protections under EFTA may not fully cover scenarios where consumers are tricked into authorizing payments. In such cases, while the consumer knowingly initiates the payment, they may be doing so based on false information from scammers. Because the payment was authorized by the consumer, it often falls outside the protections offered for unauthorized transactions under EFTA. The interpretive rule seeks to address gaps like this by ensuring consistent protections across all digital payment systems, benefiting both consumers and financial institutions.
Our compliance team will be issuing a compliance bulletin on this rule soon.
Deadline: Comments on the proposed rule are due by March 31, 2025.
Request for Information (RFI): Privacy and Digital Payments
The CFPB is seeking public input to strengthen privacy protections and prevent invasive surveillance practices in digital payments. The Request for Information (RFI) addresses the following areas:
- Data Collection Practices: What ways companies that offer or provide consumer financial products or services collect, use, and share consumer data, including those companies subject to the Gramm-Leach-Bliley Act (GLBA) and Regulation P.
- Modernizing Privacy Laws: Reviewing whether current laws like the GLBA and Regulation P are still adequate in today’s data-driven landscape, with concerns around personalized pricing and consumer understanding of data-sharing.
- Public Feedback: Soliciting general feedback on opportunities to enhance privacy protections, improve disclosures, and update opt-out options.
Deadline: Comments must be submitted by April 11, 2025.
What’s Next
We recommend taking the time to review the details of the proposed interpretive rule and the RFI, and consider submitting comments to ensure your voice is heard in the evolution of regulations regarding digital payments. This interpretive rule aims to level the playing field by further defining existing language to require digital payment platforms meet the same privacy standards as traditional financial institutions. By providing input, you can help enhance consumer data protection and strengthen the overall security of digital payment systems, creating a safer and more reliable financial environment for both you and your members in today’s digital payments landscape.
Again, while these initiatives are set in motion, it is important to note that the incoming Trump administration could bring leadership changes to the CFPB, potentially shifting the direction of these efforts. We anticipate significant regulatory changes in 2025.
We will continue to monitor these developments and keep you informed of any changes, if you have any questions please reach out to Gracie Nelson at [email protected].
Posted in Advocacy on the Move, Regulatory Advocacy.