Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive
150x172_CUEffect.jpg
Contacts
LISA MCCUEVICE PRESIDENT OF COMMUNICATIONS
EDITOR-IN-CHIEF
MICHELLE WILLITSManaging Editor
RON JOOSSASSISTANT EDITOR
ALEX MCVEIGHSTAFF NEWSWRITER
TOM SAKASHSTAFF NEWSWRITER

News Now

Washington
Matz at GAC: Merchants must be held to same data security standards as CUs
WASHINGTON (2/25/14)--The data breach at Target is the story of a double standard "that is neither healthy nor fair,"
Click to view larger image
 National Credit Union Administration Chairman Debbie Matz said Monday at the Credit Union National Association's 2014 Governmental Affairs Conference. "While financial institutions are required by law to protect sensitive personal information, data protection standards for retailers are too often simply not adequate," Matz added.

CUNA has made this same point in several recent letters to the U.S. Congress.

The NCUA leader identified cyber-security as one of the top priorities for the regulator and the credit union system going forward.

"A data breach--even if it's outside the financial system--can have enormous negative repercussions inside the financial system," Matz said. "No matter how far removed a given data breach is from your credit union, if it affects your members, you can pay dearly--both in terms of your reputation and your balance sheet."

Data breaches are not the only cyber-security risk, according to Matz.  Hackers have used passwords stolen from a credit union to access one of the larger credit bureaus, and cyber-terrorists are now targeting credit unions.

"When these attackers break through, websites crash. Members are unable to access their accounts. It can take hours to bring systems back online," she said. Hackers can infiltrate systems and compromise or destroy data, and could use a credit union as an entry point to gain access to payment systems and vendors.

Some also use front-end denial of service attacks to create a diversion while others break into a network through a back door. "Think about the damage they could do," Matz said.

Agency examiners will be looking to see how credit unions are implementing appropriate risk mitigation controls to better protect, detect and recover from cyber-attacks. Vendor due diligence, strong password policies, proper patch management, employee training and network monitoring are among the items credit unions will need to address or improve.

To prepare for potential attacks, credit unions can share cyber-security best practices  at league meetings and take part in national information-sharing forums.

The NCUA itself is also partnering with federal law enforcement, intelligence and financial agencies to improve its own cyber-security.

"NCUA needs to be ready. The credit union system needs to be ready. Working together, we will be ready," Matz said.
Other Resources

CUNA Letters to Congress
RSS





print
News Now LiveWire
The U.S. Court of Appeals restored NCUA lawsuit v. Barclays Capital that charged misrepresenting quality of $550M IN RMBS. See News Now Wed.
12 hours ago
Registration is now open for the online livestreaming of @TheNCUA March 19 open board meeting. http://t.co/yOuqdXHlxj
16 hours ago
Registration is now open for online viewing of @TheNCUA's March 19 board meeting. https://t.co/mMZoXSFjMe
16 hours ago
.@CFPB Director Richard Cordray's testimony that he will deliver before the #HFSC this afternoon. http://t.co/NA1aEOPAeh
18 hours ago
Consumer spending flatlines, savings ramp up #Market #NewsNow http://t.co/94kPuBpMRK
18 hours ago