Report a security issue
SWIFT security announcements
You can also check the SWIFT Security announcements that are published as part of the SWIFT Customer Security Programme.
To gain the confidence of victims, scammers often pretend to be associated with organisations they know you trust – be it a business, government agency or charity.
It has come to SWIFT’s attention that scammers have recently been using non-existent payment messages to mislead potential victims, inserting them into counterfeit documents to fraudulently claim payments have been made when they have not.
SWIFT is aware of suspected scams in which fraudsters, through deceptive emails, Powerpoint presentations, pdfs or other documents appear to encourage corporates and banks to partner with them with respect to SWIFT products including Alliance Lite 2 and gpi.
SWIFT is investigating and has updated SWIFT ISAC Bulletin 10105 and 10111 with examples of such malicious documents. We recommend that you to consult swift.com for official SWIFT documentation and contact Customer Support with any questions about the validity of documents received.
We would like to remind you that SWIFT does not play a role in the authentication process as we do not have access to the information related to financial transactions. When in doubt, to authenticate the legitimacy of such documents, we recommend you to contact your own bank (or the bank specified by BIC or by name in the payment instruction) prior to executing a business transaction.
How to report a security issue or vulnerability to SWIFT?
At SWIFT, the confidentiality, integrity and availability of our services are our top priorities. Our dedicated specialists work around-the-clock to optimise and secure our systems.
Both SWIFT and its customers must remain constantly vigilant and proactive to counter the threats to our common security.
Despite the effort we invest in security, the threat landscape adapts and evolves daily and there will always be new types of threats to safeguard against.
Have you discovered a vulnerability in our systems? Please help by reporting it to us so that we can improve the security of our systems together.
We will only use your personal information in respect to the SWIFT Privacy Statement.
Report your finding
You can report your findings by sending an e-mail to: email@example.com
We recommend that you secure your email transmission by using the following public PGP key.
In addition, we ask that you:
- Describe your finding as clearly and completely as possible.
- Provide any supporting information, material or attachments to support and validate your finding, to allow us to recreate or reproduce your finding as quickly and efficiently as possible.
- Describe the likely or potential consequences of your finding
- Suggest mitigations or workarounds if possible
- Keep all information and communication regarding your finding confidential, and do not disclose it to anyone outside of SWIFT
- Do not engage in any activities that will adversely affect the confidentiality, integrity, or availability of the systems that relate to your finding
- A team of security experts will investigate your finding(s) and you will receive a confirmation receipt of your email within one working day.
We value your work and thank you in advance for your contribution.