SWIFT is taking additional steps to beef up the security of its payment platform in the wake of several high-profile cyberattacks on its members.
The global financial messaging system announced Tuesday it would offer banks daily transaction reports starting in December to enhance their ability to identify possible fraud attempts and improve the likelihood they can cancel any fraudulent transfers.
The Daily Validation Reports “will give customers an accurate summary of their message flows, affording them an independent means of verifying their messaging activity and detecting any unusual patterns,” Swift said in a news release.
The recent breaches of SWIFT members’ security include the February attack on the Bangladesh central bank by cyberthieves who tried to transfer $951 million, ultimately getting away with $81 million of that. SWIFT’s network itself was not breached but security experts believe the thieves modified the software that banks use to interface with the system.
Stephen Gilderdale, head of SWIFT’s Customer Security Program, noted that as part of their modus operandi, attackers have been able to conceal their fraudulent messaging activity on customers’ local systems.
To plug that vulnerability, banks will be able to reconcile the new reports with their own records of the transfers they intended to make and SWIFT plans to send the summaries through a different channel from the one used to make payments.
“That way, if criminals have compromised a bank’s Swift terminal to the point where they can hide locally generated reconciliation records, they will not also be able to intercept and tamper with the validation report,” Computerworld explained.
SWIFT launched the Customer Security Program in June and has also hired two security firms to supplement its anti-fraud efforts. But Computerworld warned that the new reports won’t make its system completely fraud-proof.
“Criminals timing their illicit transfers for just after SWIFT generates its daily reports could have a whole day to empty the destination account and make off with the proceeds,” it said.