An EastNets survey from 2019 notes a key finding that since 2016, more than 4 out of 5 banks in the U.S., Europe, Gulf Cooperation Council (GCC) countries, and Asia-Pacific have been targeted by cybercriminals attempting to use the SWIFT messaging network to fraudulently transfer money across country borders. The rate rises to 90% in GCC and 100% in Asia-Pacific countries.

When SWIFT launched back in 1977 banks were making payments via telex machines using prearranged test codes to authenticate the payments. It was a ‘manual’ way of effecting payments electronically. A person typed the instructions into a machine that then translated the message into a strip code which, when complete was sent over the wire to your bank which would then affect the payment via their systems. The payment instructions were authenticated with a test number which was calculated via a pre-agreed algorithm. The receiving bank would decode it at their end and if correct, would issue the payments as per telex instructions.

SWIFT changed all that with an initial 518 members across 22 countries. They created a whole new dimension to payments with secured and authenticated payment messaging. SWIFT has grown to more than 11’000 members across 200 countries in 2021, sending more than 3 million messages per day.

Then with the advent of the internet and connectivity, payments fraud came to SWIFT. Quickly rising to become one of the biggest threat to banks worldwide. Banks were not securing their SWIFT environments against outside attacks nor were they securing themselves against internal fraud. Depending on how many authentication factors a bank has set up, it potentially only needs 2 people colluding to create a fraudulent payment.

In many cases, a bank relies on loose internal processes and the integrity of staff, which has shown to be the wrong approach. In one case 2 people at a bank in Switzerland got together and sent USD10Mio to an account they had set up at a bank in Turkey. This was long before the USD10K money laundering limit was implemented. At their end in Switzerland, it all went smoothly but the bank in Turkey had a better system in place and queried the arrival of USD10M to a new account for a customer they didn’t know. The funds were returned to the bank in Switzerland and the 2 perpetrators successfully prosecuted resulting in prison sentences for both of them. This and many other known instances is just the tip of the iceberg.

Though steeply on the rise in APAC, Payments fraud is on the rise across the whole world. In America, the 2020 FBI Fraud report shows an annual increase of 69% over 2019 and a doubling of reported incidents since 2018. The Central Bank of Ireland, with strict protocols in place to manage and report fraud, has levied Euro 105 million in fines to Irish regulated firms since 2006. It didn’t take fraudsters long to exploit the covid-19 situation with multiple scams. In Australia, Scamwatch has received 6415 covid-19 related scam reports, during 2020 police in Japan uncovered 45 criminal covid-19 related incidents. no one is safe from financial fraud and SWIFT members are more often than not conduits of the fraudulent cash movements.

From Verizon’s 2021 annual Data Breach report

In addition to the recommended SWIFT controls other factors need to be taken into account when planning your defence mechanisms against the fraudsters. The report tells us that 44% of the breaches in the Financial and Insurance sector were caused by internal actors. The Financial sector frequently faces Credential and Ransomware attacks from External actors. This is borne out by the numbers on what the motives for the breaches are: Financial (96%), Espionage (3%), Grudge (2%), Fun (1%), Ideology (1%).

Verizon recommends that institutions implement the following measures which make up part of the IG1 controls: Security Awareness and Skills Training (14), Secure Configuration of Enterprise Assets and Software (4), Access Control Management (6).

We agree but think that banks need to go much further than that to fully secure their environments against fraudster and errors, which according to the Verizon report represents 13% of all breaches.

Securing your SWIFT environment requires more than just a good firewall. You need to implement the mandated SWIFT controls, firewalls and other cybersecurity measures as mentioned above, add or improve internal operational controls and you need monitoring and reconciliation tools for your cash movements. Dashboards that monitor the health of your systems, regular pentesting by external providers continuously testing your security. You will need staff trained on monitoring and recognising fraud attempts. You need to put Operational Risk Compliance at the forefront of everything you do.

Do it today - Tomorrow could be too late

SWIFT fraud is seen as a low-risk way to steal money. One thing is for certain, the perpetrators are relentless in their search for new ways to penetrate the weakness of banking environments and systems. SWIFT states in a report that: “Sending fraudulent high-value payment instructions can lead to large rewards.” This means there is a huge incentive to find ways to penetrate your ‘firewalls’ and unfortunately, banks all too often make it easy for the thieves to get their hands on the bank’s money.

If you want to hear more send us a mail at contact@stepforward.io