Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

Washington Archive


Data breaches cost consumers average of $157: W. Va. league webinar

 Permanent link
PARKERSBURG, W.V. (8/21/14)--Nearly 40% of data breaches come from inadvertent misuse of data by employees, according to a cybersecurity webinar held Wednesday.

The webinar, held by the West Virginia Credit Union League and TraceSecurity, was designed to help credit unions be more aware of cyberattack threats and implement best practices when it comes to data security.

"The NCUA regional director has publicly stated that credit union information technology security will be a top priority during current credit union examination cycle," said Rich Schaffer, league senior vice president. "From our perspective, we want to ensure credit unions have available options when complying with examiner requests. The cost and effort required to prevent an attack is lower, and seems more manageable, than it is to react to one."

A Ponemon Institute study of data breaches showed that that average financial cost to victims of a data breach averages $157 per consumer, when the breach is a result of malicious criminal intent. For companies that are hit with such attacks, the average cost is $3.5 million.

"Outside of financial losses, you've got reputational losses. If you're hacked ... that can lead to loss of business, and other costs, such as reimbursement and legal fees, are there too," said Charles Lybrand, an information security analyst with TraceSecurity.

Lybrand recommended companies undergo a vulnerability assessment, which consists of a scan of addresses within a system, such as a phone, computer or printer, and look for vulnerabilities. The vulnerabilities are then reported.

A penetration test follows, with the vulnerability data used to go after system weaknesses, including passwords, system defaults and secure folders, all of which can contain sensitive information.

According to Lybrand, hackers can gain access to data by using a public IP address of a credit union and attacking that IP address. Other attacks are what is known as "social engineering" attacks. These attacks can be carried out via phone or e-mail, with the hacker posing as an IT staff member, a human resources staff member or CEO asking for system information, passwords or personal information.

Social engineering attacks can also be carried out in person, with the hacker visiting a location and getting physical access to an institution's servers or other equipment.

"Someone can come in acting like a new employee, or even dress as pest inspector, and get in," Lybrand said. "I've run into chief information officers and IT professionals who say that will never work, but I've dressed up as a pest inspector, gone into an institution dressed in a uniform and said, 'I'm here to look at the mouse problem.' Next thing I know I'm back in a server room."

TraceSecurity is a CUNA Strategic Services alliance provider. The webinar, titled "Protecting Your Credit Union Against Cyberattacks," will be posted on TraceSecurity's website within the next few days.

Use the resource link below for more information. And use the second resource to access a recent related News Now story, "What NCUA examiners look for on cybersecurity efforts: NCUA Report."

Video of July NCUA board meeting posted online

 Permanent link
ALEXANDRIA, Va. (8/21/14)--A video recording of the National Credit Union Administration's July 31 open board meeting has been posted to the agency's website.

The meeting agenda included:
  • A proposed rule to provide federal credit unions with regulatory relief and greater flexibility managing fixed assets by removing the waiver requirement for credit unions to exceed the 5% limit on fixed-asset investments;

  • Reprogramming of NCUA's 2014 operating budget with a net reduction in overall expenditures of $1.1 million;

  • A request to expand the community charter of Call FCU, with $360 million in assets, to serve the entire Richmond, Va., metropolitan statistical area;

  • A briefing on the performance of the corporate credit union legacy assets and the NCUA Guaranteed Notes program, which concluded that, at present, future Corporate Stabilization Fund assessments are unlikely; and

  • A briefing on the performance of the National Credit Union Share Insurance Fund, which showed positive second-quarter results.
The NCUA website also features video recordings of other past board meetings. Each video remains on the site for one year.

Use the resource link below to access the videos.

Auto finance co. fined $2.75M for 'distorting consumer credit records'

 Permanent link
WASHINGTON (8/21/14)--An auto finance company has been accused of providing inaccurate information to credit reporting agencies, which the Consumer Financial Protection Bureau (CFPB) believes has caused distorted credit records.

On Wednesday, the CFPB announced a $2.75 million fine against Texas-based First Investors Financial Service Group, which the bureau alleges passed along information that could have potentially harmed tens of thousands of consumers.

"Consumers are harmed when companies furnish inaccurate information to credit reporting agencies. Incorrect reports on file at credit reporting agencies--such as Experian, TransUnion and Equifax--distort the true picture of how consumers have performed on their loans," said CFPB Director Richard Cordray. "An error could make a big difference in whether someone receives a loan, qualifies for a low interest rate, or even gets offered a job. It has the potential to disqualify people for rental housing or raise their premiums for auto insurance."   

A CFPB investigation found that for three years First Investors used a flawed computer system that provided incorrect information to credit reporting agencies. When the company discovered this problem, in April 2011, it notified the vendor that provided the system, but it did not replace the system or take steps to correct the inaccurate information. In fact, First Investors continued to use the flawed program.

According to the CFPB, the company frequently understated how much consumers were paying toward their debt, overstated past due amounts, misreported delinquency dates and inflated the number of delinquent payments.

"In one case, it reported that a consumer was delinquent 11 times when in fact that consumer had only been delinquent twice," Cordray said, adding that many customers of First Investors were subprime borrowers to begin with, a population the company strategically targeted. "When First Investors knowingly sent the wrong information to the credit reporting agencies, it put consumers with credit profiles that were already impaired into an even more perilous position."

The CFPB has ordered First Investors to pay a $2.75 million fine, as well as identify and fix the affected consumer credit profiles, which includes giving free copies of credit reports to affected consumers. First Investors is also required to establish consumer safeguards.

