SWIFT to unveil new security plan after
hackers' heists
Send a link to a friend
[May 24, 2016]
By Huw Jones and Tom Bergin
LONDON (Reuters) - The SWIFT secure
messaging service that underpins international banking said on Tuesday
it plans to launch a new security program as it fights to rebuild its
reputation in the wake of the Bangladesh Bank heist.
|
The SWIFT logo is pictured in this photo illustration taken April 26,
2016. REUTERS/Carlo Allegri/Illustration/File Photo |
The Society for Worldwide Interbank Financial Telecommunication (SWIFT)'s
chief executive, Gottfried Leibbrandt, told a financial services
conference in Brussels that SWIFT will launch a five-point plan
later this week.
Banks send payment instructions to one another via SWIFT messages.
In February, thieves hacked into the SWIFT system of the Bangladesh
central bank, sending messages to the Federal Reserve Bank of New
York allowing them to steal $81 million.
The attack follows a similar but little-noticed theft from Banco del
Austro in Ecuador last year that netted thieves more than $12
million, and a previously undisclosed attack on Vietnam's Tien Phong
Bank that was not successful.
The crimes have dented the banking industry's faith in SWIFT, a
Belgium-based co-operative owned by its users.
The Bangladesh Bank hack was a "watershed event for the banking
industry", Leibbrandt said.
"There will be a before and an after Bangladesh. The Bangladesh
fraud is not an isolated incident ... this is a big deal. And it
gets to the heart of banking."
SWIFT wants banks to "drastically" improve information sharing, to
toughen up security procedures around SWIFT and to increase their
use of software that could spot fraudulent payments.
CONCESSION
In an apparent concession to banks, Leibbrandt said SWIFT was ready
to help lenders detect possible frauds. "We can provide tools and
best practices for such a detection at the receiving bank," he told
the conference.
SWIFT will also provide tighter guidelines that auditors and
regulators can use to assess whether banks' SWIFT security
procedures are good enough.
Leibbrandt again defended SWIFT's role, saying the hacks happened
primarily because of failures at users. "Many of the less protected
banks are in countries were skills are really scarce," he said,
pointing the finger at providers of services to banks.
"We will have to create an ecosystem of providers and partners, for
example by introducing certification requirements for third-party
providers," he said.
[to top of second column] |
However, some finance industry executives say SWIFT has not been as
active as it should be in improving security.
Users frequently do not inform SWIFT of breaches of their SWIFT
systems and even now, the co-operative has not proposed any
sanctions for clients who fail to pass on information, which SWIFT
itself says is key to stopping future attacks.
Some critics say SWIFT should also be more active in auditing
clients and be ready to cut off members whose security is not up to
scratch.
But the messaging service says other authorities also have a role.
"SWIFT is not all-powerful, we are not a regulator and we are not a
policeman," Leibbrandt said.
Former SWIFT Chief Executive Leonard Schrank said it appeared that
SWIFT's security efforts had not kept pace with the criminals
increased sophistication and that the co-operative needed to work
hard to restore its reputation.
"They really have to earn that credibility back," he told Reuters.
(Additional reporting by Francesco Guarascio in Brussels; Editing by
Andrew Heavens)
[© 2016 Thomson Reuters. All rights
reserved.]
Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
|