Four Steps for Combating Attacks on SWIFT Payments

The SWIFTNet messaging platform is incredibly successful: SWIFTNet is used by 11,000 financial institutions in 200 countries. This high rate of usage, coupled with extremely large amounts of money moving through the system, makes the SWIFT payment system an attractive target for cyber-criminals. This has been evidenced by recent research from EastNets which shows that since 2016, 80% of banks have been targeted by fraudsters attempting to piggy-back on the SWIFTNet messaging network to transfer money across borders.

Back in 2019, when EastNets carried out this research, we had not yet with the complications presented by the COVID-19 pandemic. However, banking is now at a juncture. The increasing use of home office environments, coupled with the existing security challenges of modern banking networks, means that banks need to look at widening the measures used to protect payments.

Here, we look at four steps in a process that your institution can use to prevent your SWIFT payments from being abused by fraudsters.

Three Key Findings That Help in SWIFT Payment Fraud Prevention

EastNets researchers looked at the current security measures in place to prevent SWIFT Payment fraud. One interesting fact that emerged through up a conundrum… whilst, 80% of banks had implemented the SWIFT Customer Security Program (CSP) to help prevent fraud attempts, 80% of banks surveyed have also been victims of SWIFT payment fraud - certain factors stood out during the research:

  • 84% of SWIFT Messaging Network fraud attempts were cyber-based attacks committed by hackers
  • Only 20% of banks say their people collaborate “very strongly” across functions to mitigate SWIFT payment fraud
  • About one-in-seven (14%) of SWIFT payment fraud attempts involve insiders

In addition to these findings, over two-thirds of banks surveyed use anti-fraud software specifically designed to prevent SWIFT payment fraud.

This presents a dichotomy that points to a gap in security. EastNets have analyzed this gap and subsequently developed a four-point action plan to deal with SWIFT payment fraud in a way that will close this gap. Here are our steps to combating attacks on SWIFT payments.

Four Steps to Prevent Fraud Attempts on Swift Payments:

Cyber-attacks can be extremely sophisticated. In the case of Advanced Persistent Threats (APT), an attack that is often associated with incidents that involve large amounts of money, they are often highly customized and often in situ within a network for extended periods without detection. APT detection and prevention are complicated and challenging. It is these types of attacks that need to be considered when developing robust security strategies.

The EastNets four-step plan has been formulated from research talking to 200 banks who deal with this level of cyber-threat.

Step One: Begin with Good Policy Arrangements

Having a robust security policy in place, which includes an anti-fraud focus is a foundation stone of your fight against fraud that uses SWIFT payments. Put control measures in place to create robust structures that form the basis of your security strategy. Security policy measures set out your security 101 allowing your organization to make informed decisions and understand where any weaknesses lie. As well as fundamental policies that include employee security awareness, customer fraud education, and using simulated SWIFT payment fraud attacks, various measures should be included in your policy:

  • Review of employee access to the SWIFT system and implementation of strict access policies. 
  • Employee behavior monitoring tools.
  • Network level controls to separate critical systems and SWIFT infrastructure from other enterprise banks systems. 
  • Fraud tracing capabilities.
  • SWIFT messaging interface access restrictions.
  • Detecting suspicious user activity.
Step Two: Implementation of a Robust IT Architecture

The fraudsters behind the attacks on the SWIFT payments will use techniques to improve their chance of success. One such technique is to wipe the system that stores transaction details; this makes tracing a fraudulent transaction difficult. To remediate this problem, a bank needs to ensure that the underlying architecture and IT systems are designed to withstand this type of tactic. To build robust systems and services, you should look to include:

  1. Backup: It is essential to use a robust and secure backup system. However, 16% do not 16% of banks do not collect real-time copies of payments or store them in a secure repository. A customer of EastNets used a secure backup to recover lost messages when hackers damaged their messaging interface operating system. This institution was then able to issue a cancellation before all of the money disappeared.
  2. Disaster recovery: Banking leaders use robust disaster recovery: EastNets research shows that leaders in banking have disaster planning in place. But as many as one-quarter of banks do not have a best practice disaster recovery plan in place for SWIFT messaging. Disaster recovery ensures that if the worst does happen, a bank can continue operations, and retain profitability, whilst being able to investigate a cyber-crime.
  3. Network-level controls: By having a strict separation between mission-critical IT systems and SWIFT infrastructure from other enterprise bank systems, you can control the impact of an attempt to commit fraud on your SWIFT payments network.
  4. Monitor: Using a monitoring system to watch out for unusual or malicious behavior can help prevent an attack from becoming an incident.
Step Three: Autonomous Fraud Prevention

In amongst the many tens or hundreds of thousands of SWIFT transactions a day, might be just one or two that are fraudulent. Cyber-criminals rely on hiding in plain sight, only needing a small number of successes to steal large amounts of money. A survey by SWIFT. “Three years on from Bangladesh - Tackling the adversaries” found that attempted fraudulent transactions tend to be in the smaller range from $250,000 to $2 million. This helps the fraud to go undetected and so it will not be stopped.

An automated, continuous fraud-prevention system is a way to see through the noise to spot both internal and external fraudulent transactions. The system is always on, looking for activity that is unusual or obviously fraudulent. Having an automated system also reduces the chances of human error that manual checks, needing to cover large numbers of transactions, suffer from.

Automated fraud prevention, that is designed to look for suspicious activity on the SWIFT messaging network, will spot fraud where human operators are unable to. However, the design of the system must be properly managed. In the EastNets survey, 70% of respondents used software developed to prevent SWIFT payment fraud; however, 82% were victims of cyber-attacks. Squaring this round requires analytics and automated solutions that apply specific criteria to spot fraud that uses the SWIFT messaging network.

Step Four: Smart Monitoring of Transaction Behavior

Each bank has its own patterns of transactions that are like a fingerprint of the institution. Machine Learning, a form of Artificial Intelligence, is adept at learning about a system and spotting anomalous patterns. In the EastNets survey, we looked at ‘laggards and leaders’ in dealing with fraud on SWIFT networks. In terms of the application of Machine Learning to the problem of SWIFT payment fraud in banking, 85% of leaders used computer user behavior analytics. These systems assign a risk value based on a user’s interactions with a bank’s SWIFT payment system.

Machine Learning based systems offer the kind of flexibility coupled with learning capability needed to adjust to the nuanced needs of an individual bank. Machine Learning adds the final element to our four steps to preventing fraud on SWIFT payment networks. Using smart analysis facilitates the speed, openness, and global nature needed in competitive modern banking, whilst preventing cyber-crime.