The Customer Security Programme (CSP) incorporates five strategic initiatives, from facilitating better information sharing to creating new audit frameworks. These are intended to safeguard the security of the global banking system.
We are committed to keeping global banking safe and this can only be achieved by adopting a collaborative approach between SWIFT, our customers, overseers and third party suppliers.
The Customer Security Programme incorporates five strategic initiatives:
1. Improve information sharing
Having accurate, up to date information on relevant cyber threats is critical to CSP, and we are supporting greater levels of intelligence sharing across the global community. This means a greater exchange of cyber threat information between customers and SWIFT. We will also be keeping you informed of any preventative and detective measures that will help safeguard the community. We will provide information on best practices and innovation in cyber defence and also remind you to share information with us about any suspected fraudulent use of your SWIFT connectivity or any problem related to SWIFT products and services.
2. Enhance SWIFT-related tools for customers
Protecting your local environment is paramount. We will further strengthen the security requirements for customer-managed software. We will also continue our efforts to ‘harden’ our own products, and enhance logging and reporting. Our approach will be tailored to different customer types, from global transaction banks to corporates and investment managers.
3. Enhance guidelines and provide audit frameworks
Members will need to make sure their internal procedures meet certain security and operational baselines for the secure management of SWIFT messages. In order to achieve this, we will introduce new audit frameworks and certification processes.
4. Support increased transaction pattern detection
We are exploring the automation of transaction pattern detection by incorporating additional detection tools. As well as sharing best practices for banks to detect fraud, we will consider the feasibility of tools to detect anomalies on our own network. We will also explore tools allowing customers to recall fraudulent payment messages quickly.
5. Enhance support by third party providers
Enhancing your security will involve extensive support from third party providers. These might include security software and hardware, consulting and training providers, implementation services, providers of fraud detection solutions, interface vendors, service bureaus and auditors. We will help to foster a secure ecosystem through partner programmes, industry events and certification programmes.
Implementation of the CSP will be phased. Our initial focus will be on:
- Communicating with SWIFT customers, as well as enabling greater communication between customers.
- Co-operation with overseers, banks, and cyber security firms, and facilitating information sharing between these parties.
- Performing forensic analysis on products and services related to SWIFT connectivity at affected banks.
As we roll out the CSP, we will work in close partnership with the banking community and different user segments. This will include engaging via SWIFT National Member Groups, and working with customers on best practices for sharing cyber intelligence.
A detailed update on the programme will be made at Sibos, Geneva in September.