Combating fraud is a challenge for the entire financial industry. The threat landscape adapts and evolves daily, and both SWIFT and its customers have to remain vigilant and proactive over the long term.
While all customers are responsible for protecting their own environments, SWIFT has established the Customer Security Programme (CSP) to support customers in the fight against cyber-attacks.
The CSP is articulated around three mutually reinforcing areas. Customers will first need to protect and secure their local environment (You), it is then about preventing and detecting fraud in your commercial relationships (Your counterparts) and continuously sharing information and preparing to defend against future cyber threats (Your community).
Actions on the programme include the introduction of mandatory security controls, new services to help prevent and detect fraudulent activity, and community-wide information sharing initiatives to prepare for, exchange information about, and defend against, future attacks.
1. You: Secure and Protect
Securing your local SWIFT-related infrastructure and putting in place the right people, policies and practices, are critical to avoiding cyber related fraud.
To support the industry, SWIFT has published a core set of mandatory security controls that build upon SWIFT’s existing security guidance, taking into account the latest intelligence on known cyber threats and incidents. They have been reviewed by external industry experts and assessed against industry standard frameworks and good security practices.
The SWIFT Customer Security Controls Framework Detailed Description is available on swift.com. Customers must log in to mySWIFT with their swift.com credentials to access the document. (swift.com > Ordering & Support > User Handbook home > A-Z > Customer Security Programme).
To ensure adoption, and to complement the SWIFT Customer Security Controls Framework, SWIFT has published further details of the related attestation policy and process in the SWIFT Customer Security Controls Policy document.
We have also introduced enhanced security features to our products designed to assist SWIFT users in addressing security concerns, such as stronger default password management, enhanced integrity checking and built-in two-factor authentication (2FA) for Alliance Access clients who do not have existing 2FA implementations. We will continue efforts to harden SWIFT-provided products as part of our product roadmaps, combined with timely security updates to products to allow you to maintain your systems to a high level of protection.
2. Your counterparts: Prevent and Detect
Companies do not operate in a vacuum and all SWIFT users are part of a broader ecosystem. Even with strong security measures in place, attackers are very sophisticated and you need to assume that you may be the target of cyber attacks. That’s why it is also vital to manage security risk in your interactions and relationships with counterparties, which falls into two main areas:
If you are breached: Strong detection measures need to be put in place to increase the chances of stopping or mitigating fraud in case your environment is breached. To support smaller institutions in particular, SWIFT has launched new reporting tools to provide users with daily activity reports that furnish an independent record of their transaction data over SWIFT. These Daily Validation Reports offer both a secondary check on transactions to help prevent and detect fraud and a focused review of large or unusual flows. They are available as an independent, SWIFT-generated source of transaction data that can be reconciled with local transaction data to help in detecting whether a SWIFT user’s environment has been compromised and their local records altered. In Q3 we will introduce a Sender Payment Controls service, which will bring additional safeguards to ensure that payment instructions are in line with business expectations.
If your counterparty is breached: You also need to prepare for the possibility that one of your counterparties may be breached, and that you may receive suspicious or fraudulent messages from that counterparty. A basic starting point is to check that you are only doing business with trusted counterparties. SWIFT’s Relationship Management Application (RMA) supports customers by enabling them to control counterparty relationships through RMA tools.
3. Your community: Share and Prepare
The financial industry is truly global, and so are the cyber challenges it faces. What happens to one company in one location can easily be replicated elsewhere in the world. That’s why SWIFT is encouraging two important community principles:
Share and Prepare. If you suspect your organisation has been targeted or breached, it is vital that you share all relevant information and let us know there is a problem as soon as possible, which is part of your contractual obligations to SWIFT as a user of SWIFT services. SWIFT introduced a dedicated Customer Security Intelligence team that shares the latest anonymised information on Indicators of Compromise (IOCs) and details the modus operandi used in known attacks. Issuing such information has already made a tangible difference in the fight against fraud. SWIFT has introduced a ‘SWIFT ISAC’ global information sharing portal to share detailed and technical intelligence to allow the community to protect itself, to take mitigating actions, and to defend against further attacks.
The second community principle is ‘prepare’. We will do our best to inform you of relevant cyber intelligence, and we intend to continue to expand our information sharing platforms to do so. We are also engaging with vendors and third parties to help secure the wider ecosystem. But we also expect you to prepare by acting in a timely manner on the information and security updates we provide, and ensuring that you meet mandatory security controls for your SWIFT-related infrastructure.