Skip to content

How SWIFT payment messaging fraud works: Everything you need to know

In March 2019, the Reserve Bank of India fined 19 banks that had not sufficiently strengthened internal controls to counter SWIFT messaging fraud risks, pointing to a world in which there are still plenty of opportunities in the system for sophisticated fraudsters to exploit. 

But what exactly is SWIFT messaging fraud, and how can it be prevented? Here’s everything you need to know in one simple guide…


SWIFT messaging fraud: where are the weaknesses?

With more than 10,000 members and over 30 million international payment messages sent daily, SWIFT is more than just a part of the global financial system: it’s a key component. But that importance brings with it the attention of bad actors, always on the lookout for ways to exploit the SWIFT system.

Successful attempts involve a mix of opportunistic timing – editing the parameters of a payment message and the quick erasure of tracks in order to hamper the recovery of funds. But, for the clearest picture of where vulnerabilities lie, let’s look at some previous real-world examples:


  • In February 2016, fraudsters manipulated SWIFT payment instructions between the Bangladesh Central Bank and the Federal Reserve Bank of New York in an attempt to steal US$1bn. 30 transactions were blocked, but Bangladesh Bank still lost US$81m. Many call this the most spectacular banking fraud in recent memory.
  • Taiwan-based Far Eastern International Bank nearly lost US$60m in October 2017, but a recovery effort ensured losses were limited to $500,000. Hackers infected the bank’s computers with malware and accessed its SWIFT terminal to move funds to the hacker’s accounts. The bank was fined $266,254 by Taiwan’s regulator.
  • Similar in method to the Bangladesh robbery, Ecuadorian institution Banco del Austro SA lost $12m in 2015. Criminals requested payments that Wells Fargo Bank unintentionally permitted, and the fraudulent SWIFT messages sent money to 23 shell companies in Hong Kong and in Dubai.


SWIFT messaging fraud: Typical attack vectors

Criminals attempting payment messaging fraud rely on a range of methods to obtain unauthorized access and circumvent recovery attempts. As such, SWIFT messaging fraud doesn’t depended on compromising the SWIFT network itself, but on the use of one or more of the following attack types and patterns:

Malware and network intrusion
SWIFT terminals aren’t public, so criminals use malware infections, often delivered via social engineering, to get into otherwise tightly locked corporate systems. Successful attacks can involve mundane-sounding tactics such as engineering a printer breakdown, which would prevent staff from noticing payments before it is too late.

Internal cooperation
It’s not unknown for payment messaging fraud to rely on a rogue, internal actor. Workers who have institutional credentials can remove evidence and otherwise block the ability of anti-fraud systems to counter an attack.

Manipulating payments
Fraudsters can use forged documents to open accounts reflecting an existing entity. Next, criminals rely on an existing relationship between two companies to facilitate payment from one entity to a fake account opened in the name of another. This can also involve manipulating the actual payment messages.

Timing the fraud
Criminals typically make fraudulent transactions outside of business hours on days that precede an official public holiday. Out of hours activity is less likely to be flagged by staff as fraudulent. Doing so gives fraudsters the opportunity to move funds into safe locations so that authorities cannot recover ill-gotten gains.

Organised cyber-crime
Payment messaging fraud is typically pulled off by sophisticated groups that set up corporate entities to hide stolen funds. Programmers are highly paid, and operations are strategic. 

Some regions even have their own known fraud patterns. For instance, in the Gulf Region, fraudsters often make use of a fake account to exploit known relationships between two entities. Often the attempted fraud takes place on a Thursday to take advantage of the local weekend.


SWIFT messaging fraud: What protective measures can institutions take?

The high fines already applied to a number of institutions highlight how fraud prevention is not sufficiently front and center, despite the high risk of payment messaging fraud. 

Here are some preventative steps to think about, in order to better protect your institution:

Enforcing internal controls
Many payment messaging fraud attempts rely on relatively simple lapses in security. So institutions should practice basic information technology hygiene and stay on top of vectors like password security, as well as revoking credentials when employees leave.

Choosing autonomous, continuous fraud prevention
A key tenet of SWIFT messaging fraud is its ability to circumvent human fraud detection, making it necessary to utilize autonomous fraud detection that functions around the clock – even when human fraud detectors are off duty.

Comparing transaction behavior
Institutions and their clients have established transaction patterns. By comparing a transaction against a transaction model, fraud detection systems can judge whether a transaction should be set aside for further investigation, or simply cleared to proceed. Machine learning models are highly adaptable and render minimal false positives.

Segregating data storage
Erasing evidence enables criminals to delay any attempt at recovering stolen funds. In many cases funds are lost permanently simply because the stolen funds were moved beyond recovery. Storing messaging data in a secure location can speed up transaction tracing.

Adjusting sensitivity at predefined times
Transaction patterns (and fraud activity) vary by the day of the week, and the time of the day. Institutions can heighten alert levels at predefined times.

Guarantee SWIFT messaging protection with EastNets
Of course, the single best way to protect against messaging platform fraud is to deploy a fraud prevention solution from a trusted vendor, like EastNets. 

We know that fraud prevention isn’t your core business – but it is ours. It’s why we offer a prevention platform powered by machine learning that can stay ahead of criminal behavior: Eastnets PaymentGuard.

PaymentGuard offers end-to-end protection across the SWIFT messaging platform, which works alongside your existing fraud prevention measures to significantly reduce the risk of successful payment messaging fraud.

Subscribe to our newsletter

Get all of our latest news and developments to your inbox