Swift to start suspicious-payment alerts to help defend banks

The new service is part of Swift's efforts to defend against cyberattacks that aim to fraudulently use banks' connections to the messaging system. PHOTO: REUTERS

PARIS (BLOOMBERG) - Swift, the interbank messaging system that hackers used to steal US$81 million (S$113.5 million) from Bangladesh last year, is developing a payment-screening service that will allow small member banks to automate the flagging of suspicious payments.

The new service is part of a series of measures from the Society for Worldwide Interbank Financial Telecommunication (Swift) to defend against cyberattacks that aim to fraudulently use banks' connections to the messaging system. It will place a "red flag" on payment messages that appear risky and spot anomalies, provide real-time alerts and allow customers to put a hold on unusual messages, the cooperative said in an emailed statement on Tuesday.

Swift aims to begin offering the service by early 2018. Its price will depend partly on how many banks adopt it, the cooperative said.

After initially responding to the Bangladesh hack by saying that its member banks were responsible for their own security, Swift rolled out a series of security programs and procedures over the last year, including a requirement that members share more information about security incidents. Other measures have required member banks to install new equipment or software so that all of them would have improved defenses.

Big banks have largely complied, and most already had systems in place to spot suspicious transaction requests. But getting some smaller member banks to install these systems has been a challenge for Swift, which said it would begin to report security shortcomings to regulators. The difference this time is that the anti-fraud service will be hosted by Swift. Banks will be able to use it without having to install any new hardware or software.

Luc Meurant, head of financial crime compliance services at Swift, said the new measures were meant to complement security systems already in place at member banks.

"We need to assume that attacks will get increasingly sophisticated, so you need multiple layers of protection," he said.

The payment screening service is initially meant for smaller financial institutions and central banks, Swift said. In February 2016, hackers exploited the Swift connection of the central bank of Bangladesh to request that funds be transferred from its account at the Federal Reserve Bank of New York. Similar cyberattacks have hit banks in countries including Ecuador and Vietnam.

Swift has been under increasing pressure to fortify its systems to prevent future cyber robberies. Swift has relied on the trust within its network to cement its effective dominance of the international payments system over the past four decades. If that trust erodes, it could spell trouble for the cooperative.

"The new payment controls service is a direct response to our community's request for additional services to complement and strengthen existing fraud controls," Swift chairman Yawar Shah said in the statement.

Join ST's Telegram channel and get the latest breaking news delivered to you.