Customers to receive ‘anti-fraud reports’ as security clampdown continues for banking messaging system
The SWIFT (Society for Worldwide Interbank Financial Telecommunication) network continues to shore up security in the face on ongoing and persistent cyber threats and will now help customers detect fraudulent payments with the introduction of ‘Daily Validation Reports.’
The reports are being touted as an anti-fraud measure and are designed to ‘supplement customers’ existing fraud controls’. The idea is that the reports will help banks and financial institutions detect unusual payment flows quickly and easily.
The reports should also improve the possibility of a bank successfully cancelling fraudulent transfers.
“This ‘out of band’ access will ensure that independent departments at customer firms will be able to access independently sourced information through an independent channel, even if their own systems or operational staff have been compromised and their locally stored records have been obfuscated,” said SWIFT.
SWIFT says the comes as attackers increasingly hide their fraudulent messaging activity in normal banking transactions and interactions.
“A key step in the modus operandi in recent wire fraud cases at customer firms involves the attackers concealing their fraudulent messaging activity on customers’ local systems,” said Stephen Gilderdale Head of SWIFT’s Customer Security Programme.
“Smaller institutions, in particular, are currently dependent on the accuracy of the data on their own systems, but in the event of a security breach, their locally stored payment and reconciliation data may be altered or unavailable.
“Daily Validation Reports will provide a reliable and independent source of information, providing such institutions with an activity lens to help them quickly detect fraud – whether perpetrated by external attackers or by malicious insiders.”
SWIFT added that the introduction of the reports, expected to arrive in December this year, is another initiative within its customer security programme that was launched in June to help tighten security measures and procedures at banks.
At that time it warned its member banks of ongoing hacking attacks in recent months and told customers that it expected them to deliver an “operational baseline” of appropriate security measures. To help deliver this, SWIFT joined forces with BAE Systems in July to bolster its cyber security expertise.
Those attackers managed to exploit weak local security procedures at the Bangladesh Bank to pocket at least $81 million (£57m) from its account located at the Federal Reserve Bank of New York. It it reported that the Bank of Bangladesh lacked a firewall and used cheap second-hand switches to connect its SWIFT computers.
Brussels-based SWIFT always insisted the attacks didn’t involve any compromise of the network itself, and said that the attackers had obtained valid credentials from financial institutions and used those to impersonate authorised individuals.
Quiz: What do you know about cybersecurity in 2016?