SWIFT announces new security tool to strengthen customer fraud controls

Helping customer detect fraudulent payments

  1. Anti-fraud reports introduced under SWIFT’s Customer Security Programme 
  2. Supports banks by helping detect unusual payment flows quickly and easily
  3. Improves possibility of cancelling fraudulent transfers

The SWIFT inter-bank messaging network plans to send daily reports to clients to help them more quickly identify unauthorised payment instructions like those used by hackers to steal $81 million from Bangladesh’s central bank in February.

Trillions of dollars worth of inter-bank payments are made each day using SWIFT messages but the Bangladesh theft and others which have came to light this year have knocked confidence in the supposedly super-secure system. SWIFT said in a statement on Tuesday that from December it would begin sending 'Daily Validation Reports' to clients. These would list the messages sent from the client's SWIFT terminal, thus allowing a bank to spot any payment instructions that it had not intended to send. The report will also contain a risk report aimed at showing whether transfer instructions deviated from the client's typical payment patterns.
In the Bangladesh heist and a $12 million theft from a Colombian bank last year, hackers covered their tracks by deleting records of fraudulent SWIFT messages they sent from the banks' terminals.
In both cases, it took days for the thefts to be discovered.

Brussels, 20 September 2016 – SWIFT announces the introduction of Daily Validation Reports, a new tool designed to supplement customers’ existing fraud controls. Based on SWIFT’s records of customers’ messages, the Daily Validation Reports will give customers an accurate summary of their message flows, affording them an independent means of verifying their messaging activity and detecting any unusual patterns, thereby enhancing their ability to identify possible fraud attempts and improving the likelihood they can cancel any fraudulent transfers.

The reports will be provided through a separate channel to customers’ payments and compliance teams. This “out of band” access will ensure that independent departments at customer firms will be able to access independently sourced information through an independent channel, even if their own systems or operational staff have been compromised and their locally stored records have been obfuscated.

Stephen Gilderdale Head of SWIFT’s Customer Security Programme, said: “A key step in the modus operandi in recent wire fraud cases at customer firms involves the attackers concealing their fraudulent messaging activity on customers’ local systems. Smaller institutions, in particular, are currently dependent on the accuracy of the data on their own systems, but in the event of a security breach, their locally stored payment and reconciliation data may be altered or unavailable. Daily Validation Reports will provide a reliable and independent source of information, providing such institutions with an activity lens to help them quickly detect fraud – whether perpetrated by external attackers or by malicious insiders.”

The Daily Validation Reports will include both Activity Reports and Risk Reports. The Activity Reports will enable institutions to see their aggregate daily activity across currencies, countries and counterparties – giving them a snapshot view of each day’s messaging activity against which to detect unusual patterns. The Risk Reports will provide customers with a focused review of large or unusual payment flows and new combinations of payment parties – allowing unusual senders, destinations and patterns to be more quickly and easily identified.

The introduction of Daily Validation reports is one of several initiatives launched under the Transaction Pattern Detection stream within SWIFT’s Customer Security Programme. In August SWIFT launched a campaign focussed on its Relationship Management Application (RMA) to raise awareness of the tool’s usage as a first line of defence against unwanted or unexpected message flows. RMA is a filter that enables users to manage their correspondent relationships and is a first line of defence against unwanted or unexpected message flows. It allows users to select and limit the correspondents from whom they wish to receive messages, as well as to restrict the type of messages that they receive. Effective use of RMA allows customers to mitigate the risk of receiving unwanted or fraudulent payments, and to ensure that message traffic is only permitted with trusted parties. In collaboration with its community SWIFT is also investigating methods to enhance market practice in the use of message standards for fraud prevention and investigation, and exploring additional fraud controls.

The Daily Validation Reports will be introduced in December 2016 complementing SWIFT’s Compliance services, a set of utilities designed to assist institutions in managing their Financial Crime Compliance risks. Other SWIFT tools and services that can help to reduce transaction and financial crime compliance risks include RMA Plus, Sanctions Screening, Sanctions Testing, The KYC Registry, Compliance Analytics and the Payments Data Quality Service.

Luc Meurant, Head of Compliance Services at SWIFT, added: “Learning from financial crime compliance processes and techniques can play a key role in helping to detect and ultimately prevent frauds, such as those attempted through recent cyber-attacks on customer firms. SWIFT plans to extensively leverage its existing financial crime compliance capabilities to support its community in fraud prevention and detection.”

SWIFT’s Customer Security Programme, which launched in June 2016, is designed to reinforce and evolve the security of global banking, consolidating and building upon existing SWIFT and industry efforts. SWIFT’s Board endorsed the programme in June, earmarking a dedicated investment for the programme during the remainder of the calendar year. The Board is actively overseeing the programme and will assess incremental business and financial needs for the programme during the remainder of 2016 and 2017.