Menu
Swift hopes daily reporting will help stem payment fraud

Swift hopes daily reporting will help stem payment fraud

But the reports will arrive up to a day after the payments were made, leaving criminals with a window of opportunity

Swift is introducing a new reporting system to help banks identify fraudulent payments made over its financial transfer network -- but the reports will arrive up to a day too late to stop them.

Over the last year, cybercriminals have hacked systems at a number of banks, using their credentials to issue fraudulent payment instructions over the Swift network. Swift's network wasn't comprimised, but because genuine credentials were used on authorized bank terminals, no alarms were raised until some time after the transfers were made, leaving victims struggling to recover their funds from the destination accounts.

From December, Swift will send banks a Daily Validation Report, summarizing activity across currencies, countries and counterparts (destination banks), and also highlighting large or unusual payments and new combinations of payment parties. Banks can then reconcile details of such payments with their own records of the transfers they intended to make. Any discrepancies would provide warning of fraudulent activity, increasing banks' chances of cancelling the transfers.

But critics might say the report is just a way to shut the stable door a little sooner after the horse has bolted. Criminals timing their illicit transfers for just after Swift generates its daily reports could have a whole day to empty the destination account and make off with the proceeds.

In the attack on Bangladesh Bank disclosed in February, thieves initially sought to transfer $951 million, and ultimately got away with $81 million of that. The other transfers were blocked or cancelled, or the funds returned.

Swift plans to send the summaries via a different channel to the one used to make payments. That way, if criminals have compromised a bank's Swift terminal to the point where they can hide locally generated reconciliation records, they will not also be able to intercept and tamper with the validation report.

That, security researchers said in April, was what the Bangladesh Bank attackers tried to do with some custom malware. In May, Swift said attackers had sought to cover up their actions in a similar way at a second of its customers, widely believed to be a commercial bank in Vietnam.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments