News

• ABA Banking Journal: ABA offers principles to guide changes to payments system access
• ABA Banking Journal: Fed: Stress test results show large banks can withstand economic shock
• ABA Banking Journal: ‘Five Eyes’ nations warn AI cybersecurity threats only months out
• abrigo: Friendly Fraud: More than a merchant problem
• CISA News: Hackers Use Reporter Impersonation to Target C-Suite Executives in Social Engineering Attacks

SDBA Updates

• HB 1238 Toolkit: July 1 Effective Date Approaching
• 2027 Scenes of South Dakota Calendar Contest

SDBA Events

• 2026 SDBA Intro to HSAs Webinar 
• 2026 SDBA Ag Credit Conference
• GSBC's Executive Development Institute Elevates Community Bank Succession Planning

Online Education

• Additional Educational Opportunities

ABA Banking Journal: ABA offers principles to guide changes to payments system access

As policymakers consider proposals related to payment system access, such as new chartering models and Federal Reserve account access, they should proceed cautiously or risk weakening the coherence of the existing payments framework, the American Bankers Association told House lawmakers.

The House Financial Services Financial Institution Subcommittee held a hearing today on the future of payments, with lawmakers exploring topics such as the increasing number of nonbank entities seeking trust charters and a Fed proposal to create new “skinny” master accounts for payment services. In comments submitted ahead of the hearing, ABA noted that many payment innovations were developed and deployed by banks operating within a strong regulatory framework.

“ABA and our members support continued innovation in payments,” the association said. “At the same time, we believe that efforts to expand access to payment system infrastructure and create new chartering pathways must reinforce the core strengths of the U.S. financial system – its safety, soundness and trust – rather than weaken them.”

ABA said any changes to payments system policy or regulation should adhere to the following principles:

• Access to the payments system must be paired with robust supervision
• Avoid proposals that allow firms to selectively access key elements of the banking system, such as payment rails, without assuming the full set of obligations that accompany those benefits
• Maintain Fed discretion and risk-based review for accounts and access
• Proceed cautiously with new access and charter models

Full Article

Back to Top

ABA Banking Journal: Fed: Stress test results show large banks can withstand economic shock

Large banks are well positioned to weather a severe recession and would be able to continue to lend to households and businesses, according to the results of the Federal Reserve’s annual stress tests, released today.

All 32 banks tested remained above their minimum common equity tier 1 capital requirements during this year’s hypothetical recession scenario, the Fed said. The scenario included a severe global recession with a 39% decline in commercial real estate prices and a 30% decline in house prices. The unemployment rate also increased to a peak of 10%, and economic output declined commensurately.

Despite absorbing more than $708 billion in total loan losses under this year’s hypothetical scenario, capital declined only 1.6 percentage points in aggregate, staying above minimum capital requirements.

“Today’s results underscore the strength of the banking system,” Vice Chair for Supervision Michelle Bowman said. “As we work to increase the transparency and accountability of the stress test, public feedback will help us continue to improve and instill greater confidence in the stress test and its results.”

The stress test results will not affect large bank capital requirements. The current capital requirements will stay in place until 2027, when the stress test will be run with loss-estimating models that take public feedback into consideration, the Fed said.

The results again demonstrate that America’s banking system remains strong, resilient and well capitalized to support our economy through a range of conditions, American Bankers Association President and CEO Rob Nichols said.

“We appreciate the Federal Reserve’s meaningful efforts to improve transparency and make stress testing more rational and predictable, something ABA has supported by providing extensive input throughout the process,” Nichols said. “We are encouraged by the Fed’s continued progress and will continue to engage with policymakers to ensure the stress testing framework accurately reflects risk while supporting banks’ ability to meet the needs of their customers and communities.”

Full Article

Back to Top

ABA Banking Journal: ‘Five Eyes’ nations warn AI cybersecurity threats only months out

Organizations have only months to prepare for the cybersecurity challenges posed by new artificial intelligence models, making cyber resilience “integral to advancing business continuity,” the leaders of the “Five Eyes” cybersecurity agencies warned in a joint statement.

The Five Eyes intelligence alliance is comprised of Australia, Canada, New Zealand, the U.K. and the U.S. In their statement, the agency heads said that newer AI models lower barriers for malicious actors and increase the speed and complexity of attacks, “shrinking the window between vulnerability discovery and exploitation ever more quickly.”

At the same time, AI offers powerful tools to strengthen cybersecurity, they said.

“Organizations that integrate AI tools into their security operations can detect vulnerabilities earlier, improve software quality, monitor unusual behavior, and respond faster to incidents – reducing both the cost and impact of incidents,” they said.

They offered “practical actions” organizations can take to mitigate their AI vulnerability:

• Limit unnecessary system access and external connectivity
• Accelerate software patching processes
• Address legacy systems, as unsupported systems are easy targets
• Review and strengthen identity and access controls
• Prepare for incidents before they happen

Full Article

Back to Top

abrigo: Friendly Fraud: More than a merchant problem

What is friendly fraud?   

For years, financial institutions have focused fraud prevention efforts on external threats such as stolen credentials, account takeovers, and payment scams. While those risks remain significant, another form of fraud is gaining momentum across the payments ecosystem: friendly fraud.

Also known as first-party fraud or chargeback fraud, friendly fraud occurs when a consumer disputes a legitimate transaction with their card issuer, often after receiving the goods or services. In some cases, the dispute may stem from confusion or a forgotten purchase. In others, the cardholder knowingly misrepresents the transaction to obtain a refund while retaining the product or service.

