Member Login
Search

SDBA eNews

November 14, 2024

ABA Banking Journal: ABA chair: Banks are crushed by regulatory tsunami, election results should help

November 13, 2024

ABA chair: Banks are crushed by regulatory tsunami, election results should help

The banking industry is strong but being “crushed” by overregulation, John Asbury, CEO of Virginia-based Atlantic Union Bank and the American Bankers Association’s recently elected chair, told attendees this morning during ABA’s Agricultural Bankers Conference in Milwaukee. Kicking off the annual event, Asbury shared his assessment of the current state of the banking sector and what he expects for the near future, particularly given the results of the recent elections.

“This industry is profitable and well capitalized, and asset quality is the best I’ve ever seen throughout the industry, and I don’t see the economy falling off a cliff,” he said. “I’m actually fairly optimistic.” One of the biggest challenges, Asbury said, has been the “whipsawing” of interest rates, and its effect on banks’ net interest margins, which he attributed to what happened over the course of the pandemic and attempts to keep inflation at bay.

The “single largest challenge” banks face is overregulation, Asbury said. “Now we have an important opportunity, perhaps a historic opportunity, to turn back that tide. We’re not going to get everything we want, and it’s not just going to come to us. It’s going to take advocacy, but the opportunity is there. This [regulatory] tsunami has crushed the industry. It’s driven a lot of consolidation. The diversity of the banking system is part of the strength of the American economy, and we need to preserve it.”

Asbury believes the policies of the incoming Trump administration “will be helpful” to the industry and the economy but may be “somewhat inflationary,” predicting that interest rates may not fall as quickly as many would hope. “We have a number of borrowers who’ve effectively been on the sidelines, waiting on a lower-rate environment,” he said.

The Federal Reserve will continue to cut rates but perhaps not as much as we thought, Asbury said. “I’m not convinced term rates are going down at all, and that is bad news for the mortgage business. We’re going to have a bit of a higher rate environment for longer, at least with term rates. That should mean a steepening of the yield curve, which is good for our industry in terms of profit margins.”

The other issue Asbury cited as a primary focus for his time as ABA chair is helping the banking industry to combat fraud.

“We probably all understand that there’s more good, old-fashioned check fraud today than there was before the pandemic,” he said. “And ABA, I think, is doing a very good job in terms of helping to educate, and there’s some exciting things underway that could involve congressional action and legislation to beat back fraud and make it harder on the fraudsters. That’s a big, big deal. It impacts every one of our banks, regardless of size.”

Full Article

CISA News: Increasing Awareness of DNS Hijacking: A Growing Cyber Threat

November 6, 2024 
CISA

A recent report from Palo Alto Networks’s Unit 42 exposes the persistent and evolving threat of DNS hijacking, a stealthy tactic cybercriminals use to reroute internet traffic. By leveraging passive DNS analysis, the cybersecurity company also provided real-world examples of recent DNS hijacking attacks — highlighting the urgency of countering this hidden danger.

What is DNS hijacking?

DNS hijacking involves modifying the responses from targeted DNS servers, redirecting users to attacker-controlled servers instead of the legitimate ones they intend to reach.

DNS hijacking can be done in several ways:

  • Gaining control of the domain owner’s account, providing access to DNS server settings: In this scenario, the attacker possesses valid user credentials with the authority to directly change the DNS server configuration. The attacker could also have valid credentials for the domain registrar or DNS service provider and change the configuration.
  • DNS cache poisoning: The attacker impersonates a DNS nameserver and forges a reply, leading to attacker-controlled content instead of the legitimate one.
  • Man-in-the-Middle attack: The attacker intercepts the user’s DNS queries and provides results that redirect the victim to the attacker-controlled content. This only works if the attacker is in control of a system implicated in the DNS query/answer process.
  • Modifying DNS-related system files, such as the host file in Microsoft Windows systems. If the attacker has access to that local file, it is possible to redirect the user to attacker-controlled content.

Attackers generally use DNS hijacking to redirect users to phishing websites that look similar to the intended websites or to infect the users with malware.

Detecting DNS hijacking with passive DNS

The Unit 42 report described a method to detect DNS hijacking via passive DNS analysis.

What is passive DNS?

Passive DNS describes terabytes of historical DNS queries. In addition to the domain name and the DNS record type, passive DNS records generally contain a “first seen” and a “last seen” timestamp. These records allow users to trace the IP addresses a domain has directed users to over time.

For an entry to appear in passive DNS, it must be queried by a system whose DNS queries are recorded by passive DNS systems. This is why the most comprehensive passive DNS information generally comes from providers with high query volumes, such as ISPs or companies with extensive customer bases. Subscribing to a passive DNS provider is often advisable, as they collect more DNS queries than the average company, offering a more complete view than local DNS queries alone.

SEE: Everything You Need to Know about the Malvertising Cybersecurity Threat (TechRepublic Premium)

Detecting DNS hijacking

Palo Alto Network’s method for detecting DNS hijacking begins by identifying never-seen-before DNS records, as attackers often create new records to redirect users. Never-seen-before domain names are excluded from detection because they lack sufficient historical information. Invalid records are also removed at this step.

The DNS records are then analyzed using passive DNS and geolocation data based on 74 features. According to the report, “some features compare the historical usage of the new IP address to the old IP address of the domain name in the new record.” The goal is to detect anomalies that could indicate a DNS hijack operation. A machine-learning model then provides a probability score based on the analysis.

WHOIS records are also checked to prevent a domain from being re-registered, which generally leads to a complete IP address change that could be detected as DNS hijack.

