News

• ABA Banking Journal: Fed’s Waller proposes creating ‘skinny’ master account for payment services
• ABA: Penny Phaseout
• ABA Banking Journal: ABA urges FCC to modernize calling rules, strengthen fraud protections
  
• CISA News: Microsoft warns of a 32% surge in identity hacks, mainly driven by stolen passwords

SDBA Updates

• Order your 2026 South Dakota Bank Directory

SDBA Events

• LAST CALL! NEXT STEP: Emerging Leaders Summit
• 2026 National Ag School for Beginning Ag Bankers

Online Education

• Additional Educational Opportunities

ABA Banking Journal: Fed’s Waller proposes creating ‘skinny’ master account for payment services

Federal Reserve Governor Christopher Waller today proposed the creation of a “skinny” master account for payment services that would be easier to obtain than a regular master account but would come without the latter’s “bells and whistles.”

Speaking at a Fed conference on payments innovation, Waller said his proposed “payment account” would provide basic Fed payment services to legally eligible institutions that conduct payment services primarily through a third-party bank that has a full-fledged master account. Such accounts are lower risk and therefore would have a streamlined approval process, he said.

“Payments innovation moves fast, and the Federal Reserve needs to keep up,” Waller said.

Payment accounts would provide access to the Fed payment rails while controlling for various risks to the central bank and payment system, Waller said. Fed banks would not pay interest on balances in a payment account, and balance caps may be imposed. The accounts would not have daylight overdraft privileges — if the balance hits zero, payments will be rejected. And they would not be eligible for Fed discount window borrowing or have access to all payment services for which the Fed banks cannot control the risk of daylight overdrafts.

“I want to be clear that this is just a prototype idea to provide some clarity on how things could change,” Waller said. “The upshot is that, in my view, the payments landscape, as well as the types of providers, has evolved dramatically in recent years, and, accordingly, a new payments account could better reflect this new reality.”

Back to Top

ABA: Penny Phaseout

Resources to help your bank track trends, manage customer expectations, and respond to the operational impacts of the penny's retirement.

In February 2025, President Trump directed the U.S. Treasury to stop producing pennies as part of a broader effort to cut unnecessary government spending. Each penny costs nearly four cents to produce and distribute, making it economically inefficient. While minting has ended, existing pennies remain legal tender, and banks will continue to accept and process them. As availability declines, some banks and merchants may run low or out of pennies, potentially affecting cash transactions that rely on exact change.

The American Bankers Association today urged the Federal Reserve and Treasury Department to alleviate the operational challenges caused by the end of penny production, such as by providing public education, giving guidance on rounding transactions and ensuring the existing penny supply continues to circulate during the transition.

Earlier this year, President Trump directed the Treasury Department to stop producing pennies. The U.S. Mint produces coinage but the Fed distributes coins to banks and credit unions.

In a letter, ABA said that all stakeholders — banks, retailers and consumers — would benefit from a coordinated federal response to the situation. It asked that the Fed take immediate action to continue accepting penny deposits at all coin terminals nationwide while more long-term actions are undertaken to manage penny circulation. This deposit infrastructure should be maintained until such time as pennies are formally withdrawn from circulation through a clear and coordinated transition plan, the association said.

“We ask that Treasury and the Federal Reserve formulate a plan to manage penny circulation to meet current demand and to reduce future demand in recognition that no more pennies will be minted,” ABA said. “The federal government response should be communicated nationwide to the industry and the general public to maximize awareness of the issue.”

Full Article

Back to top

ABA Banking Journal: ABA urges FCC to modernize calling rules, strengthen fraud protections

The American Bankers Association this week sent a letter urging the Federal Communications Commission to issue a notice of proposed rulemaking that would adopt several ABA requests to modernize the FCC’s Telephone Consumer Protection Act rules and combat illegal call spoofing. The FCC is scheduled to vote Oct. 28 on whether to issue the notice.

