SWIFT: It’s the final countdown
If you are a member of the SWIFT network, as of today, you have less than 90 days to declare your compliance status against the 16 mandatory controls of its Customer Security Program (CSP). Aside from reporting whether your company is, is not, or will be compliant, it’s important that you don’t just treat this as a ‘tick-box’ exercise, and rather that you embrace the spirit of the programme.
Raising the bar on payment security across the industry is critical. With sensational stories in the media surrounding highly customised payment frauds everywhere you look, it’s clear that you need to implement a solid security strategy which proactively protects your organisation against the ever-increasing threat of fraud. This does not just mean a strategy which helps you prevent the next attack – it is about having one which protects you well into the future.
In response to cyber-related payment frauds, earlier this year, SWIFT issued a set of core security standards and an assurance framework, including mandatory controls for all SWIFT members. Your job here is to review them, understand them, and implement changes as needed within your payment processing environments to become fully compliant.
As a SWIFT member, you and your company are responsible for reviewing your infrastructure and self-attesting by the end of 2017.
It’s important to note that your compliance status will be made visible to counterparties whom you have granted access; so they are able to see your compliance status against each control. Additionally, as these and other security requirements continue to evolve, it is important that you progress quickly, so you can cater for additional changes and an ever-evolving threat landscape.
Here are some basic steps to ensure you’re on track:
It would be a mistake to view having to comply with the CSP as a distraction from the real focus of your business. Instead, embrace it and use the next 90 days as an opportunity to increase your organisation’s overall security procedures – this is a perfect chance to evaluate whether or not security is up to the challenge of protecting your payments against modern threads. Fraudsters are using every tool and trick available to them. Are you doing the same?