Pages

Total Pageviews

Friday, March 2, 2018

Society for Worldwide Interbank Financial Telecommunication (SWIFT)



What is SWIFT and who are its users ?

SWIFT is a global member-owned cooperative that is headquartered in Brussels, Belgium. It was founded in 1973 by a group of 239 banks from 15 countries who formed a cooperative utility to develop a secure electronic messaging service and common standards to facilitate cross-border payments. SWIFT carries an average of approximately 26 million financial messages each day. The majority of SWIFT system customers are banks, but it is also used by asset managers, broker dealers, market infrastructures and corporates


Is unauthorised use that easy?

There is no indication that SWIFT’s own network or core messaging services have ever been compromised. In all of the customer incidents we have seen, customers first suffered security breaches within their local environments. Breaches in local infrastructure have been a common starting point for such frauds. Any customer that fails to ensure the physical and logical security of its environment, including from malicious insiders, is potentially at risk. While all customers are responsible for protecting their own environments, we have developed the Customer Security Programme(CSP)which aims to improve information sharing throughout the community, enhance SWIFT-related tools for customers and provide a security control framework. Also, SWIFT has introduced a set of core security controls that all users must meet to secure their local SWIFT-related infrastructure. As of April 2017, 89% of SWIFT customers have attested their compliance. 


How can banks protect themselves?

Attackers can rapidly scale and replicate the fraud worldwide, so constant vigilance is of the highest importance. The threat landscape adapts and evolves daily, so both SWIFT and its customers have to remain vigilant and proactive over the long term. Attacks against individual customers will not necessarily be perpetrated by remote outsiders — malicious insiders present just as much risk. Therefore, internal controls such as user privilege segregation,transaction business controls,personal vetting and ligistical access controls are important security measures that should be in place throughout organisations.

Will this ensure safety of transactions? What more can banks do?

Even with strong security measures in place, attackers are very sophisticated and it is vital to manage security risks in counterparty relationships so that the risks associated with payment flows can be minimised. Strong prevention and detection measures are necessary alongside the foundations of good security practices with an organisation, and SWIFT has therefore developed a number of tools to facilitate customers in these areas. In what will mark a significant step-change, all SWIFT customers will need to re-attest and to confirm full compliance with the mandatory security controls by the end of 2018. All SWIFT attestations will also have to be renewed annually thereafter. 





No comments:

Post a Comment