To the editor:
National Credit Union Administration Chairman Todd M. Harper's warning about the cybersecurity risks posed by third-party vendors is both timely and necessary ("
Leveraging their substantial purchasing power, credit unions can demand higher standards from their service providers. By rejecting unfair contract terms and partnering with vendors that prioritize cybersecurity, credit unions can drive better practices across the industry. This approach — essentially voting with their wallets — encourages a marketplace where accountability and robust cybersecurity are prerequisites for doing business.
The agency said VyStar customers took on fees and credit report demerits because they could not access banking functions for months following an attempted upgrade.
Legal action against underperforming vendors is another strategic tool for credit unions to recover losses, exit long-term contracts, enforce accountability and maintain member trust. Beyond financial compensation, such lawsuits send a clear message that lax cybersecurity will not be tolerated. Holding vendors accountable not only protects members, but also drives long-term improvements in vendor relationships and industry practices.
Chairman Harper's warning serves as a critical wake-up call. But credit unions cannot afford to wait for regulatory changes to address these risks. By leveraging their market influence and using litigation strategically, credit unions can protect their members and strengthen the broader credit union system.
