MFT, SWIFT, and the Fight Against Cyberfraud

As businesses across the world continue to expand globally, the volume of global payment transfers is growing along with them. The world’s largest electronic payment message system, SWIFT, saw a 5.4% YoY increase in message transfers as of May 2019. SWIFT, or The Society for the Worldwide Interbank Financial Telecommunication, is a network that enables over 11,000 financial institutions to send and receive information about financial transactions in a secure and reliable environment. The average daily volume for SWIFT is 34 million transfers.  

It should come as no surprise that cyberfraud attacks on global payment transfers are also increasing, both in number and sophistication.

A frightening 38% of banks and payment organisations say they find it increasingly difficult to tell whether a transaction is fraudulent, according to a recent survey.

While banks are definitely feeling the effects, the threat of cyberfraud isn’t limited to financial institutions. The ubiquitous nature of SWIFT’s platform along with the globalisation of business means that organisations across industries use the SWIFT message network for international payments. Corporate business houses in any industry manage international payments with vendors, suppliers, or customers, and may have one or more treasury management applications in place.

SWIFT Cyberfraud Prevention

Since 2016, several banks have endured a whopping $87M loss from cybercriminals jeopardising their SWIFT infrastructures. To help thwart cyberfraud for all its members, SWIFT launched its Customer Security Program (CSP) in 2017. The program requires those who connect with SWIFT’s network to abide by a framework of IT security best practices, including 29 controls. Organisations interfacing with SWIFT’s network must prove they are abiding by SWIFT’s requirements. SWIFT is steadily raising compliance enforcement. This year, 19 of the SWIFT CSP’s 29 controls require mandatory self-attestation.

SWIFT members must submit attestation annually and can start to register their self-attestation against the next version of the CSP Framework. The deadline is coming up quickly; organisations who have not done so already must attest by the end of this year. SWIFT randomly checks network members and will report any non-compliant organisations to industry regulators, such as the Financial Conduct Authority.

3 Core SWIFT Requirements

The aim of CSP is to support SWIFT’s vast community in the fight against cyberfraud, but ultimately the responsibility lies on the member organisation for protecting their own environment. The SWIFT security controls framework outlines three mandatory compliance requirements: 

  1. Protecting Your Environment – Segregating the organisation’s local SWIFT infrastructure from the larger enterprise, reducing the attack surface, thus preventing any threat to the general enterprise IT environment.
  2. Know & Limit Access – Implementing multi-factor authentication to prevent malicious actors from accessing a user’s credentials and privileges to mount an attack.
  3. Detect & Respond – Having a continuous record of security events along with detecting aberrant operations and actions in the SWIFT framework.

The Right Managed File Transfer (MFT) Suite Can Help You Comply

Globalscape’s MFT platform, Enhanced File Transfer (EFT), can help your organisation compliantly integrate with SWIFT. EFT can be deployed and configured quickly, and changes to SWIFT transfers can be made quickly and easily without any scripting.

For more information on how EFT can help your organisation comply with SWIFT requirements, please get in touch today