Data breaches at retailers have cost credit unions greatly, and NCUA Board Chairman Debbie Matz called for retailers and other third parties that are responsible for such breaches to cover those costs to financial institutions.
“Throughout this year, credit unions and their members have suffered from data breaches they did not cause," Matz said. "However, no matter how far removed a data breach may be from a credit union, that credit union may pay in terms of its balance sheet and its reputation. When breaches occur in third-party data systems, the responsible third parties should be held accountable.
“Financial institutions are required by law to protect sensitive information,” she continued. “Yet it is financial institutions, not retailers, who must shell out as much as $15 for every new card issued to affected cardholders. It is financial institutions, not retailers, who must monitor affected accounts and reassure consumers that those accounts are still safe. Retailers should be held to the same high data protection standards. It is time to end the double standard.”
Matz made her remarks Monday night during a speech to the Metropolitan Area Credit Union Management Association. In addition to a report on the state of the credit union system nationally and in the greater Washington, D.C., area, Matz covered issues including the coming revised risk-based capital proposed rule and the ongoing threat posed by interest-rate risk.
Matz said cybersecurity will continue to be a supervisory priority for NCUA in 2015.
“Next year, NCUA will expect credit unions to implement controls to better detect cyber-attacks, to better protect themselves and their members and to better recover from those attacks,” she said.
Matz said that, despite existing regulatory guidance, many institutions fail to take basic cybersecurity measures, such as encrypting sensitive data before transmission, applying access controls and conducting tests to determine resilience to attacks. That creates a major threat.
“Cyberterrorists are scheming to break into smaller institutions, including credit unions, and use them as an entry point to the entire financial services system,” Matz said.
In addition to examinations, Matz said, NCUA has provided numerous cybersecurity resources and information on the agency’s dedicated webpage.
“Working together, we will be ready,” she said. “We all have the same goal of a safe and sound credit union system, and I would be happy to hear from you as to how we can achieve that goal.”