After $100M heist, SWIFT bank messaging service will boost security
Bangladesh Bank hack and resulting theft a 'watershed event for the banking industry'
The SWIFT secure messagingservice that underpins international banking said on Tuesday itplans to launch a new security programme as it fights to rebuildits reputation in the wake of the Bangladesh Bank heist.
The Society for Worldwide Interbank FinancialTelecommunication (SWIFT)'s chief executive, Gottfried
Leibbrandt, told a financial services conference in Brusselsthat SWIFT will launch a five-point plan later this week.
Banks send payment instructions to one another via SWIFTmessages. In February, thieves hacked into the SWIFT system ofthe Bangladesh central bank, sending messages to the FederalReserve Bank of New York allowing them to steal $106million.
- SWIFT says hackers successfully infiltrated a commercial bank
- How a hacker's typo helped stop a billion dollar bank heist
The attack follows a similar but little-noticed theft fromBanco del Austro in Ecuador last year that netted thieves more
than $16million, and a previously undisclosed attack onVietnam's Tien Phong Bank that was not successful.
The crimes have dented the banking industry's faith inSWIFT, a Belgium-based co-operative owned by its users.
The Bangladesh Bank hack was a "watershed event for thebanking industry", Leibbrandt said.
"There will be a before and an after Bangladesh. TheBangladesh fraud is not an isolated incident ... this is a big
deal. And it gets to the heart of banking."
SWIFT wants banks to "drastically" improve informationsharing, to toughen up security procedures around SWIFT and toincrease their use of software that could spot fraudulentpayments.
Concession
In an apparent concession to banks, Leibbrandt said SWIFTwas ready to help lenders detect possible frauds. "We can
provide tools and best practices for such a detection at thereceiving bank," he told the conference.
SWIFT will also provide tighter guidelines that auditors andregulators can use to assess whether banks' SWIFT securityprocedures are good enough.
Leibbrandt again defended SWIFT's role, saying the hackshappened primarily because of failures at users. "Many of theless protected banks are in countries where skills are reallyscarce," he said.
"We will have to create an ecosystem of providers andpartners, for example by introducing certification requirements
for third-party providers," he said,pointing the finger at providers of servicesto banks.
However, some finance industry executives say SWIFT has notbeen as active as it should be in improving security.
Users frequently do not inform SWIFT of breaches of theirSWIFT systems and even now, the co-operative has not proposedany sanctions for clients who fail to pass on information, whichSWIFT itself says is key to stopping future attacks.
Some critics say SWIFT should also be more active inauditing clients and be ready to cut off members whose securityis not up to scratch.
But the messaging service says other authorities also have arole.
"SWIFT is not all-powerful, we are not a regulator and weare not a policeman," Leibbrandt said.
Former SWIFT Chief Executive Leonard Schrank said itappeared that SWIFT's security efforts had not kept pace with
the criminals increased sophistication and that the co-operativeneeded to work hard to restore its reputation.
They really have to earn that credibility back," he toldReuters.