After $100M heist, SWIFT bank messaging service will boost security - Action News
Home WebMail Sunday, November 24, 2024, 04:36 AM | Calgary | -12.4°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Science

After $100M heist, SWIFT bank messaging service will boost security

The SWIFT secure messaging service that underpins international banking says plans to launch a new security programme as it fights to rebuild its reputation in the wake of the $106 million Bangladesh Bank heist.

Bangladesh Bank hack and resulting theft a 'watershed event for the banking industry'

Commuters pass by the front of the Bangladesh central bank building in Dhaka in March. In February, thieves hacked into the SWIFT messaging system of the Bangladesh Bank and sent messages to the Federal Reserve Bank in New York, allowing them to steal $105 million. (Ashikur Rahman/Reuters)

The SWIFT secure messagingservice that underpins international banking said on Tuesday itplans to launch a new security programme as it fights to rebuildits reputation in the wake of the Bangladesh Bank heist.

The Society for Worldwide Interbank FinancialTelecommunication (SWIFT)'s chief executive, Gottfried
Leibbrandt, told a financial services conference in Brusselsthat SWIFT will launch a five-point plan later this week.

Banks send payment instructions to one another via SWIFTmessages. In February, thieves hacked into the SWIFT system ofthe Bangladesh central bank, sending messages to the FederalReserve Bank of New York allowing them to steal $106million.

The attack follows a similar but little-noticed theft fromBanco del Austro in Ecuador last year that netted thieves more
than $16million, and a previously undisclosed attack onVietnam's Tien Phong Bank that was not successful.

The crimes have dented the banking industry's faith inSWIFT, a Belgium-based co-operative owned by its users.

The Bangladesh Bank hack was a "watershed event for thebanking industry", Leibbrandt said.

"There will be a before and an after Bangladesh. TheBangladesh fraud is not an isolated incident ... this is a big
deal. And it gets to the heart of banking."

SWIFT wants banks to "drastically" improve informationsharing, to toughen up security procedures around SWIFT and toincrease their use of software that could spot fraudulentpayments.

Concession

In an apparent concession to banks, Leibbrandt said SWIFTwas ready to help lenders detect possible frauds. "We can
provide tools and best practices for such a detection at thereceiving bank," he told the conference.

SWIFT will also provide tighter guidelines that auditors andregulators can use to assess whether banks' SWIFT securityprocedures are good enough.

Leibbrandt again defended SWIFT's role, saying the hackshappened primarily because of failures at users. "Many of theless protected banks are in countries where skills are reallyscarce," he said.

"We will have to create an ecosystem of providers andpartners, for example by introducing certification requirements
for third-party providers," he said,pointing the finger at providers of servicesto banks.

However, some finance industry executives say SWIFT has notbeen as active as it should be in improving security.

Users frequently do not inform SWIFT of breaches of theirSWIFT systems and even now, the co-operative has not proposedany sanctions for clients who fail to pass on information, whichSWIFT itself says is key to stopping future attacks.

Some critics say SWIFT should also be more active inauditing clients and be ready to cut off members whose securityis not up to scratch.

But the messaging service says other authorities also have arole.

"SWIFT is not all-powerful, we are not a regulator and weare not a policeman," Leibbrandt said.

Former SWIFT Chief Executive Leonard Schrank said itappeared that SWIFT's security efforts had not kept pace with
the criminals increased sophistication and that the co-operativeneeded to work hard to restore its reputation.

They really have to earn that credibility back," he toldReuters.