In the wake of the $81 million Bangladesh Bank hack, Swift is calling on clients to be more forthcoming in reporting attacks on its system. The request comes as Reuters reports that three banks involved in a $12 million attack last year failed to inform the messaging network.
In a communication to users on Friday Swift says that they should "immediately inform Swift of any suspected fraudulent use of their institution’s Swift connectivity or related to Swift products and services".
Meanwhile, details of another Swift-related attack have emerged. According to Reuters, last year Wells Fargo approved at least 12 transfers worth $12 million of funds that were requested over the Swift network. Wells thought that the requests came from Ecuador's Banco del Austro (BDA), sending its money to accounts in Hong Kong.
But both banks now believe that the funds were stolen, according to documents filed by BDA in a lawsuit against Wells Fargo, arguing that the US bank should have flagged the transfers as suspicious. Wells says that the theft was possible because hackers managed to get ahold of a BDA staffer's Swift login credentials, reports Reuters.
BDA says that a similar issue saw Citi transfer $1.8 million after fraudulent requests through the Ecuadorian bank's Swift terminal, but Citi repaid the money.
None of the three banks informed Swift of the attacks, despite the fact that Citi's MD, franchise risk and strategy, Yawar Shah, is the messaging network's chairman.
In its latest communique to banks, Swift says that it is important that it gets as much technical information from malware-compromised systems as possible so that it can understand the risks of attack. It also promises members that it will let them know about attacks as soon as they happen to help with prevention and detection.
While Swift maintains that the core network remains impervious, it is understood to be preparing the release of a new security protocol that will be outlined next week following discussions with board members and regulators.