The TCPA is a 1991 law that regulates telemarketing and informational calls using automated processes. The draft rulemaking under consideration contains changes to the FCC’s TCPA rules that ABA has urged the commission to make. They are:

• The FCC proposes to delete the “revoke all” rule. Under the TCPA, with limited exceptions, a bank or other business can place an autodialed or prerecorded voice call or text message only with the prior express consent of the called party. A called party has the right to revoke consent to receive these calls. In a 2024 order, the FCC required a business to treat a consumer’s revocation of consent to receive one type of call or message as a revocation of all consented-to calls and messages (the “revoke all” rule). Since the Trump Administration took office, ABA has led a joint industry effort to urge the FCC to rescind the revoke-all rule. The draft notice of proposed rulemaking would do that.
• The FCC seeks comment on permitting callers to designate the exclusive means by which consumers may revoke consent, rather than requiring callers to honor all revocation requests made using “reasonable means.” ABA previously urged the FCC to take this step. Current FCC rules allow consumers to revoke consent through “any reasonable means,” which has created significant challenges for banks in processing customers’ revocation requests accurately and efficiently.
• The FCC proposes to eliminate the “provided number” condition that allows banks and other financial institutions to place calls under an existing exemption for fraud alerts only to numbers that were provided by the customer to the institution. For the past decade, ABA has sought removal of this condition, which creates a challenge for banks to utilize the exemption.
• When a consumer asks the caller to stop placing telemarketing calls to the consumer, current rules require the caller to place the consumer on its internal “do-not-call” list. The FCC proposes to delete this requirement.

To combat illegal call spoofing:

• The FCC proposes to enhance the effectiveness of the STIR/SHAKEN call authentication framework by requiring terminating providers to transmit verified caller name or other caller identity information for presentation on a consumer’s handset whenever the provider transmits a call with the representation that the caller has received an “A-level” attestation – the highest form of attestation under STIR/SHAKEN. ABA has raised concerns that bad actors are obtaining “A-level” attestation, which signals that the originating provider knows that the caller has lawful access to the number being displayed in the recipient’s caller ID display. ABA has also called on the FCC to prohibit the display of data on a consumer’s caller ID device when the authenticity of the call cannot be adequately verified through a verified relationship with the call originator.
• The FCC proposes to require originating voice service providers that transmit caller identity information to employ reasonable measures to verify the accuracy of the information transmitted. The FCC also seeks comment on requiring providers to use “Rich Call Data,” or RDC, to transmit the verified caller’s name on IP networks. Under RCD, when a recipient receives a call from a legitimate company, the company’s logo would appear in the caller ID display, signaling the legitimacy of the call.
• The FCC proposes to require voice service providers to implement measures to ensure consumers know which calls originate from outside the U.S. and to prohibit spoofing of U.S. telephone numbers for calls that originate from outside the U.S.

If the FCC votes to issue the notice of proposed rulemaking at its Oct. 28 open meeting, the public will have an opportunity to comment.

Full Article

Back to Top

CISA News: Microsoft warns of a 32% surge in identity hacks, mainly driven by stolen passwords

Hackers are increasingly using stolen identities to breach organizations, impersonating employees or contractors before stealing data and launching ransomware, according to new research. 

Microsoft’s 85-page Digital Defense Report 2025 covers dozens of pertinent cybersecurity issues including ransomware, nation-state attacks, AI and more. But the company’s researchers said the one statistic that stood out more than most others was the continued success of password attacks that allowed hackers to take over victim accounts. 

Despite a growing sophistication of cyber threats, “more than 97% of identity attacks are password attacks. In the first half of 2025 alone, identity based attacks surged by 32%,” said Amy Hogan-Burney, a corporate vice president at Microsoft. 

“That means the vast majority of malicious sign-in attempts an organization might receive are via large-scale password guessing attempts. Attackers get usernames and passwords (‘credentials’) for these bulk attacks by and large from credential leaks.”

Hackers are also increasingly turning to other methods to obtain credentials. Microsoft tracked surges in the use of infostealer malware by criminals and an increase of IT scams where cybercriminals call a company’s help desk and simply ask for password resets. The scheme has drawn headlines in recent months due to a string of high-profile attacks launched by English-speaking cybercriminals connected to the Scattered Spider organization. 

Infostealers allow cybercriminals to quietly gather credentials and information at scale before either using it themselves or selling the data on cybercrime forums. Microsoft noted its role in taking down Lumma Stealer — one of the most prevalent infostealer observed in the last year.

Microsoft said since the takedown, it has continued to “identify and dismantle new Lumma Stealer infrastructure.” Microsoft said it is still unclear whether the takedown will be effective but pointed to its work disrupting cracked versions of Cobalt Strike as evidence that these methods do have an impact. 

Microsoft’s report tracks trends from July 2024 through June 2025. The most targeted entities were IT companies and government bodies at the national and local level. 

In addition to identity-based attacks, Microsoft also said it saw several key vulnerabilities exploited — including CVE-2024-50623 which impacted popular file sharing tool Cleo and other bugs affecting prominent tools made by Fortinet, BeyondTrust and SimpleHelp. 

Ransomware affiliate shell games

Microsoft incident responders said 19% of cases where they were able to determine a threat actor’s objectives involved ransomware. 

