The Society for Worldwide Interbank Financial Telecommunication on Tuesday unveiled a five-point plan to reinforce the security of SWIFT’s payments system in the wake of the Bangladesh Bank heist.
Speaking at the European Financial Services Conference in Brussels, chief executive Gottfried Leibbrandt said the co-operative later this week would launch the plan, which includes initiatives to improve information sharing among the global financial community; harden security requirements for customer-managed software to better protect local environments; enhance SWIFT guidelines and develop security audit frameworks for customers; support banks’ increased use of payment pattern controls to identify suspicious behavior; and introduce certification requirements for third party providers.
“Cyber risk is big; there will be more cyber attacks,” the CEO said in prepared remarks. “And inevitably some will be successful. Acknowledging this doesn’t mean we are resigned to it. Rather, it means that we must work even harder at our collective defensive efforts.”
The new security plan comes after thieves hacked into the SWIFT system of the Bangladesh central bank in February, sending messages to the Federal Reserve Bank of New York that allowed them to steal $81 million, according to Reuters. The attack follows a similar theft from Banco del Austro in Ecuador last year that netted thieves more than $12 million, and a previously undisclosed attack on Vietnam’s Tien Phong Bank that was not successful.
While the security failure in Bangladesh was due to the bank’s internal IT environment, former SWIFT Chief Executive Leonard Schrank told Reuters that SWIFT’s security efforts apparently did not keep up with the ever-increasing sophistication of the fraudsters, and now the co-operative must work hard to restore its reputation.
“They really have to earn that credibility back,” Schrank said.
Leibbrandt said SWIFT is stepping up efforts to share information among global financial institutions.
“Banks can learn from one another about the modus operandi [of thieves] and put better preventative measures in place; entities like SWIFT can serve as the information sharing channel, and we can develop indicators of compromise to help those banks improve their detective capabilities,” he said in his prepared remarks.
SWIFT’s CEO also said the large clearing banks have a key role to play in securing the financial system. “Your networks of relationships means that you can have a truly global, viral effect,” Leibbrandt said.
Finally, Leibbrandt pointed to innovation as the real solution. “Now more than ever, we need to see innovation in security … bring on the next generation of pattern recognition, monitoring, anomaly detection, authentication, biometrics — and a host of innovations we have yet to develop that will improve and preserve the security of our industry.”