Frequently asked questions about Daily Validation Reports
Table of contents
Why has Swift developed Daily
One element of recent insider fraud attacks involves attackers hiding the evidence of fraudulent wire payments that they have sent. In these incidents fraudsters have deleted logs, manipulated transaction records, system files and database records, and in some cases, crashed or left environments in an unrecoverable state. Our smaller customers are dependent on the accuracy of the data on their own systems. In the event of a security breach, local environments can no longer be trusted to present a true record of transaction activity. Daily Validation Reports provides a view of Swift’s record of a customers’ activity that can be used to independently verify, in aggregate form, payment messages that have been sent or received.
How do Daily Validation Reports work?
Daily Validation Reports are available on a daily basis and leverage the underlying BI platform used by Watch and Compliance Analytics tools. Customers log in through www.swift.com. The reports provide aggregate reporting of transaction activity to allow review of inbound and outbound payments by currency, country and counterparty bank.
The reports allow the customer to see the originator, sender, receiver and beneficiary counterparty banks and the aggregate transaction activity by value, volume, currency and message type, with values normalised to a user-selected base currency.
Message type filters are provided to allow quick access to data. Within each report, daily payment value and volume averages (calculated over a 24-month period) are presented, along with a percentage change indicator which allows rapid identification of significant variations in payment patterns. Report information can be extracted to Excel or similar tools.
Who will benefit from Daily
Daily Validation Reports have been designed primarily for smaller institutions that might lack the most sophisticated tools for providing robust responses to fraud threats or reacting in the event of fraudulent activity. They will be most useful for institutions with smaller transaction volumes, since they require manual review processes.
What about larger customers?
Larger institutions will typically have more comprehensive cyber defences and fraud prevention controls, as well as their own backup reporting systems. Their large transaction volumes mean that a manual review process using Daily Validation Reports might be less suitable, although smaller branches of larger institutions might find the reports useful.
Which area of my institution will benefit from Daily Validation Reports?
Daily Validation Reports are a secondary control to verify and understand payment activity. Payments operations, compliance and fraud prevention teams will benefit from the reports.
How many users can a customer have?
There are five users as part of the licence. Further blocks of 10 users can be purchased separately.
What is required to start using Daily Validation Reports?
Very little. The reports are designed to be quick and easy to use and there is minimal customer configuration. Following receipt of an e-order, access will be granted and access roles must then be allocated by the customer. Training materials and user guides will be provided.
Are there any existing alternatives to Daily Validation Reports?
No other vendor can provide access to Swift’s record of transaction activity.
One alternative to Daily Validation Reports would be for a customer to use FIN Inform/FIN Copy to deliver copies of messages to a separate interface where they could create a separate database to generate similar reports. Some larger customers already do this.
Other alternatives would be to use commercially available fraud detection and prevention tools. However, in the event of cyber compromise these tools could be bypassed by a fraudster.
How much will Daily Validation Reports cost?
Please contact your Swift account manager for details on pricing.
Will Swift be opening and reading messages to produce these reports?
The service has been designed in full compliance with our policies and under Swift Board governance. We have strong safeguards in place, and access to data is fully in line with other Swift data analytics services such as Business Intelligence and Compliance Analytics.
Do Daily Validation Reports mean that Swift will do the fraud detection for the customer?
No, absolutely not. Customers are fully responsible for validating that their payments activity is correct.
Are customers obliged to take Daily Validation Reports to meet Customer Security Programme (CSP) security guidelines?
No, there is no obligation on customers to do this. Daily Validation Reports are an additional control that they can use, depending on their environment and as a way to supplement other controls that they may have in place. A subscription to Daily Validation Reports does not remove other obligations. Customers must still meet security guidelines defined as part of the Customer Security Programme and also must report attempted and actual cyber fraud events to Swift.