SWIFT was recently named best cybersecurity provider in recognition of its Customer Security Programme (CSP) at Central Banking’s annual FinTech & RegTech Global Awards.
The awards ceremony, which took place in Singapore, celebrates the most important and ground-breaking projects that are being undertaken in the community. This year’s awards showcased technological innovation that is being harnessed to improve central banking across different processes.
After Bangladesh Bank became victim of a cyberattack in February 2016, SWIFT launched the CSP to drive industry-wide collaboration in the battle against the cyber-threat. Designed to support all types of customers, from central banks to commercial banks, the CSP helps the community to secure itself. Two years in, SWIFT says it is delivering tangible results.
Its focus is threefold: customers must protect and secure their local environment; they must work to prevent and detect fraud in commercial relationships; and must continuously share threat information to defend against future cyber-threats.
Protect and secure
The cornerstone of the CSP is the Customer Security Controls Framework (CSCF) - a set of cybersecurity criteria that SWIFT revises annually. The mandatory security controls establish a security baseline for the entire community, and must be implemented by all users on their local SWIFT infrastructure.
SWIFT also published an Independent Assessment Framework recently which assists users in verifying that their self-attestations correspond with their actual level of security control implementation.
It has also introduced enhanced security features to its products, including stronger default password management, enhanced integrity checking and built-in two-factor authentication (2FA).
Prevent and detect
In October 2018, SWIFT launched Payment Controls - an intelligent in-network solution to combat fraudulent payments and to help strengthen banks’ existing security measures. It combines real-time monitoring, alerting and blocking of payments by giving banks’ internal systems the unique ability to define and control their screening parameters according to their own risk and compliance policies.
Banks can screen against numerous parameters - including time of day, size of transaction, currencies, unusual behaviour and badly formed messages - to flag suspicious transactions before they are executed.
Share and prepare
Information sharing is critical in preventing cybercrime. A study of attacks on banks in 2018 showed how closer industry collaboration and the sharing of cyber-threat intelligence resulted in the quick identification of financial institutions targeted by cybercriminals – in most cases, before attackers were even able to generate fraudulent messages.
SWIFT established a dedicated Customer Security Intelligence (CSI) team to investigate cyber incidents experienced by its customers and introduced the ‘SWIFT ISAC’, an information sharing portal for sharing threat intelligence across the community.
The team identifies new attack patterns, techniques and tactics that can help customers, such as central banks, protect themselves against cyberattacks and shares them via the SWIFT ISAC.
With the CSP, SWIFT says it is reinforcing the security of the entire global banking system. Worldwide, central banks are adopting SWIFT’s CSP as attackers prove increasingly determined, patient and cunning, breaching systems that once appeared impenetrable. SWIFT says it has forced global institutions to step up to the growing threat and its programme is delivering tangible results.
Like this item? Get our Weekly Update newsletter. Subscribe today