SWIFT announces new security tool to strengthen customer fraud controls
Helping customer detect fraudulent payments
• Anti-fraud reports introduced under SWIFT’s Customer Security Programme
• Supports banks by helping detect unusual payment flows quickly and easily
• Improves possibility of cancelling fraudulent transfers
Brussels, 20 September 2016 – SWIFT announces the introduction of Daily Validation Reports, a new tool designed to supplement customers’ existing fraud controls. Based on SWIFT’s records of customers’ messages, the Daily Validation Reports will give customers an accurate summary of their message flows, affording them an independent means of verifying their messaging activity and detecting any unusual patterns, thereby enhancing their ability to identify possible fraud attempts and improving the likelihood they can cancel any fraudulent transfers.
The reports will be provided through a separate channel to customers’ payments and compliance teams. This “out of band” access will ensure that independent departments at customer firms will be able to access independently sourced information through an independent channel, even if their own systems or operational staff have been compromised and their locally stored records have been obfuscated.
Stephen Gilderdale Head of SWIFT’s Customer Security Programme, said: “A key step in the modus operandi in recent wire fraud cases at customer firms involves the attackers concealing their fraudulent messaging activity on customers’ local systems. Smaller institutions, in particular, are currently dependent on the accuracy of the data on their own systems, but in the event of a security breach, their locally stored payment and reconciliation data may be altered or unavailable. Daily Validation Reports will provide a reliable and independent source of information, providing such institutions with an activity lens to help them quickly detect fraud – whether perpetrated by external attackers or by malicious insiders.”
The Daily Validation Reports will include both Activity Reports and Risk Reports. The Activity Reports will enable institutions to see their aggregate daily activity across currencies, countries and counterparties – giving them a snapshot view of each day’s messaging activity against which to detect unusual patterns. The Risk Reports will provide customers with a focused review of large or unusual payment flows and new combinations of payment parties – allowing unusual senders, destinations and patterns to be more quickly and easily identified.
The introduction of Daily Validation reports is one of several initiatives launched under the Transaction Pattern Detection stream within SWIFT’s Customer Security Programme. In August SWIFT launched a campaign focussed on its Relationship Management Application (RMA) to raise awareness of the tool’s usage as a first line of defence against unwanted or unexpected message flows. RMA is a filter that enables users to manage their correspondent relationships and is a first line of defence against unwanted or unexpected message flows. It allows users to select and limit the correspondents from whom they wish to receive messages, as well as to restrict the type of messages that they receive. Effective use of RMA allows customers to mitigate the risk of receiving unwanted or fraudulent payments, and to ensure that message traffic is only permitted with trusted parties. In collaboration with its community SWIFT is also investigating methods to enhance market practice in the use of message standards for fraud prevention and investigation, and exploring additional fraud controls.
The Daily Validation Reports will be introduced in December 2016 complementing SWIFT’s Compliance services, a set of utilities designed to assist institutions in managing their Financial Crime Compliance risks. Other SWIFT tools and services that can help to reduce transaction and financial crime compliance risks include RMA Plus, Sanctions Screening, Sanctions Testing, The KYC Registry, Compliance Analytics and the Payments Data Quality Service.
Luc Meurant, Head of Compliance Services at SWIFT, added: “Learning from financial crime compliance processes and techniques can play a key role in helping to detect and ultimately prevent frauds, such as those attempted through recent cyber-attacks on customer firms. SWIFT plans to extensively leverage its existing financial crime compliance capabilities to support its community in fraud prevention and detection.”
SWIFT’s Customer Security Programme, which launched in June 2016, is designed to reinforce and evolve the security of global banking, consolidating and building upon existing SWIFT and industry efforts. SWIFT’s Board endorsed the programme in June, earmarking a dedicated investment for the programme during the remainder of the calendar year. The Board is actively overseeing the programme and will assess incremental business and financial needs for the programme during the remainder of 2016 and 2017.
SWIFT is a global member-owned cooperative and the world’s leading provider of secure financial messaging services.
We provide our community with a platform for messaging and standards for communicating, and we offer products and services to facilitate access and integration, identification, analysis and financial crime compliance.
Our messaging platform, products and services connect more than 11,000 banking and securities organisations, market infrastructures and corporate customers in more than 200 countries and territories, enabling them to communicate securely and exchange standardised financial messages in a reliable way. As their trusted provider, we facilitate global and local financial flows, support trade and commerce all around the world; we relentlessly pursue operational excellence and continually seek ways to lower costs, reduce risks and eliminate operational inefficiencies.
Headquartered in Belgium, SWIFT’s international governance and oversight reinforces the neutral, global character of its cooperative structure. SWIFT’s global office network ensures an active presence in all the major financial centres.
About SWIFT’s Customer Security Programme
SWIFT’s Customer Security Programme, which launched in June 2016, is a dedicated initiative designed to reinforce and evolve the security of global banking, consolidating and building upon existing SWIFT and industry efforts. The programme will clearly define an operational and security baseline that customers must meet to protect the processing and handling of their SWIFT transactions. SWIFT will also continue to enhance its own products and services to provide customers with additional protection and detection mechanisms, and in turn help customers to meet these baselines.
The programme will focus on five mutually reinforcing strategic initiatives:
- Improving information sharing amongst the global community
- Enhancing SWIFT related tools for customers
- Enhance guidelines and provide assurance frameworks
- Support increased transaction pattern controls
- Enhance support by third party providers.
About SWIFT’s financial crime compliance services portfolio
SWIFT’s Compliance Services unit manages a growing portfolio of financial crime compliance services in the areas of sanctions, Know Your Customer (KYC) and Anti-Money Laundering (AML). The portfolio includes Sanctions Screening and Sanctions Testing services, Compliance Analytics, The KYC Registry and Payments Data Quality services. For more information, visit www.swift.com/complianceservices.
Brunswick Group LLP
Tel: +44 (0)20 7404 5959