Security Experts:

SWIFT Moves to Combat Inter-Bank Fraud

The Society for Worldwide Interbank Financial Telecommunication, better known as SWIFT, announced Tuesday that it will be introducing two new Daily Validation Reports to supplement its customers' existing fraud reports.

The new effort is part of a program designed to strengthen customers' security following the theft of $81 million from the Bangladesh central bank, and several other successful and failed bank thefts.

The reports include Activity Reports and Risk Reports comprising, says the SWIFT announcement, "a snapshot view of each day's messaging activity against which to detect unusual patterns." They are designed to provide SWIFT customer banks with a focused review of large or unusual payment flows and new combinations of payment parties. They will be provided to customers' payments and compliance teams 'out-of-band' to ensure that any incumbent hackers will not be able to alter or hide them.

"A key step in the modus operandi in recent wire fraud cases at customer firms," explained Stephen Gilderdale, Head of SWIFT's Customer Security Program, "involves the attackers concealing their fraudulent messaging activity on customers' local systems. Smaller institutions, in particular, are currently dependent on the accuracy of the data on their own systems, but in the event of a security breach, their locally stored payment and reconciliation data may be altered or unavailable. Daily Validation Reports will provide a reliable and independent source of information, providing such institutions with an activity lens to help them quickly detect fraud - whether perpetrated by external attackers or by malicious insiders."

These Reports are just one of several new procedures designed to strengthen the overall security within the use of SWIFT. The SWIFT network itself was not compromised during the recent thefts, but the organization clearly feels it is incumbent on itself to help customers improve their own security. However, there is some concern over whether daily reports of what has already happened will have much effect on fraud prevention - timed correctly, the fraud may have already occurred before the banks see the reports.

The earlier thefts at Bangladesh and an Ecuadorian bank led to suggestions that the reserve banks holding the cash had some liability for the loss. Indeed, early suggestions from Bangladesh suggested that SWIFT itself was responsible  for leaving the Bangladesh bank insecure. SWIFT has responded with recommendations to its customers.

To a degree SWIFT has to tread carefully in the requirements it makes, since it is owned by the same organizations it is trying to police. However, Reuters reported Sept. 15 that the world's major central banks are now getting involved.

"The committee of central banks, part of the Bank for International Settlements (BIS) in Basel, Switzerland, set up the task force this summer," writes Reuters. "It has begun gathering information from members on their protections against fraud, said the sources, who requested anonymity because work had just begun."

The committee of central banks now apparently getting involved is part of the Bank for International Settlements (BIS) in Basel, Switzerland. It promotes the safety and efficiency of bank-to-bank payments and settlements, and could over time prove more influential over the security of money transfers than SWIFT alone. SWIFT is likely to be involved because it is overseen by the National Bank of Belgium which, suggests Reuters, "has a leading role in the task force" according to one of its sources.

Reuters suggests "The task force also aims to consider recommending the steps each player should follow if a central bank falls short of protecting its systems from hackers, what role domestic regulators should play, and how to respond if another breach happens, the sources said."

The SWIFT Daily Validation Reports are expected to be introduced during December 2016. It might be "another couple of years before anything is formalized" from the committee of central banks.

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.