Rep. Ryan backs cut in mortgage-debt tax deduction

 Permanent link
WASHINGTON (8/21/14)--Rep. Paul Ryan (R-Wis.) Wednesday said he would back a plan to reduce the available mortgage-interest tax deduction to apply only up to $500,000 in mortgage debt, down from the current $1 million in debt. He made his comment during a wide-ranging interview with Mark Halperin and John Heilemann on Bloomberg Television's "Market Makers." 

Ryan said the tax break should be targeted to the country's middle class and not be something for higher-income earners.

Deductions for mortgage interest have been part of the tax code since its inception in 1913, and it is considered hugely popular with taxpayers. In fact, national opinion polls often indicate that between 75% and 90% of Americans support the tax provision.

The proposal to reduce the cap was introduced by House Ways and Means Committee Chair Dave Camp (R-Mich.), who in March announced plans to retire from the U.S. Congress at the end of his current term. Ryan is considered by many to be the next chairman of Ways and Means, the powerful tax-policy writing panel.

Ryan, during the interview, rejected an idea of similarly capping charitable deductions by the wealthy. He was quoted as saying that is "the one area" where there should not be a cap.

Sen. Merkley talks to CUs about raising MBL cap, keeping CU tax status

 Permanent link
TIGARD, Ore. (8/21/14)--Sen. Jeff Merkley (D-Ore.) met with members of the Northwest Credit Union Association (NWCUA) last week, sharing several items on his legislative agenda that would benefit credit unions.

His agenda included pushing for an increase in member business lending cap and maintaining credit unions' tax status, according to the NWCUA's Anthem .

Merkley expressed his support Sen. Mark Udall's (D-Colo.) bill that would raise the member business lending cap to 27.5% of assets, up from the current 12.25% cap.
Click to view larger image Sen. Jeff Merkley (D-Ore.) meets with Oregon credit union leaders at the Northwest Credit Union Association's office in Tigard, Ore. (Northwest Credit Union Association Photo)

In terms of regulatory reform, Merkley said he realized that some of the proposals intended to appropriately regulate large banks that contributed to the 2008 financial collapse would "cast a shadow" on community credit unions.

"[It's a] continuing balancing act to authentically take on practices that may be unethical, without applying a regulatory burden where it doesn't belong," he said.

He also proclaimed himself a supporter of preserving the credit union tax status, and urged those in attendance, as well as the greater credit union community, to keep spreading the word about why the status is beneficial to the American consumer.

Merkley, a member of the Senate Appropriations and the Banking, Housing and Urban Affairs Committees, is one of 27 senators to write to the National Credit Union Administration expressing reservations about the agency's risk-based capital proposal.

Echoing the concerns of many credit unions in his state, Merkley said credit unions' current regulations in regard to holding capital served them well, but any changes might require credit unions to raise more capital, which they have a limited ability to do ( News Now June 26).

Merkley also said housing finance reform and cutting college costs would be priorities for him once the Senate is back in session.

Use the resource link for more information.

Bank of America agrees to record $17B settlement in MBS case

 Permanent link
WASHINGTON (8/21/14)--Bank of America has reached a record $17 billion settlement with federal and state authorities, according to an Associated Press report citing officials it says are directly familiar with the matter. The settlement comes from Bank of America's role in selling mortgage-backed securities leading up to the financial crisis in 2008.

The Bank of America settlement was negotiated through a joint federal and state working group with the U.S. Justice Department and other federal and state authorities, according to the Associated Press .

The BofA deal is the largest settlement arising from the economic meltdown in which millions of Americans lost their homes to foreclosure, the article notes. It follows agreements in the last year with Citigroup for $7 billion and with JPMorgan Chase & Co. for $13 billion.

The Associated Press also reports that the deal requires Bank of America to acknowledge making serious misrepresentations about the quality of the residential mortgage-backed securities it issued, along with securities issued by Countrywide Financial and Merrill Lynch, entities which were acquired by the bank in 2008.

According to the report, $10 billion will be paid in cash and another $7 billion in consumer relief will be provided. An official announcement is expected to come later today.

Bank of America settled with the National Credit Union Administration in April 2013 over allegations that the mortgage-backed securities sold by Bank of America led to the failure of several credit unions. The NCUA suit was settled for $165 million.

CUNA supports NCUA appraisal rule, seeks technical changes

 Permanent link
WASHINGTON (8/21/14)--The Credit Union National Association generally supports the National Credit Union Administration's proposed changes to appraisal requirements, according to a comment letter filed Tuesday.

The rule, which was proposed at the agency's June board meeting, would expand the current exemption in existing appraisal regulations to allow credit unions to refinance or modify a real estate-related loan in a declining housing market without having to obtain an additional appraisal.

CUNA first recommended changes to the NCUA's appraisal requirements in its 2013 regulatory review comment letter. The trade group's latest comment letter also offers additional suggestions for a few technical changes to the proposal.

"We request that NCUA's final rule clarify that the 'written estimate of market value,' required for exempt transactions, be satisfied by an estimated market value based on an automated valuation model," the letter reads. "This change would be consistent with the 2010 Federal Financial Institutions Examination Council's interagency appraisal and evaluation guidelines."

The NCUA's proposed rule would also eliminate a now duplicative requirement that federal credit unions make available, to any requesting member, a copy of the appraisal used in connection with that member's application for a loan secured by a first lien on a dwelling.

CUNA supports this part of the proposed rule as well, stating it will reduce regulatory burden for credit unions, a top priority for the association.

Use the resource link to access the letter.