Payments fraud prevention

Understanding the changing tactics used by fraudsters is key to prevention. You can then take steps to defuse the threat and protect your financial assets against payments fraud.

Payments fraud prevention

The fraud threat: Where do we stand today?

More than ever, financial institutions and payment infrastructures are being targeted by cyber attackers, who are innovative and work with subtlety, sophistication and patience.

Cyber attackers cover their tracks and exploit the fact that payments move faster than ever.

Threats are increasing with patterns of wire payment fraud on the rise, up from 14 per cent in 2014 to 48 percent in 2017 (source: 2018 AFP® Payments Fraud and Control Survey). The risk of institutional payments fraud continues to shake the industry. And in the wake of the Bangladesh Bank heist in 2016 (read more: Three years on from Bangladesh - Tackling the adversaries), we have seen similar attacks across a number of other banks worldwide. Institutional payments are an attractive vehicle for criminals due to the speed and finality of settlement. Added to this, originators and volumes continue to grow, expanding the collective target.

Preventing institutional payments fraud

You can also download the content of this page as a pdf. Fill in your contact details, and receive it straight into your mailbox.

0
White

Financial institutions and payment infrastructures are the new targets.

Source: 2017 Payment threats and fraud report, European Payments Council

Could you fall prey to institutional payment fraud?

The growing threat of cyber attacks (read more: The evolving cyber threat to the global banking community) has never been more pressing as criminals move from data theft to committing institutional payment fraud - and banks need to be able to verify the integrity of payments in real time.

When you understand the changing tactics fraudsters employ to perpetuate institutional payments fraud, prevention becomes easier. Ensuring that internal controls and strategies are in place will help protect your financial assets. So, if you haven’t already considered solutions available to help defuse the threat, your electronic transfers could be at risk.

Read more: 5 ways you could fall prey to payments fraud

1
White

Modus operandi of a cyber attack

Cyber attackers don’t wan you to understand what they’re doing. The less you know, the more opportunity they have to fraudulently extract funds from your organisation.

1. Cyber attackers compromise member’s environment

- Malware injected by email phishing, USB device, rogue URL or insider compromise
- Long reconnaissance period monitoring banks’ back office processes

2. Cyber attackers obtain valid operator credentials

- Keylogging / screenshot malware looking for valid account ID and password credentials

Protect against fraud

0
White

Payments fraud - Modus operandi of a cyber attack

3. Cyber attackers submit fraudulent messages

- Attackers impersonate the operator / approver and submit fraudulent payment instructions
- May happen outside the normal bank working hours / over public holidays

4. Cyber attackers hide the evidence of their actions

- By deleting or manipulating records/ log used in reconciliation
- By wiping the master boot record

Read more: Anatomy of a cyber attack

1
White

The regulatory landscape

Authorities across the globe have taken regulatory and supervisory steps to facilitate both the mitigation of cyber risk by financial institutions, and ensure effective response to, and recovery from, cyber attacks.

Financial Stability Board (FSB) member jurisdictions have actively addressed cybersecurity, with all member jurisdictions releasing regulations or guidance that tackle cybersecurity for the financial sector.

Payments fraud - The regulatory landscape

0
White

Payments fraud - The regulatory landscape

All FSB member jurisdictions report drawing upon a small body of previously developed national or international guidance or standards when developing their own regulatory or supervisory schemes for the financial sector.

- A third of reported regulatory schemes take a targeted approach to cybersecurity and/or information technology risk and the remaining third address operational risk generally.

- Common elements covered in cybersecurity regulation include risk assessment, regulatory reporting, role of the board, third-party interconnections, system access controls, incident recovery, testing and training.

- Jurisdictions remain active in further developing their regulation and guidance.

- International bodies have also been active in addressing cybersecurity for the financial sector, with a number of similarities across international guidance issued by different sectoral standardsetting bodies and other international organisations.

0
White

[ebook] Preventing institutional payments fraud

Understanding the changing tactics used by fraudsters is key to prevention. Download the ebook and get the full picture on fraud risk.

0
White

Best practices

Following these best practices can help mitigate your exposure to cyber threats.

Ensure good payment hygiene

While many banks rigorously check confirmations and statements, others are unaware these practices can mitigate the risk of fraudulent attacks on their back offices, and are further unaware of how to respond when they do happen.

Understand the threat

Knowing your adversary is vital to protecting yourself against it.

Get the big picture on payment activities

0
White

There has been a 1,700% increase in cyber attacks reported to the FCA since 2014.

Source: Financial Conduct Authority

Limit your exposure

You should only do business with trusted counterparties – and only maintain relationships with those you trust.

Implement security controls

Engaging in regular security benchmarking and audit exercises enables you to detect gaps and lapses in your security controls.

