Archive

Go to:

October 2017
SMTWTFS
1234567
891011121314
15161718192021
22232425262728
293031
< Sep Nov >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Matz Says Retailers Should Be Held to Same Standards as FIs
Wednesday, December 10, 2014 6:35 AM

Data breaches at retailers have cost credit unions greatly, and while addressing the Metropolitan Area Credit Union Management Association Monday night, National Credit Union Administration Board Chair Debbie Matz said retailers and other third parties should cover the costs of data theft due to breaches of their systems.

"Financial institutions are required by law to protect sensitive information," Matz said. "Yet it is financial institutions, not retailers, who must shell out as much as $15 for every new card issued to affected cardholders. It is financial institutions, not retailers, who must monitor affected accounts and reassure consumers that those accounts are still safe. Retailers should be held to the same high data protection standards. It is time to end the double standard."

Cornerstone Credit Union League SVP Regulatory Compliance Counsel Suzanne Yashewski agrees. “Credit unions work diligently to maintain security of member information," Yashewski said. "Merchants should do the same for their customers. Without a regulator to hold them responsible for compliance, merchants need an incentive to comply with data security standards. That incentive is responsibility for covering the costs associated with a breach of their own system.”

Cybersecurity will continue to be a supervisory priority for the NCUA in 2015, according to Matz. "Next year, NCUA will expect credit unions to implement controls to better detect cyberattacks, to better protect themselves and their members and to better recover from those attacks," she said. She called such actions as encrypting sensitive data before transmission, applying access controls, and conducting tests to determine resilience to attacks, "basic cybersecurity measures."

In addition, the agency has created a resource website.