Block, Inc., the financial technology company that owns Cash App, has agreed to pay $45 million to settle allegations brought by a coalition of state attorneys general that the company failed to implement adequate security controls and misled users about the level of protection their accounts received.
The settlement, announced Wednesday, was led by a bipartisan group of AGs who alleged that Block promised Cash App users the same protections as a traditional bank — a claim that prosecutors say was materially false.
Background
Cash App has faced scrutiny over its security practices for several years. A significant data breach in 2022 — carried out by a former employee who downloaded sensitive records of approximately 8.2 million customers — first brought federal attention to the company's internal access controls.
The current settlement expands on those concerns, alleging that Block:
- Overstated security protections by marketing Cash App as offering bank-equivalent safeguards
- Failed to adequately respond to fraud reports and unauthorized transaction claims from users
- Lacked sufficient identity verification and account protection measures for a platform handling billions in transactions
- Violated state consumer protection laws by misrepresenting the safety of funds held within the app
Terms of the Settlement
Under the $45 million agreement, Block must:
- Implement enhanced fraud detection and prevention measures
- Improve its customer support response for unauthorized transaction claims
- Strengthen identity verification at account creation and for high-value transactions
- Submit to third-party security audits for a defined period
The settlement does not require Block to admit wrongdoing.
Why This Matters for Consumers
Cash App operates in a regulatory grey zone that has long frustrated consumer advocates. Unlike traditional banks, which fall under FDIC insurance and strict federal oversight, peer-to-peer payment apps like Cash App, Venmo, and Zelle have historically faced lighter-touch regulation.
Users who store significant balances in Cash App — rather than transferring funds to an insured bank account — carry risk that many do not fully understand. The settlement highlights:
- Unauthorized transactions on Cash App are not automatically reimbursed the way credit card fraud is
- Stored balances in payment apps are generally not FDIC-insured
- Fraud recovery depends heavily on the platform's own policies, which can be inconsistently applied
The Broader Regulatory Trend
This settlement is part of a broader regulatory movement targeting fintech companies that have grown rapidly while security and compliance infrastructure lagged. The Consumer Financial Protection Bureau (CFPB) and state AGs have increasingly turned their attention to:
- Payment apps handling consumer funds without bank-equivalent protections
- "Buy Now, Pay Later" providers with opaque dispute resolution
- Crypto exchanges and wallets marketing security features they cannot substantiate
Block is not alone. Similar enforcement actions have been pursued or threatened against other major payment platforms in recent years.
What Cash App Users Should Do
If you actively use Cash App:
- Transfer funds to a traditional bank account promptly — do not use Cash App as a savings vehicle
- Enable two-factor authentication and a unique, strong PIN
- Review recent transactions and dispute any unauthorized activity immediately
- Understand dispute limits — Cash App's policies on fraud reimbursement differ from credit card protections
The $45 million penalty, while significant for consumers, represents a fraction of Block's annual revenue. Whether it translates to meaningful security improvements will depend on regulatory follow-through.