Financial messaging network Swift is to launch a five-point security plan in a bid to restore faith in the integrity of the system in the wake of a series of exploits at connected bank sites.
Swift CEO Gottfried Leibbrandt will tell a conference in Brussels that the bank-owned co-operative will introduce certification requirements for interface device vendors and help banks use pattern recognition to identify suspicious behavior. The banking co-operative also plans to provide auditors and regulators with tighter guidelines to help in the assessment of bank security procedures.
Leibbrandt's remarks follow a torrid period for the company after the emergence of a series of attacks on at least three banks connected to the network, including a successful $81 million heist at the central bank of Bangladesh.
Describing the Bangladesh incident as a “watershed event for the banking industry”, Leibbrandt will say: “There will be a before and an after Bangladesh. The Bangladesh fraud is not an isolated incident ... this is a big deal. And it gets to the heart of banking.”
The interbank network, which connects over 10,000 institutions globally, was conceived with resilience and security at its core and designed to meet the highest standards of confidentiality, integrity and availability. While the core messaging network remains impervious to hackers, the latest revelations of inadequate security controls at bank sites has seriously dented Swift's reputation.
The news cycle has been particularly uncomfortable for Swift chairman Yawar Shah after it emerged that his own bank, Citi, was party to a lawsuit lodged by Ecuador's Banco del Austro (BDA) against Wells Fargo over the transmission of three bogus Swift transfers that led to $12 million in losses. BDA says that a similar issue saw Citi transfer $1.8 million after fraudulent requests through the Ecuadorian bank's Swift terminal, but Citi repaid the money.
None of the three banks informed Swift of the attacks, despite the co-operative's insistence that users should "immediately inform Swift of any suspected fraudulent use of their institution’s Swift connectivity or related to Swift products and services"
"Information sharing needs to get better, much better," Liebbrandt will say. "It is critical that the global financial community works together to bolster our mutual security."
The new security procedures have been drawn up by Swift following urgent consultations with board members and regulators over the escalating crisis.
More bad news may be on the horizon. "The Bangladesh fraud is not an isolated incident," Liebbrandt will tell the Brussels conference. "We are aware of at least two, but possibly more, other cases where fraudsters used the same modus operandi, albeit without the spectacular amounts."
In a speech to the same conference last year, Liebbrandt called on EU polcymakers to work towards the creation of a standardised global framework for international cyber-security and admitted to feelings of paranoia over the persistent threat.
"The cyber threat is very real and persistent. Cyber-attacks are getting ever more sophisticated, and the landscape is getting more complex," he said. "Every day we wake up and go to sleep thinking about, and protecting against that threat. It is hard work and never done. When we don't sleep, it is because of cyber risks."