As digital commerce continues to expand, financial institutions are increasingly finding themselves at the center of this growing challenge.

A growing risk

Friendly fraud affects far more than just merchants, particularly in terms of chargeback volume. A chargeback occurs when a cardholder disputes a transaction with their card issuer, potentially resulting in funds being returned to the customer. Every chargeback requires financial institutions to investigate, review, and resolve the dispute, creating operational costs and increasing pressure on fraud and dispute management teams.

According to Mastercard’s 2025 State of Chargebacks Report, approximately 23 percent of all chargebacks are tied to first-party fraud. As dispute volumes continue to rise, financial institutions must balance their responsibility to protect consumers with the need to safeguard the integrity of the payments system.

This balance is becoming increasingly difficult as fraudsters learn to exploit consumer protection mechanisms designed to address legitimate unauthorized transactions.

Full Article

Back to Top

CISA News: Hackers Use Reporter Impersonation to Target C-Suite Executives in Social Engineering Attacks

A recent engagement demonstrates how persuasive pretexts and careful reconnaissance let attackers bypass technical controls by exploiting human trust at the executive level. Rather than inventing a sophisticated exploit, testers impersonated a journalist reporting an anonymous tip about hazardous-waste disposal at a client’s high-profile construction site.

The attack relied on credibility, urgency, and conversational email tactics designed to disarm senior leaders who are trained to respond quickly to reputational threats. Testers then adopted a real-reporter persona, created a ProtonMail identity to match journalistic privacy habits, and registered a lookalike domain to host an Evilginx adversary-in-the-middle (AITM) server that proxied the client’s Microsoft login.

The engagement began with methodical OSINT: corporate blogs, press releases, leadership bios, LinkedIn, and local news searches revealed the company’s expansion project, key decision-makers, and likely media channels.

According to NetSPI, the technical infrastructure was ready to harvest credentials, MFA tokens, or session cookies but the campaign hinged on a simple psychological trigger: urgency framed as a request for comment.

Reporter Impersonation to Target C-Suite

Emails were manually crafted without clickable links an intentional move to avoid tripping automated filters and to solicit replies that signaled human engagement.

Two executives replied with contact redirects, one being the executive responsible for the construction project (referred to as “Bob”). When Bob responded with what appeared to be a legitimate Teams invite, the testers introduced an error-like message and supplied their phishing URL.

Rushing to mitigate perceived reputational damage, Bob forwarded the link to two external contractors, effectively expanding the attack surface and illustrating a critical cascade risk: an executive acting in good faith amplified the social-engineering campaign across organizational boundaries.

Although the engagement was halted to avoid capturing out-of-scope credentials, the scenario exposes two systemic weaknesses.

First, conversational, reply-driven phishing presents a blind spot for automated defenses; back-and-forth exchanges look legitimate and evade heuristics tuned for one-off malicious links.

Second, the absence of concise, practiced procedures for handling unsolicited media outreach allowed good intentions to convert into operational risk.

Bob’s actions were not negligent he followed a natural escalation instinct but without a clear “forward to Communications” policy, that instinct becomes the adversary’s best tool.

Defensive recommendations are straightforward and actionable. At the individual level: treat urgent requests with deliberate pause; verify journalists independently through established newsroom contacts or publicly listed emails; scrutinize URLs and avoid authenticating via links provided in unsolicited messages.

At the organizational level: tune email security to detect domain lookalikes and flag external senders; conduct phishing simulations that replicate reporter impersonation and vendor-targeted scenarios; define and rehearse a single, simple protocol for executives to route media inquiries to communications or legal teams.

This engagement reinforces a central truth: social engineering paths remains one of the most efficient to compromise because it targets human decision-making rather than brittle code.

As defenders harden perimeter controls and identity systems, attackers shift to conversations that look ordinary but lead to extraordinary access.

Organizations that combine technical controls with clear, practiced procedures for high-stakes communications will be better positioned to turn the attacker’s simplest tactic asking a few well-placed questions into a failed endeavor.

Full Article

Back to Top

HB 1238 Toolkit: July 1 Effective Date Approaching

HB 1238 takes effect July 1, 2026, providing South Dakota financial institutions with new authority and protections to help prevent the financial exploitation of consenting, senior, and vulnerable adults.

To help members prepare, the SDBA has developed a toolkit outlining key provisions of the law, common red flags, and practical implementation considerations. We encourage banks to review internal procedures, train frontline staff, and evaluate documentation and reporting protocols ahead of the effective date.

Financial exploitation continues to rise, making early intervention more important than ever. Access the toolkit today and begin preparing your institution for implementation.

HB 1238 Toolkit

Back to Top

2027 Scenes of South Dakota Calendar Contest

For the 2027 Scenes of South Dakota Calendar, we’re looking for photos that capture the heart of our state. Think everyday moments, stunning landscapes, and the people, places, and seasons that make South Dakota home.

Submit your photos by July 31!

Online Education

Participating in learning opportunities outside the bank can be challenging. Take advantage of the SDBA's extensive selection of webinars and on-demand training to enhance your banking expertise directly from your computer.

GSB Online Seminars
OnCourse Learning
SBS Institute
ABA Training

Learn how to put compliance management solutions from Compliance Alliance to work for your bank, by contacting (888) 353-3933 or [email protected] and ask for our Membership Team. For timely compliance updates, subscribe to Bankers Alliance’s email newsletters. 

Back to Top

---

SDBA eNews Archive

View past issues of the SDBA eNews

Advertising Opportunity
Learn more about sponsoring the SDBA eNews

Questions/Comments
Contact the SDBA at 605.224.1653 or via email