Finally, active navigations are conducted on the domains’ IP addresses and HTTPS certificates. Identical results indicate false positives and can therefore be excluded from DNS hijacking operations.

How companies can protect themselves from this threat

To protect from these threats, the report suggested that organizations:

  • Deploy multi-factor authentication to access their DNS registrar accounts. Establishing a whitelist of IP addresses allowed to access DNS settings is also a good idea.
  • Leverage a DNS registrar that supports DNSSEC. This protocol adds a layer of security by digitally signing DNS communications, making it more difficult to intercept and spoof data for threat actors.
  • Use networking tools that compare DNS queries results from third-party DNS servers — such as those from ISPs — to the DNS queries results obtained when using the company’s usual DNS server. A mismatch could indicate a change in DNS settings, which might be a DNS hijacking attack.

In addition, all hardware, such as routers, must have up-to-date firmware, and all software must be up-to-date and patched to avoid being compromised by common vulnerabilities.

Full Article

ABA Banking Journal: ABA calls for ‘whole of government’ approach to illegal calls and texts

November 13, 2024

Survey finds young people most likely to fall for phone scams

The American Bankers Association urged the Federal Communications Commission to join a “whole of government” approach to combatting fraud, including fraud perpetrated by criminals who use illegal calls and text messages, in a comment letter filed Tuesday. ABA’s request came in response to the FCC’s request for comment on how it could strengthen its “Robocall Mitigation Database,” which houses voice service providers’ plans to mitigate the transmission of illegal automated calls over the provider’s network.

ABA’s call for a whole-of-government approach to combatting fraud builds on the association’s recent call for a White House office to develop and coordinate a National Scam and Fraud Prevention Strategy.

“Strengthening the Robocall Mitigation Database so that it contains fulsome and accurate filings by providers and greater functionality for those who wish to search the Database is an important part of our government’s overall strategy to combat fraud perpetrated through illegal phone calls,” ABA said.

Full Article

FinCEN Releases Commercial on Beneficial Ownership Information Reporting

FinCEN

 The Financial Crimes Enforcement Network this week released a new video and radio commercial to educate business owners on the new beneficial ownership information reporting requirements. It is part of a larger public outreach campaign by the agency, which includes a dedicated website and videos on BOI reporting.

FinCEN last month issued a notice to financial institution customers about BOI reporting, explaining why certain customers must report directly to the agency in addition to giving information to their banks, which are subject to the customer due diligence rule.

 

SDBA EVENTS

2025 Washington Summit

March 17-19, 2025 | Washington D.C.

Washington SummitSave the Date!  The ABA will be hosting the 2025 Washington Summit March 17-19, 2025 at the Marriott Marquis in Washington, D.C. Don’t miss this opportunity to hear about key policy issues from the lawmakers who put them into action and connect with bankers from across the country. More details will be shared as they become available. Visit the ABA’s website to stay informed.

SDBA EVENTS

2025 SDBA IRA Basics 

January 9, 2025 | 9am-3pm CST | Virtual

This course is designed as a “very basic” IRA seminar as it is designed to build a solid IRA foundation. The seminar will start with the differences between a Traditional and a Roth IRA, and then discuss how to set up a new IRA and the eligibility rules to contribute to an IRA. The biggest topic for people new to IRAs to discuss is the moving of money from one financial institution to another. This involves IRA transfers and rollovers, plus the direct rollovers from a qualified plan. Discussion will go thru the 13 exceptions to taking money out of an IRA before age 59.5 to avoid the penalty tax, and how RMD is calculated in a traditional IRA. There will be an introduction into death distributions. Finally, we will cover how to take money out of a Roth IRA.

Information and Registration

Compliance Alliance logo

Question of the Week

Q: Our bank is updating the name of one of our products. We have ESIGN consent from our customers, but if we send an email letting them know about the change, will the message be subject to CAN-SPAM?     

A: CAN-SPAM applies to all commercial messages, which are defined as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.” (16 CFR 316.2(c)). However, if the “primary purpose” of a message is transactional or a relationship, then – while the email still may not contain false or misleading routing information – it is otherwise exempt from most provisions of the CAN-SPAM Act. To determine whether the primary purpose of an email is transactional or relationship, the bank must review it to see if it consists only of content that:   

  • Facilitates, completes, or confirms a commercial transaction that the recipient already has agreed to;  
  • gives warranty, recall, safety, or security information about a product or service the recipient bought;  
  • notifies the recipient about a change in the terms or features of a membership, subscription, account, loan or other ongoing commercial relationship; notifies the recipient of a change in their standing with respect to that ongoing commercial relationship; or provides regular, periodic account balance information to the recipient;  
  • provides information about an employment relationship or employee benefits; or  
  • delivers goods or services as part of a transaction that the recipient already has agreed to.  

But, a very important note, as the FTC guidance states: “Keep in mind that the law views these categories narrowly. That means you shouldn’t assume that any message you send to recipients who have an ongoing commercial relationship with you – including subscribers or recipients who participate in a membership program – are transactional or relationship messages.”  FTC - CAN-SPAM Act: A Compliance Guide for Business.

Learn how to put compliance management solutions from Compliance Alliance to work for your bank, by contacting (888) 353-3933 or [email protected] and ask for our Membership Team. For timely compliance updates, subscribe to Bankers Alliance’s email newsletters.

 

SDBA eNews Archive
View past issues of the SDBA eNews

Advertising Opportunity
Learn more about sponsoring the SDBA eNews

Questions/Comments
Contact the SDBA at 605.224.1653 or via email