Microsoft cited figures from cybersecurity firm Intel 471 that found 120 ransomware variants were used against 71 industries over the last year, with more than half of all victims based in the U.S. 

Nearly half of all alleged victims seen on ransomware leak sites had an annual revenue of $50 million or less. Ransomware actors increasingly leveraged social engineering to obtain or reset credentials, particularly through vishing or tech support scams.

“For example, this year multiple actors conducted help desk-themed social engineering, using messaging platforms such as Teams to communicate with targets and the Windows utility Quick Assist for remote access,” the company’s researchers said. 

Microsoft noted that it now tracks specific threat actors because many use multiple strains of ransomware. A cybercriminal known as Octo Tempest used Dragon Force, RansomHub and Qilin ransomware strains throughout the year, illustrating how simple it is for hackers to move between ransomware-as-a-service affiliation. 

In a separate notice on social media, Microsoft spotlighted a recent disruption of a threat actor that bounced between using Vice Society, Rhysida, BlackCat, Quantum Locker and Zeppelin ransomware strains. 

Another new trend spotted by Microsoft was the exploitation of antivirus (AV) exclusions to avoid detection. AV exclusions are typically used by IT or security teams to stop AV software from wasting resources scanning trusted files or directories, the researchers explained. 

“Attackers seek out misconfigurations such as overly broad exclusions, which they could use to disable or sidestep defenses during hands-on-keyboard intrusions,” Microsoft said. 

“This year, attackers used exclusions to bypass AV defenses in 30% of observed human-operated ransomware incidents. Despite these evolving threats, attacks reaching the encryption stage have slowed and are now increasing at a rate of only 7% in 2024-2025 compared to 102% in 2023-2024, per our incident tracking.”

Back to Top

Order your 2026 South Dakota Bank Directory

The South Dakota Bank Directory provides detailed information on all South Dakota banks including addresses, telephone numbers, important contact names and additional pertinent information. The directory also contains information on the SDBA, banking associations, regulatory agencies, endorsed vendors, associate members and South Dakota officials.

Place your order for your 2026 SD Bank Directory!

All member banks, associate members, and endorsed vendors receive one complimentary copy.

LAST CALL!

NEXT STEP: Emerging Leaders Summit is designed to help cultivate, connect, engage and empower South Dakota’s future bank leaders. This event will encourage emerging bank leaders to find and express their voices within their organizations, communities and the banking industry and provide opportunities to network and exchange ideas with other industry professionals. It will also increase emerging bank leaders’ knowledge of topics of interest to the banking industry and promote involvement and advocacy.

We have a fantastic lineup of speakers, including Lena Scullard, who will also serve as our event emcee; Kristina Schaefer; Dr. Sal Villegas, Northern State University; SDBA President, Karl Adam; and Arthur Williams Jr.

Register Today!

Back to Top

2026 National Ag School for Beginning Ag Bankers

June 22-25, 2026 | Spearfish

Ready to take your agricultural lending skills to the next level? Join us June 22-25, 2026, on the scenic campus of Black Hills State University in Spearfish, SD for an immersive, hands-on school designed specifically for beginning ag bankers. Sponsored by the South Dakota Bankers Association, this intensive program covers all aspects of ag lending—including credit analysis, scoring and risk rating, managing problem loans, and collaborative case studies.

CURRICULUM HIGHLIGHTS

The National School for Beginning Ag Bankers is designed to give you the knowledge and confidence to make smarter, stronger lending decisions. Perfect for ag bankers with zero to three years of experience, this program blends expert instruction with practical, hands-on learning.

What You’ll Learn:

• The current ag economy and industry trends
• Balance sheet and working capital analysis
• Earnings and cash flow analysis
• Futures, options, and risk management strategies
• Loan servicing and management assessment
• Customer profiling and relationship-building techniques

With 25+ hours of interactive instruction, you’ll tackle real-world challenges through case studies and problem-solving exercises. A dynamic bank simulation lets you see firsthand how your lending decisions impact the entire bank operation—across all departments.

Details & Registration

Back to Top

Online Education

Participating in learning opportunities outside the bank can be challenging. Take advantage of the SDBA's extensive selection of webinars and on-demand training to enhance your banking expertise directly from your computer.

GSB Online Seminars
OnCourse Learning
SBS Institute
ABA Training

Learn how to put compliance management solutions from Compliance Alliance to work for your bank, by contacting (888) 353-3933 or [email protected] and ask for our Membership Team. For timely compliance updates, subscribe to Bankers Alliance’s email newsletters.