Get 40% Off
🤯 This Tech Portfolio is up 29% YTD! Join Now to Get April’s Top PicksGet The Picks – Just 99 USD

Banks tighten SWIFT system security after hacks

Published 09/29/2016, 01:58 PM
Updated 09/29/2016, 02:00 PM
© Reuters. Swift code bank logo is displayed on an iPhone 6s on top of Euro banknotes in this picture illustration

© Reuters. Swift code bank logo is displayed on an iPhone 6s on top of Euro banknotes in this picture illustration

By Tom Bergin

GENEVA (Reuters) - Banks are tightening the security of their SWIFT messaging networks – used by the industry to shift trillions of dollars each day – following revelations that hackers are increasingly able to get into this system to steal money.

Bankers at SWIFT's annual SIBOS conference in Geneva said they were adopting new security tools, reviewing procedures and pressing their counterparties to do the same. Some banks are also looking at alternative technologies for transferring money, such as blockchain-type systems.

They are stepping up their efforts after the theft of $81 million from the Bangladesh central bank in February and revelations of other infiltration of banks’ SWIFT terminals. These hacks have undermined confidence in SWIFT messages, which were previously accepted at face value.

“The attacks will continue and get more sophisticated,” SWIFT Chief Executive Gottfried Leibbrandt warned delegates at the conference organized by SWIFT, which is a global member-owned cooperative.

Benoit Desserre, Global Head of Global Transaction Banking at France’s Societe Generale (PA:SOGN), said his bank had already undertaken all of SWIFT’s recommended security measures but that the hacks had encouraged it to go one step further.

The bank is introducing a new layer of security whereby the staff who are approved to send SWIFT payment instructions must now sign on with a fingerprint scanner. This is in addition to passwords and a physical computer key.

“It was easier for us to make that investment knowing what has happened,” he told Reuters in an interview. "It suddenly became more important to get something like that.”

In time, SocGen may press its counterparties to use a similar system, only agreeing to fulfill payment instructions which carry a digital fingerprint, Desserre said. But he said cost could slow a broader roll-out of the technology.

FACEBOOK FRIENDS

In the wake of the hacks, the French bank also went through its SWIFT system to weed out redundant communications channels. SWIFT operates like Facebook (NASDAQ:FB) in that members can only send messages to confirmed counterparties. But sometimes these links remain open even after business relationships end.

SWIFT’s Chairman Yawar Shah told delegates at the conference that such open channels were a security risk and that all banks should weed out unused channels.

Desserre said Societe Generale had removed thousands.

Cheri McGuire, Chief Information Security Officer at Standard Chartered said her bank was also conducting an internal review around its SWIFT systems.

But banks are not just looking at their own systems.

The Bangladesh Bank heist involved diverting money held at accounts at the Federal Reserve Bank of New York into accounts in the Philippines.

Bankers said to avoid this happening in the future bigger banks needed to ensure the smaller banks they work with have appropriate security procedures.

Sergio Dalla Riva, Head of Product Development, Global Transaction Banking at Intesa Sanpaolo (MI:ISP) S.p.A. said understanding the security capabilities of your clients was becoming part of customer due diligence.

Lev Khasis, Chief Operating Officer at Sberbank, Russia's biggest bank by assets, said he expected regulators to tighten oversight of security practices but that peer pressure would also play a role.

“Some big banks will be pushing their smaller counterparties to move in that direction,” he said. Sberbank was already pushing its clients in this way, he said.

NEW TECHNOLOGY

The SWIFT hacks are also spurring interest in new technologies.

Lars Sjogren, Global Head of Transaction Banking at Danske Bank said his bank was working with technology companies to develop tools that would spot unusual and potentially fraudulent payment instructions sent via SWIFT.

“Payments of a certain size by a customer to people they normally pay should be green-lighted. But others could be yellow or red-lighted. There is a huge demand from our customers for that kind of service,” he said.

Others are looking at technologies which might one day replace the current SWIFT "FIN" message which banks send to tell another bank to move money around.

Blockchains are the most commonly touted alternative. These involve a publicly accessible ledger, which works as an electronic record-keeping and transaction-processing system and requires no third-party verification. The ledger can be checked at any time, helping to highlight fraudulent transfers.

On Wednesday, Sberbank joined the Hyperledger Project, which was formed by the Linux Foundation, a not for profit technology consortium, to develop new blockchain technologies for businesses. Khasis said such a system might be more secure than sending FIN messages.

SWIFT is also developing blockchain initiatives and its involvement could help to speed up the technology’s adoption, David Treat, Blockchain Lead at consultants Accenture, said. Nonetheless, he said that governance and privacy challenges remained.

Mark Buitenhek, Global Head of Transaction Services at ING, said he was doubtful blockchain or other technologies were a silver bullet.

“Fraud is a constant and fraud will remain there if we move to the next digital generation or not,” he said.

© Reuters. Swift code bank logo is displayed on an iPhone 6s on top of Euro banknotes in this picture illustration

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.