Know your counterparties

Your understanding of potential counterparts’ cyber and compliance risks is key to your decision-making around whether and how to do business with them.

Read more: Be a hero in the fight against payment fraud

1
White

Basic defences

The quicker something is identified as fraud the more likely it will be stopped.

Failure to secure your systems and networks leaves you exposed to attack.

No system is totally bulletproof, but there are ways to protect your organisation from the complex methods being used against you – these include being prepared for attacks succeeding.

Strength comes from multiple layers of defence, which are essential to combat the threats our community is up against.

The quicker something is identified as fraud the more likely it will be stopped.

0
White

Monitor for unusual behaviours

This means safeguarding both logical and physical security, as well as ensuring additional defences around critical systems, and putting detection measures in place around and within them to identify potential intruders.

Take action to safeguard your local environment and reinforce the security of the global financial community.

  • Secure your environment

  • Know and limit access

  • Detect and respond

Read more: Fighting fraud – can you keep up?

1
White

Protect your institution

The rise in the threat level requires a concerted response. While you are responsible for the security in your own organisation, a community-based approach is the best way to solve the security issues facing the industry.

And that is why the SWIFT Customer Security Programme (CSP) has been developed and will continue to evolve in close collaboration with our community. The CSP addresses three key aspects of your business and your relationships, enabling you to take action with the support of SWIFT’s programme.

Read more: Banks fight fraud by exercising control

Cyber attacks are now the third biggest risk in terms of likelihood, trailing only natural disasters and extreme weather events.

Source: Global Risks Report from the World Economic Forum

1
White

A common threat. A shared commitment.

This is a journey that involves SWIFT and its community of customers, regulators, overseers and third parties to collectively work together to fight against cyber attacks.

You - Secure and protect

You first need to secure and protect your local environment – this is the most important action you can take. Securing your local SWIFT-related infrastructure and putting in place the right people, policies and practices, are critical to avoiding cyber fraud.

To support the industry, we have published a core set of mandatory security controls and an associated assurance framework for its users. The security controls build upon our existing security guidance, taking into account the latest intelligence on known cyber threats and incidents.

Payments fraud - Secure and protect

0
White

Payments fraud - Secure and protect

Your counterparts - Prevent and detect

Companies do not operate in a vacuum and all SWIFT users are part of a broader ecosystem. Even with strong security measures in place, attackers are very sophisticated and you need to assume that you or your counterparts may be the target of cyber attacks. That is why it is also vital to manage security risk in your interactions with counterparties, and consider a tool to protect your payment flows.

0
White

Your community - Share and prepare

The financial industry is global, and so are the cyber challenges it faces. What happens to one institution in one location can easily be replicated elsewhere.

If you have been targeted or breached, it is vital to share all relevant information and let us know there is a problem as soon as possible. SWIFT will then share anonymised information or Indicators of Compromise (IOCs) across the community to help limit further impacts. We will inform you of relevant cyber intelligence, and continue to expand our information sharing platforms to do so.

Read more: A new way to fight fraud

Payments fraud - Secure and protect

1
White

Counter measures

While many banks rigorously check confirmations and statements, others are unaware these practices can mitigate the risk of fraudulent attacks on their back offices, and are further unaware of how to respond when they do happen.

Protect your core payment systems

Having relevant and timely intelligence helps protect you from cyber threats. SWIFT Information Sharing and Analysis Centre (SWIFT ISAC) allows you to share intelligence on cyber attackers’ latest strategies and activities with your community and use this information to adapt your defences.

You can then use Daily Validation Reports to profile your normal payment flows and validate your payment logos against SWIFT data to prevent cyber attackers covering their tracks.

Once you have the insights, you can take decisive action. SWIFT Payment Controls simply and effectively flags and intercepts suspicious payments to protect you and your counterparts. The overall goal is to reduce fraud and reputational risk and to build trust between institutions across the SWIFT community.

Established relationships can change over time and may not be aligned with business patterns today. With the Relationship Management Application (RMA), you can control who sends messages, and also restrict the types of messages with RMA+.

0
White

Real-time Financial Crime Compliance

Building a more secure future - together

The fraud threat is adaptive, so we are devising innovative ways of countering the threat and actively investigating cases and potential threats.

This involves informing you of threat indicators through the SWIFT ISAC, and providing you with the solutions you need – including Daily Validation Reports and Payment Controls - to help protect your local environments and ensure that your ongoing security updates assist in countering the very latest tactics.

0
White

[ebook] Preventing institutional payments fraud

Understanding the changing tactics used by fraudsters is key to prevention. Download the ebook and get the full picture on fraud risk.

0
White/Grey