Menu
Swift hopes daily reporting will help stem payment fraud

Swift hopes daily reporting will help stem payment fraud

But the reports will arrive up to a day after the payments were made, leaving criminals with a window of opportunity

Swift is introducing a new reporting system to help banks identify fraudulent payments made over its financial transfer network -- but the reports will arrive up to a day too late to stop them.

Over the last year, cybercriminals have hacked systems at a number of banks, using their credentials to issue fraudulent payment instructions over the Swift network. Swift's network wasn't comprimised, but because genuine credentials were used on authorized bank terminals, no alarms were raised until some time after the transfers were made, leaving victims struggling to recover their funds from the destination accounts.

From December, Swift will send banks a Daily Validation Report, summarizing activity across currencies, countries and counterparts (destination banks), and also highlighting large or unusual payments and new combinations of payment parties. Banks can then reconcile details of such payments with their own records of the transfers they intended to make. Any discrepancies would provide warning of fraudulent activity, increasing banks' chances of cancelling the transfers.

But critics might say the report is just a way to shut the stable door a little sooner after the horse has bolted. Criminals timing their illicit transfers for just after Swift generates its daily reports could have a whole day to empty the destination account and make off with the proceeds.

In the attack on Bangladesh Bank disclosed in February, thieves initially sought to transfer $951 million, and ultimately got away with $81 million of that. The other transfers were blocked or cancelled, or the funds returned.

Swift plans to send the summaries via a different channel to the one used to make payments. That way, if criminals have compromised a bank's Swift terminal to the point where they can hide locally generated reconciliation records, they will not also be able to intercept and tamper with the validation report.

That, security researchers said in April, was what the Bangladesh Bank attackers tried to do with some custom malware. In May, Swift said attackers had sought to cover up their actions in a similar way at a second of its customers, widely believed to be a commercial bank in Vietnam.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments