SWIFT messaging fraud consistently makes the headlines as banks face millions in losses alongside immeasurable reputational damage. Yet SWIFT fraud is not new. Why, in 2019, are hackers still having so much success manipulating SWIFT payments, despite SWIFT’s CSP programme which was introduced in 2016?
EastNets analysed many of the most recent cases including both successful and failed attempts and will present an insider’s look at SIBOS 2019. Indeed, our analysis shows that where attacks are successful, the resulting losses can be catastrophic.
Attendees at our SIBOS event will get a unique perspective on effective anti-fraud strategies. Read on to see why CXO employees working at financial institutions must attend the EastNets open theatre session on September 24th.
SWIFT messaging fraud is an established risk
In 2016 SWIFT instituted its Customer Security Programme (CSP) in response to an emerging threat as it rapidly became obvious that hackers are finding ways to manipulate the SWIFT messaging service, fraudulently transferring huge sums in the process.
The Bangladesh Bank attack which cost USD 81 million was a key catalyst for action, but despite SWIFT’s efforts via CSP numerous further attacks were pulled off successfully. With over 30 million SWIFT messages sent every day it would appear as if there is ample opportunity for hackers.
However, banks remain vulnerable due to the numerous ways an attack can be initiated, and because the way SWIFT is used makes recovering from an attack very difficult.
Why SWIFT messaging fraud is still keeping banks awake
Banks will do what’s necessary to guard against fraud but preventing SWIFT payment messaging fraud has proven particularly challenging. The pay-off from a successful attack is high which is motiving hackers to use advanced, relentless strategies.
EastNet’s investigation into recent cases has re-affirmed how SWIFT fraud often starts with a wide range of everyday yet persistent hacking techniques that could be a simple as a phishing email, or which could get a kick-start with help from an insider. Consistently closing all of these attack entry points is extremely difficult.
In our presentation we also outline the typical tactics hackers use to hide the evidence of an operation in progress, and why the multi-pronged strategies that hide an attack are so effective in creating sufficient time for hackers to move money before they are detected.
Fast payments are an enabler
SWIFT payments can now be completed in a matter of minutes and this provides an opportunity for fraudsters to rapidly move funds before an attack is detected. A quick response is after all key to recovering from an attack. Fast payments, alongside strategies to hide evidence, gives hackers the opportunity to pull off a successful attack.
Attendees at our open theatre session will get deeper insight into the specific measures financial institutions can take to counter the real-time nature of SWIFT messaging fraud, including the importance of intelligent access and transaction monitoring.
We will also outline strategies that counter the most intelligent, most determined hackers. Though it is disconcerting that hackers can disable even real-time fraud detection mechanisms we will brief attendees on strategies that supersede the plans of the most capable fraudsters.
SWIFT CSP is introducing complacency
Finally, we have found that the SWIFT customer security programme provides essential first steps to combat messaging fraud. However, financial institutions must take further measures to be fully protected against the open-ended nature of SWIFT messaging attacks as SWIFT CSP is not sufficiently comprehensive.
Senior staff at financial institutions may feel that SWIFT CSP provides a safe harbour. However, delegates at our SIBOS event can look forward to essential anti-fraud insights that go beyond CSP. In essence, attendees get a front-row seat: understanding the most recent attack strategies that SWIFT CSP cannot protect against and briefed on measures to stop these attackers in their tracks.
An opportunity to talk to EastNets
Our presentation on the 24th will deliver a C-level overview of the biggest risks around payment messaging fraud and will cover essential anti-fraud strategies. Mohammad AlKayed, Senior Information Security Engineer and Nezar Nassr, Product Manager will be presenting.
Any attendees who have further, and indeed more technical questions, would be welcome to chat to EastNets about their individual concerns. We look forward to seeing you at SIBOS.