Daily Dash: Klarna Hit By $700,000 Fine In Sweden For GDPR Breach

March 14, 2024
Back
A Swedish regulator has upheld an enforcement action against Klarna for data protection failures, and Ukraine’s IT Army has taken down the Moscow Metro payment system in a large-scale cyberattack.

Klarna Hit By $730,000 Fine In Sweden For GDPR Breach

Sweden's fintech giant Klarna has been fined SEK7.5m ($733,324) after the Swedish Court of Appeal ruled that it had failed to comply with the General Data Protection Regulation (GDPR).

The buy now, pay later (BNPL) firm had failed to give customers sufficient information about how it would store their personal data, according to the court, which pointed out that this information was difficult to access.

In a statement shared with Vixio, Klarna's press office said that the decision concerns an old version of Klarna’s privacy notice that was used for three months between March 17, 2020 and June 26, 2020. 

"It concerns how Klarna presented information about its data processing in its privacy notice, not about how Klarna collects or manages data," a Klarna spokesperson said.

"The notice has since been updated multiple times. We are reviewing the court's decision and our next steps."

Ukraine's IT Army Takes Down Moscow Metro Payment System

The IT Army of Ukraine, a voluntary force of hackers and cybersecurity specialists, has taken down the Troika payment system used on the Moscow Metro, among other targets.

According to a report from the Ministry of Digital Transformation of Ukraine, the IT Army launched a large-scale attack on a range of Russian government websites.

"The cyberarmy has attacked the Troika public transport payment system,” the ministry said. “This is one of the largest fare payment systems in Russia, operating in 38 regions."

The outage of the Troika system left passengers in Moscow and Kazan unable to pay for tickets, top up their travel cards or pay for parking, the ministry added.

EU Parliament Gives Backing To New Sanctions Violations Rules

Members of the European Parliament (MEPs) have approved new rules to harmonise the enforcement of EU sanctions across member states.

The new rules set consistent definitions for violations, such as not freezing funds, not respecting travel bans or arms embargoes, transferring funds to persons subject to sanctions, or doing business with state-owned entities of countries under sanction.

"We need this legislation because diverging national approaches have created weaknesses and loopholes, and it will allow for frozen assets to be confiscated," said Sophie in ’t Veld, a Dutch MEP.

"Parliament took an ambitious, harmonising approach to the law, and even though we could not close all the loopholes we wanted to, it is an improvement on the current situation and shows our strong support to Ukraine.”

Providing financial services or legal advisory services violating sanctions will also become a punishable offence.

The law, which still needs to be approved by the European Council, also defines the circumvention of sanctions and ensures this is a punishable offence.

Examples include concealing or transferring funds that should be frozen, hiding the true ownership of property and not reporting necessary information.

Australia's Commonwealth Bank To Enter Gen AI Partnership With Microsoft

Commonwealth Bank of Australia (CBA) has announced that it has signed a “letter of intent” with Microsoft that will lead to wider adoption of generative AI (Gen AI) solutions at the bank.

CBA intends to deploy Gen AI to improve customer service, to resolve queries faster and to offer more effective recommendations, and to develop cybersecurity tools and share cybersecurity intelligence.

Gavin Munroe, group executive for technology at CBA, said engineers from Microsoft’s Seattle HQ have already started working with CBA on experiments to improve our customer experience.

“We also see this as an opportunity to work together with leading global technology teams to ensure CBA’s safety and security is constantly upgraded and improved, to keep pace with the evolving threat landscape,” he said.

CBA is already leveraging the Gen AI–powered Copilot for Microsoft 365 to simplify internal operations, as well as GitHub Copilot, with the goal of delivering code faster and freeing up time for more creative work.

Nigeria Seeks To Drive CBDC Adoption In New Partnership With Gluwa

The Central Bank of Nigeria (CBN) has signed a memorandum of understanding (MoU) with Gluwa, a blockchain-based lending provider, in an effort to increase adoption of the eNaira.

Under the partnership, Gluwa will become an official partner agent of the CBN, and will begin rolling out eNaira-based products and services via its Credal blockchain.

Gluwa will aim to onboard millions of Nigerians by using Creda solutions to build credit scores for eNaira users.

Once onboarded, the partnership aims to simplify fintech lending by enabling loan origination using the eNaira.

Users and transactions can then be authenticated more efficiently and more transparently, with repayment activity feeding back into credit scores on Credal.

SafePal Launches USDC-Based Visa Card In Switzerland

SafePal, a crypto wallet provider, has partnered with Swiss bank Fiat24 to launch a combined debit and crypto Visa card.

Each card is associated with a Swiss bank account operated by Fiat24 and a crypto wallet operated by SafePal.

The virtual card can be linked to Paypal, Google Pay, Apple Pay and Samsung Pay and other digital wallets, and all cryptocurrencies held in the linked SafePal wallet are converted to USDC for spending.

Users can also convert their USDC into a range of fiat currencies — CHF, EUR, USD,etc. — that can be held in the Fiat24 bank account.

The card will first launch in Switzerland before expanding to the rest of Europe and other regions (excluding the US and US-sanctioned jurisdictions).

Amex Partner Hit By Data Breach In US, Filing Reveals

American Express (Amex) has revealed that a third-party provider has been hit by a data breach, which may have exposed account information of Amex cardholders.

In a letter to customers, Amex said: “We became aware that a third-party service provider engaged by numerous merchants experienced unauthorised access to its system.

“It is important to note that Amex-owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure.”

Amex has not named the hacked company or the number of customers who may be affected, but has advised cardholders to review their accounts for fraudulent charges.

Customers’ names, card numbers and card expiration dates may have been exposed, according to the filing.

NatWest To Kill Off BNPL Option

NatWest has confirmed that it is preparing to axe its buy now, pay later (BNPL) option less than two years after launching it. 

The retail banking giant has informed customers that it will begin closing BNPL accounts from May 7 onwards. 

The bank launched its BNPL product to much hype in Summer 2022, but has chosen to discontinue the service due to lack of uptake among customers.

This will reduce competition for other UK banks who remain in the BNPL space, such as Barclays.

In June 2022, Barclays launched a service known as Instalment Plan, which splits purchases of £100 to £5,000 into equal monthly repayments with 0 percent interest.

Our premium content is available to users of our services.

To view articles, please Log-in to your account, or sign up today for full access:

Opt in to hear about webinars, events, industry and product news

To find out more about Vixio, contact us today
No items found.