10/21/2025
Payments Hot Tip: Cybersecurity is everyone’s responsibility.
“Cybersecurity is less about if an attack will happen and more about when. For financial institutions, the biggest threats come from account takeover, social engineering, and the expanding reliance on vendors and third-party technologies. What makes these threats so concerning is how quickly they evolve and how often they exploit human behavior rather than just technical weaknesses.
Credential theft is the root cause of most successful attacks, whether it’s phishing, malware, or account takeover. Multi-factor authentication (MFA) raises the barrier significantly, and adding behavioral analytics, like device fingerprinting or monitoring login patterns, helps detect when credentials are misused. In fact, cyberattack mitigation requires a layered approach that may include:
- Strong authentication beyond passwords, such as push-based MFA or biometrics.
- Real-time fraud monitoring to flag unusual ACH, wire, and check transactions.
- Deployment of IP filtering and geolocation controls to flag logins and transactions from high-risk IP ranges or countries
- Regular phishing simulations and staff/customer education to reduce human error.
- Vendor risk management, and ongoing due diligence, not just at onboarding.
- Incident response drills and tabletop exercises to keep teams prepared.
My advice to financial institutions is simple: Treat cybersecurity as an enterprise-wide responsibility, keep it on the board’s agenda, and make it part of daily operations. The institutions that handle cyber threats most effectively are the ones that integrate it into their culture, where employees, management, and leadership all see it as part of protecting customers and the institution. It’s not a one-time project; it’s an ongoing discipline.”
Dominic Plumeri, AAP, APRP
VP, Member Services
SFE
Cybersecurity and fraud are always top of mind, and with Nacha’s new fraud rules going into effect in 2026, FIs have even more reason to focus on appropriate mitigation systems. Join Jordan Bennett, AAP, APRP, Senior Director, Network Risk Management at Nacha, and Dominic Plumeri, AAP, APRP, VP, Member Services at SFE, on November 19 at 10 a.m. Central for the webinar, “ACH Fraud Rules 2026: Your Roadmap to Compliance & Readiness.” Make sure you get the information you need to be ready to comply.