Taking Swift action to help spot bogus bank transfers

Interbank network to send daily reports to clients listing day's activity, unusual payments

LONDON • The Swift interbank messaging network plans to send daily reports to clients to help them identify more quickly unauthorised payment instructions like those used by hackers to steal US$81 million (S$110.3 million) from Bangladesh's central bank in February.

Trillions of dollars worth of interbank payments are made each day using Swift messages but the Bangladesh theft and others which have come to light this year have knocked confidence in the supposedly super-secure system.

Swift said in a statement yesterday that from December, it would begin sending "daily validation reports" to clients. These would list the messages sent from the client's Swift terminal, thus allowing a bank to spot any payment instructions that it had not intended to send.

The report will also contain a risk report aimed at showing whether transfer instructions deviated from the client's typical payment patterns.

The new reports will be sent to customers' payments and compliance teams through a separate channel instead of the normal Swift terminal, so that even if hackers have gained access to the terminal, the reports will get through.

In the Bangladesh case, the Federal Reserve Bank of New York was tricked by fake Swift messages into wiring money it held for the country to hacker-controlled accounts in the Philippines.

The Fed's systems halted an additional US$850 million the attackers tried to obtain. Hackers also stole US$12 million from an Ecuadorean bank in January last year, and tried but failed to move about US$1.2 million from a Vietnamese lender.

The interbank cooperative, whose full name is the Society for Worldwide Interbank Financial Telecommunication, has warned that there may have been more breaches other than the three already publicly identified.

Some former Swift staff and clients say the Belgium-based organisation, a cooperative controlled by the biggest global banks, has been slow to react to growing security risks in recent years.

Swift denies it overlooked risks around unauthorised access to client terminals, saying it was up to banks to secure their own facilities.

However, in June, the cooperative launched a new "customer security programme" and is in the process of developing new measures to help clients, particularly smaller banks, ensure they are not victims of hacking.


A version of this article appeared in the print edition of The Straits Times on September 21, 2016, with the headline 'Taking Swift action to help spot bogus bank transfers'. Print Edition | Subscribe