SWIFT looks to beef up security after cyber attacks
Messaging services provided by the Society for Worldwide Interbank Financial Telecommunication (SWIFT) are used by about 11,000 financial institutions from more than 200 countries. The network, allows lenders to process billions of dollars daily, and is considered the backbone of international banking.
A five-point plant is expected to be revealed by company CEO Gottfried Leibbrand at a financial services conference in Brussels in a few days time.
“I think it will prove to be a watershed event for the banking industry. Cyber risk has been the main thing to keep me awake at night,” the CEO is due to say, according to a draft of his speech obtained by the Financial Times.
In February, cyber thieves stole $81 million from the central bank of Bangladesh, using stolen credentials from Bangladesh Bank computers to log into the SWIFT system, according to research by British defense contractor BAE Systems. Attackers attempted to transfer nearly $1 billion out of the bank’s account with the US Federal Reserve.
SWIFT secure messaging service that underpins international banking said it plans to launch a new five-point plan security program 1/2— Bangladesh Today (@Bangladesh2day) May 24, 2016
Following the incident, SWIFT released a security update for the software used by the financial institutions on the network.
In January, Vietnam's Tien Phong Bank stopped an attempted cyber-attack aimed at transferring more than $1.1 million. The hackers used a technique similar to the Bangladesh heist.
Last year, Wells Fargo in the US approved transfers of $12 million from Banco del Austro in Ecuador after getting requests via the secure messaging system. Both banks believe the money was stolen by hackers.
To restore the banking industry's faith in SWIFT, the Belgium-based firm plans to provide tighter guidelines for auditors and regulators to check if a bank's SWIFT security procedures are good enough.
SWIFT wants to improve information sharing among members, to increase the use of software spotting fraudulent payments and to toughen up the network's security procedures.