RiskFinancial CrimeSWIFT threat to weed out weakest links

SWIFT threat to weed out weakest links

Chief executive Gottfried Leibbrandt said that the global banks payment messaging service might considering suspending its most vulnerable members.

Recent high-level attacks on member banks could force SWIFT to suspend the membership of those whose cyber security level is weak, says its chief executive officer (CEO).

In interviews with the Financial Times and Reuters, Gottfried Liebbrandt indicated that the global financial messaging service might need to scale back some of its operations to help pay for planned new security initiatives.

A number of banks using the SWIFT network have suffered actual or attempted thefts in recent months. The most notable was the theft last February of US$81m (£56m) from Bangladesh’s central bank, by criminals sending fraudulent payment instructions via SWIFT,

“The days when you needed to break into a bank and carry guns and blow torches are over,” Leibbrandt told the FT. “You can now rob a bank from just your own PC and that does change the game completely.”

In his separate interview with Reuters, he said that before February he had been unaware of any attempts to hack into a bank’s SWIFT terminal and focused SWIFT’s security activities on its own infrastructure.

After the Bangladesh heist, other banks came forward and revealed they had been victims of attacks. SWIFT discovered, by examining inquiries to its customer support department, that other banks had also likely been compromised.

Responding to the news that SWIFT might remove banks with weak cyber defences from its network, David Kennerley, director of threat research at cybersecurity firm Webroot, commented: “The monetary gains from financial cybercrime can be incredibly high. I hope this development represents a new chapter for SWIFT, understanding that good security posture of their payment ecosystem is reliant on more than just a ‘secure’ application.

“It’s also essential that the network and devices where the systems reside are as secure as possible – with users trained to spot and report anomalies as quickly as possible while following a well-defined set of security practices.

“Minimum cybersecurity standards should be welcomed across the industry, but the risk of driving people to unsafe channels is real. SWIFT needs to help educate organisations and support them to meet the minimum network standards. The fact is, cybercriminals only need to find one hole in the defence, while as security professionals we have to secure all.

“It’s never going to be an easy task, but education and relevant processes, combined with the relevant technologies, the sharing of information and best practices gives SWIFT users and organisations in general the best possible chance to mitigate the risks associated with cybercrime.”

The FT noted that it is rare for SWIFT to exclude banks from its network, which processes 25m messages a day for billions of dollars’ worth of transfers. Ian exception was in 2012, when it was forced to exclude some Iranian banks because of European sanctions, but they were reconnected this year when sanctions were lifted.

Related Articles

“Banks must prepare for API unknowns”

Open Banking “Banks must prepare for API unknowns”

2d Michael McCaw
Denizen CEO: Borderless approach key to post-Brexit financial services

Banking Denizen CEO: Borderless approach key to post-Brexit financial services

2d David Beach
Open banking: the unfinished revolution

Banking Open banking: the unfinished revolution

4d Jo Howes
PSD2 is helping banks adapt to a more secure, customer-centric environment

Banking PSD2 is helping banks adapt to a more secure, customer-centric environment

7d Emilie Casteran
Scaling your payments with APIs

Open Banking Scaling your payments with APIs

2w Karthik Ravichander
Is Ripple a threat to SWIFT gpi's monopoly on cross-border payments?

Banking Is Ripple a threat to SWIFT gpi's monopoly on cross-border payments?

4w Victoria Beckett
Cashless economy puts financial inclusion at risk

Banking Risk Management Cashless economy puts financial inclusion at risk

4w Benjamin Anderson
Digitization and the role of the digital treasurer – part 1

Banking Digitization and the role of the digital treasurer – part 1

1m Victor Penna