CyberCrimeSecuritySecurity Management

SWIFT Intros New Tool To Help Banks ID Fraudulent Messages

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Security upgrades continue at SWIFT as it seeks to assist the banking sector to identify suspicious payments

SWIFT, the Society for Worldwide Interbank Financial Telecommunication, is continuing its efforts to tighten security within the banking community with the introduction of a newtool to spot fraudulent messages that could result in suspicious payments.

It comes after a torrid year in 2016 for Brussels-based SWIFT, and in December it previously disclosed attacks on three banks via the network but said none had been successful.

bank robber

Security Improvements

SWIFT of course was thrust into the security limelight in February 2016, when hackers stole $81 million (£64m) from Bangladesh’s central bank by initiating fraudulent SWIFT transfers from within the bank’s own systems.

SWIFT always insisted the attacks didn’t involve any compromise of the network itself, and said that the attackers had obtained valid credentials from financial institutions and used those to impersonate authorised individuals.

That attack was thought to be one of the largest bank robberies in history, and prompted the Bank of England to order British banks to carry out a security review of systems connected to SWIFT.

Since then the network has undertaken a number of measures to tighten security. It launched a customer security programme in June 2016 to help tighten security measures and procedures at banks.

Later in July SWIFT joined forces with BAE Systems in July to bolster its cyber security expertise. Then last Autumn it said it would help customers detect fraudulent payments with the introduction of ‘Daily Validation Reports,’ designed as an anti-fraud measure to ‘supplement customers’ existing fraud controls’.

New Tool

And now SWIFT said it is offering clients a service that will be able to learn a user bank’s messaging patterns so that it can spot if a payment is being made to an unusual counterparty or for an unusual amount.

“The new fraud and cyber-crime prevention service will enable SWIFT customers to screen their payment messages according to their own chosen parameters, enabling them to immediately detect any unusual message flows before transmission,” it said.

SWIFT said the tool was initially targeted at smaller financial institutions and central banks, but the service will also be launched as a hosted utility solution, which will allow SWIFT users to access it instantly, with no hardware or software installation or maintenance.

“The new payment controls service is a direct response to our community’s request for additional services to complement and strengthen existing fraud controls,” explained Yawar Shah, SWIFT Chairman.

“Combatting fraud and cyber-crime is a top priority for SWIFT and its customers,” said Luc Meurant, Head of financial crime compliance services. “Our new payment controls service is an important step in delivering a full suite of hosted offerings that address our customers’ needs in the fraud and cyber-crime prevention areas, as well as in the sanctions, Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance domains.”

Quiz: What do you know about cybersecurity in 2016?