March 08, 2017

Chevron's Mooney touts importance of data security standard

Chevron Federal Credit Union President and CEO Jim Mooney emphasized the importance of a national data security standard during his testimony on behalf of NAFCU Wednesday before the House Small Business Committee.

Mooney is also the chair of NAFCU's Cybersecurity and Payments Committee.

"As members of the committee are well aware, cyber and data crime has reached epic proportions in nearly all sectors of the economy," Mooney testified. "Sixty-five percent of all targeted attacks struck small and medium-sized companies last year."

Mooney noted that cybercriminals "are realizing that merchants and retailers are often the weakest link," leading them to target such businesses. He emphasized that credit unions rarely see any reimbursement after helping members affected by retailer breaches.

Mooney told Committee Ranking Member Nydia Velázquez, D-N.Y., that credit unions and other financial institutions are the only entities following a national data security standard – the Gramm-Leach-Bliley Act. "Outside of that, there's really no clarity at all," Mooney said.

Mooney emphasized that the Gramm-Leach-Bliley Act provides "flexibility, scalability and risk-based assessments" and that a national data security standard should do the same to make "everybody step up to the plate in the payments system."

In response to a question on ransomware and distributed denial-of-service (DDoS) attacks from Committee Chairman Steve Chabot, R-Ohio, Mooney said the key is to have a "multifaceted and multilayered" security system. There is "no one answer to any security problem, you have to attack it in multiple ways," he said.

Mooney discussed the links between cybersecurity and data security and how securing consumers' personal information will require the "the entire payments ecosystem to take an active role in addressing emerging threats."

He also highlighted the various cyber and data security initiatives NAFCU is involved with, including the Financial Services-Information Sharing and Analysis Center (FS-ISAC), the Federal Reserve's Payments Security Task Force and the release of the 2014 NIST framework.

The hearing, "Small Business Cybersecurity: Federal Resources and Coordination," also included testimony from the acting chairman of the Federal Trade Commission and a representative of the National Institute of Standards and Technology.

Today, Randolph-Brooks Federal Credit Union Executive Vice President and Chief Lending Officer Sonya McDonald will testify on behalf of NAFCU before the House Small Business Subcommittee on Investigations, Oversight and Regulations at 11 a.m. Eastern. The hearing will address the Small Business Administration's 7(a) loan program.