Payment Controls – your questions answered
How does the Payment Controls service help with fraud prevention?
Cyber criminals may compromise a bank’s local operating environment by obtaining valid operator credentials and initiating fraudulent transactions directly in back-office systems, defeating the controls that would ordinarily protect against unauthorized activity. Our Payment Controls service provides a secondary control through independent monitoring. The secure in-network control mechanism will screen your sent messages in-flight for any out-of-policy or abnormal payments that may be indicative of fraud.
How is Payment Controls used in practice?
Payment Controls uses the proven hosted service operating model already used for SWIFT’s Sanctions Screening service, which has more than 700 subscribing institutions worldwide. Your compliance, investigation or operational teams set screening parameters based on your institution’s business and risk policies. Transactions outside the parameters will trigger an alert for investigation. Flexible control settings allow for alert only, hold, release or reject responses according to your policy requirements.
How does the service complement SWIFT’s existing compliance and anti-fraud services (in particular, Daily Validation Reports)?
Daily Validation Reports were developed as part of SWIFT’s Customer Security Programme to provide a secondary control to verify and understand payment activity. The reports reflect the previous day’s payments activity.
Payment Controls takes this protection further to allow real-time monitoring of sent messages. The service screens transactions in-flight and flags, holds or rejects transactions based on risk policies.
How do Payment Controls fit into SWIFT’s Customer Security Programme?
SWIFT customers are individually responsible for the security of their own environments, but the security of the industry as a whole is a shared responsibility. As an industry cooperative, SWIFT is committed to playing an important role in reinforcing and safeguarding the security of the wider ecosystem. Our Customer Security Programme aims to improve information sharing throughout the community, enhance SWIFT-related tools for customers and provide audit frameworks. We’ve added fraud prevention solutions to our Financial Crime Compliance portfolio to help our communities safeguard their operations and fight cyber-crime. Payment Controls is part of our commitment to deliver increased transaction pattern detection tools.
What message types will be covered by Payment Controls?
The Payment Controls service will initially focus on sent SWIFT MT payment messages. As SWIFT develops the service the message scope will be extended.
Who will find Payment Controls most useful?
Payment Controls is specifically targeted to address the needs of institutions with lower volumes of SWIFT messages. It complements SWIFT’s Daily Validation Reports service, which is already being used by customers to supplement their existing fraud controls. Payment Controls will be used by the compliance, operations and payment teams.
When will the service be available?
Payment Controls is being developed and piloted with customers and will be commercially available in 2018.
Is Payment Controls a mandatory part of the Customer Security Programme?
Payment Controls is an optional service. SWIFT does require customers to self-attest to their organisation’s level of compliance with SWIFT’s customer security controls. This self-attestation is done using the KYC Registry Security Attestation Application.