SWIFT launches customer security programme to reinforce the security of the global banking system
With a focus on five mutually reinforcing strategic initiatives
Brussels, 27 May 2016 - SWIFT today announces a new customer programme to strengthen the security of the global financial community against cyber threats, consolidating and building upon existing SWIFT and industry efforts.
SWIFT has recently shared information with its global community regarding a number of fraudulent payment cases that occurred in customers’ local environments. SWIFT’s network, software and core messaging services have not been compromised but it is clear that the global community will continue to be targeted.
This customer security programme will clearly define an operational and security baseline that customers must meet to protect the processing and handling of their SWIFT transactions. SWIFT will also continue to enhance its own products and services to provide customers with additional protection and detection mechanisms, and in turn help customers to meet these baselines.
The programme will focus on five mutually reinforcing strategic initiatives:
Improve information sharing amongst the global community. We will require more information from our customers, and share relevant information back with the community. We will keep our community informed of customer incidents related to SWIFT infrastructure (to the extent made known to us) as well as provide information on best practices and innovation in cyber defence.
Enhance SWIFT related tools for customers. We will further strengthen security requirements for customer-managed software to better protect local environments. At the same time we will continue our efforts to harden SWIFT-provided products. For example, our interface products support two-factor authentication, but we will further expand this and add additional tools. We will also increase remote monitoring capabilities of customer environments. Our approach will be segmented and tailored to cater for the diversity in our customers: global transactions banks, regional and midsize banks, small local banks in advanced as well as emerging economies, market infrastructures, service bureaus, corporates, and investment managers amongst others.
Enhance guidelines and provide audit frameworks. We will further enhance security and operational baselines, and develop related audit standards and certification processes for the secure management of SWIFT messages at customer sites. We will look into if and how customers’ compliance to these baselines can be made transparent to, and enforced by, counterparties, regulators and ourselves. Again our approach here will be segmented to reflect the diversity of our customer base.
Support increased transaction pattern detection. We will share best practices for fraud detection at the receiving bank, and will explore the feasibility of tools that would detect anomalies on our own network, for example as an ‘opt-in’ service to our customers. We will also explore tools to allow customers to quickly recall fraudulent payment messages, allowing ‘stop payment’ information or enquiries/alerts to reach the right people in a timely manner.
Enhance support by third party providers. A structural enhancement of our customers’ security, as outlined above, requires the extensive support of third party providers: security software and hardware, consulting and training, implementation services, providers of fraud detection solutions, interface vendors, service bureaus, auditors and others. We will help to foster such a secure ecosystem; for example through partner programs, organisation of industry events where such providers can engage with our customers (e.g. Sibos and regional conferences), certification programs and other measures.
SWIFT CEO Gottfried Leibbrandt: “While each individual SWIFT customer is responsible for the security of its own environment, the security of global banking can only be ensured collectively. It requires a collaborative approach between SWIFT, its customers, overseers, and third party suppliers. SWIFT is fully committed to leading the community effort required to keep global banking safe and deploying its knowledge and expertise to help customers in the fight against cyber-attacks.”
Implementation of the customer security programme will be phased, with an immediate focus on communication between SWIFT customers, as well as between SWIFT and its customers. The information sharing initiative will entail:
- Cooperation with and facilitation of information sharing among overseers, banks, law enforcement and cyber-security firms;
- Performing forensic analysis on products and services related to SWIFT connectivity at affected banks, so that other users can protect themselves.
SWIFT will work in close partnership with its global community and different user segments to further define the five initiatives and ensure the successful roll-out of the programme. SWIFT will provide a detailed update on the five initiatives at Sibos in September.
Additional customer information on this programme is available via the homepage of e-paying.info.
SWIFT is a global member-owned cooperative and the world’s leading provider of secure financial messaging services.
We provide our community with a platform for messaging and standards for communicating, and we offer products and services to facilitate access and integration, identification, analysis and financial crime compliance.
Our messaging platform, products and services connect more than 11,000 banking and securities organisations, market infrastructures and corporate customers in more than 200 countries and territories, enabling them to communicate securely and exchange standardised financial messages in a reliable way. As their trusted provider, we facilitate global and local financial flows, support trade and commerce all around the world; we relentlessly pursue operational excellence and continually seek ways to lower costs, reduce risks and eliminate operational inefficiencies.
Headquartered in Belgium, SWIFT’s international governance and oversight reinforces the neutral, global character of its cooperative structure. SWIFT’s global office network ensures an active presence in all the major financial centres.
For more information, visit e-paying.info or follow us on Twitter: @swiftcommunity and LinkedIn: SWIFT
Brunswick Group LLP
Tel: +44 (0)20 7404 5959