Security & SWIFT

"Security" is one term everybody realizes the importance of most, when it is breached. With more and more security breaches being reported in the financial markets' space, it appears that the awareness towards tighter security has become more pertinent and prominent than ever before. Well, this statement is likely to be true even in future. As the technology is improving convenience, speed and functionalities, equally and parallely new ways of breaching the security are evolving. Isn't it the fight for the one-upmanship between benign & malign elements, always on?

With the world swinging towards faster payments, it has also increased the risk of parting with the money with wrong hands, even faster. The problem assumes more serious note with huge investments seem flowing from institutions and allegedly by some state sponsors too. The conspiracy acts are of truly international in their spread – creation of fictitious accounts for nefarious credits, sustained network intrusions and eaves- dropping of the identified institutions, understanding the internal processes (possibly by way of insider or disgruntled ex-employee involvement), conversion of the booty into crypto currencies or through unorganized / unregulated markets and last but not least attempts to erase the evidences!

While security breaches are not new to the financial world, with the electronic settlements of funds becoming more so efficient, even the trusted names in that space like SWIFT had to shout their perspective of the problem and the steps that are being embarked upon to bring back the point that "S" (as in SWIFT) stands for Safety & Security.  With the responsibility of securely transmitting huge treasury and other payment messages (besides other business messages) on SWIFT (Society for Worldwide Interbank Financial Telecommunications), it is imperative that SWIFT continues to carry the image that it had stood for over the years. While SWIFT has categorically issued statements that its network and Core messaging services have not been compromised, it goes without saying that security can never be seen in isolation. As announced in this year's Sibos event at Geneva, SWIFT is coming out with a 'Customer Security Program' to extend the security and compliance requirements & control points more into the customer environments. Subject to SWIFT board's approval this program is expected to be operative shortly (watch for this space for more information in the coming months).

In order to ensure that the financial ecosystem is safe, it is not sufficient to secure the respective environments but it is equally important to have reasonable security hygiene ensured at the counterparts too. It may be quite common to shoot and thwart a missile in the air but it is very difficult to stop a fully validated real-time customer payment message, once released from the sender. In the recent events where the local systems have been breached, because of the better controls and checks at the Nostro providers' end, deeper damage could be averted and in some cases even completely foiled. These kinds of filters may become as USPs and prove competitive advantages towards deciding correspondent banking relationships.

While no systems can claim to be foolproof and future proof all the times, here are few basic ways of dealing with security threats:

• Due diligence during onboarding process – This may translate Background Verification Checks for employees and individuals to limiting the business exposure with the correspondents only to the extent business requires. There should be a periodic validation mechanism.
• Basic security hygiene – password protection and timely changing, giving access to only those required and to the extent required, securing systems with latest security updates.
• Sharing of information – Dissemination of Potential security breach attempts internally, to regulators, related government agencies and other stakeholders & the relevant staff getting updated with the trends.
• Systems & Process upgrades – Timely reconciliation, backups and periodic audits.

As somebody very correctly said – you are as secure as your weakest link.

• Nelito offers complete spectrum of SWIFT services. You may read more about it over here.

Read More

• What are SWIFT Payments?

Also Read

• Swift