The Ledger: Stripe’s Post-GDPR Plan, Facebook’s Crypto, Berkshire Hathaway’s Bitcoin Dis

A year ago, the European Union adopted the General Data Protection Regulation, or GDPR, a piece of legislation designed to force companies to protect people’s data. In just a few months, another data-related EU law is coming into effect: the second “payment services directive“, or PSD2.

The new law, which becomes mandatory on September 14, takes aim at financial firms. The goal: Boost competition and innovation within the industry by making banking and payments safer and more open through stronger security and data portability provisions.

Claire Hughes Johnson, chief operating officer of Stripe, the highest privately valued fintech startup in the U.S., dropped by Fortune’s Balancing The Ledger studio to discuss her company’s approach to compliance. She said the infrastructural challenges presented by the rules are “pretty rough.”

One aspect of the new law requires that banks support “strong customer authentication“; in other words, these companies must reject payments that fail to verify the identity of the purchaser, in real time, through multiple steps. Financial firms have been ordered to use a combination of passwords or PINs along with a second factor, which could involve a text message sent to a phone number, a hardware security token, or biometrics, like a fingerprint or face scan. (There are some exemptions.)

“For people who study consumer behavior and shopping carts it’s really scary because it does create a lot of friction,” Johnson said. “Our mission is to take away that complexity and cover all the compliance and the infrastructure you need for payment acceptance and paying out.”

In April 2018, Stripe for an undisclosed sum acquired Touchtech Payments, a Dublin-based fintech startup that builds authentication technologies for banks, specifically to address the regulatory challenge. At the time, John Collison, Stripe’s cofounder and president, told TechCrunch that the regulation “is a huge deal” and that “people are sleepwalking into it.”

If history teaches us, somnambulism will abound. Three months after GDPR went into effect, one oft-cited study found that out of 103 GDPR-applicable businesses, about 70% failed to comply with one of the law’s basic mandates: supplying personal data within a month to a consumer who requests a copy. That sluggish response certainly does not bode well for companies facing down the new rules’ deadline.

To quote Billie Joe Armstrong, frontman of the punk rock outfit Green Day: Wake me up when September ends.


We’ve released a preliminary agenda for Fortune’s inaugural Brainstorm Finance conference in Montauk June 19-20–you can check out the program here. Conference attendance is by invitation only, but you can request an invite by emailing me directly.


Send feedback and tips to, find us on Twitter @FortuneLedger or email/DM me directly at the contact info below. Please tell your friends to subscribe.

Robert Hackett


To the Moon… More details about Facebook’s crypto plan. Fidelity to offer Bitcoin trading within weeks. Amazon offers blockchain service. Ant Financial loves blockchain. London Stock Exchange’s CEO sees a future for distributed ledger technology. Softbank backs Mexican fintech startup. Fintech startups and Divvy raise $200+ million. HSBC’s quarterly profits jump. Goldman Sachs’ tech fund is crushing it. Blockchain for wireless spectrums?

…Rekt. Florida business owner says he lost a lot of money using payments service Zelle. Deutsche Bank is failing to turn around. U.S. Bank fires alleged call center whistleblower. U.S. judge demands North Korean documents from Chinese banks. Coinbase’s tech chief is out. “Blockchain hype missed the mark, and not by a little.” Fintech giant Fiserv sued over alleged security lapses. China is no longer Asia’s top fintech funder.


Click to watch ?

Claire Hughes Johnson, chief operating officer of Stripe, the highest privately valued fintech startup based in the U.S., dropped by Fortune’s Balancing The Ledger show to discuss the next phase of EU data regulations, the difficulty of connecting global payment pipes, and the trouble with Bitcoin.



That’s the amount asset managers and other financial services spend on cybersecurity per full-time employee per year, according to a report published this week by Deloitte and the Financial Services Information Sharing and Analysis Center, or FS-ISAC, a cybersecurity-related trade group. In total, this amounts to roughly 10% of these companies’ annual IT budgets, or between 0.2% to 0.9% of their annual revenues.


“I wondered what [Bitcoin investors] have been doing in their happy hour, and I finally figured it out. They celebrate the life and work of Judas Iscariot.”

Charlie Munger, the legendary, billionaire investor, vice chairman of Berkshire Hathaway, and Warren Buffett BFF, cracked this joke at cryptocurrency bulls’ expense at the company’s annual shareholder meeting on Saturday. He has previously compared Bitcoin speculation to “trading turds.”

We hope you enjoyed this edition of The Ledger. Find past editions here, and sign up for other Fortune newsletters here. Question, suggestion, or feedback? Drop us a line.