SWIFT plans security overhaul after cyber hacks

SWIFT plans security overhaul after cyber hacks

  • Export:


Financial messaging service SWIFT plans to tighten security across its network after a spate of high profile cyber-attacks, including the theft of $81m from the central bank of Bangladesh.

Banks use the SWIFT system to guarantee the authenticity of orders to make payments from customer accounts.

But recent incidents involving cyber criminals stealing banks’ SWIFT credentials to transfer funds have called the safety of arrangements into question. While SWIFT itself was not breached fraudulent activity was possible once customer details were obtained.

This week SWIFT CEO Gottfried Leibbrandt announced plans to harden security requirements and develop security audit frameworks for customers.

It will also support banks’ increased use of payment pattern controls to identify suspicious behaviour and introduce certification requirements for third-party providers.

The organisation has already stepped up efforts on sharing information.

In February credentials stolen from Bangladesh Bank, the central bank, were used computers to log into the SWIFT system, according security researchers at British defence contractor BAE Systems.

SWIFT boss Leibbrandt reiterated this week that SWIFT’s network, software and core messaging services had not been compromised.

"In Bangladesh and the other cases, the thieves compromised the IT environment and worked their way to the bank systems where the SWIFT instructions are generated and the confirmations received.

"The banks were compromised, credentials to payment generation systems were obtained to send fraudulent payments and the statements/confirmations from their counterparties were obfuscated," Leibbrandt said.

"I think it will prove to be a watershed event for the banking industry. There will be a before and an after Bangladesh. This is a big deal. And it gets to the heart of banking."


  • Export:

Related Articles