B2B Payments

Credit Unions Want SMEs Held To Same Cybersecurity Standards


While credit unions and banks are tasked with protecting payment information, small businesses should also be playing their part in that cybersecurity effort, said one credit union executive.

According to reports in Credit Union Journal, James Mooney, president and chief executive of Chevron Credit Union, spoke to the House Small Business Committee about SME cybersecurity Wednesday (March 8), suggesting that “it is very ambiguous right now” how small businesses are expected and required to protect payment data under current regulation. Citing research that finds the majority of cyberattacks hit SMEs, Mooney added that there should be legislation that requires all businesses, not just large ones, to meet cybersecurity standards.

“Securing consumers’ personal information and financial accounts will require the entire payments ecosystem to take an active role in addressing emerging threats and in turn require all industries to be proactive in protecting consumers’ personally identifiable and financial information from the onset,” Mooney told the committee, speaking on behalf of the National Association of Federally-Insured Credit Unions.

He pointed to the high standards credit unions and banks already face to protect payment and financial information and said small businesses should be held to the same standards.

"Under Gramm-Leach-Bliley, we are really given the duty that everybody has to be playing at the same level,” he said. “As GLBA has functioned, it is scalable, so the risk that a multinational institution has is going to much different than a small credit union and the risk assessment is much different, but everybody is on the same page.”

His commentary comes as federal lawmakers struggle to define a path for data security legislation.

“The problem is that the bar keeps shifting as technology changes,” said Charles Rowe, president and CEO of America’s Small Business Development Centers, speaking at the same hearing about the challenges of regulating SME cybersecurity requirements.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.

Click to comment