MFT, SWIFT, and the Fight Against Cyberfraud
As businesses across the world continue to expand globally, the volume of global payment transfers is growing along with them. The world’s largest electronic payment message system, SWIFT, saw a 5.4% YoY increase in message transfers as of May 2019. SWIFT, or The Society for the Worldwide Interbank Financial Telecommunication, is a network that enables over 11,000 financial institutions to send and receive information about financial transactions in a secure and reliable environment. The average daily volume for SWIFT is 34 million transfers.
It should come as no surprise that cyberfraud attacks on global payment transfers are also increasing, both in number and sophistication.
A frightening 38% of banks and payment organizations say they find it increasingly difficult to tell whether a transaction is fraudulent, according to a recent survey.
While banks are definitely feeling the effects, the threat of cyberfraud isn’t limited to financial institutions. The ubiquitous nature of SWIFT’s platform along with the globalization of business means that organizations across industries use the SWIFT message network for international payments. Corporate business houses in any industry manage international payments with vendors, suppliers, or customers, and may have one or more treasury management applications in place.
SWIFT Cyberfraud Prevention
Since 2016, several banks have endured a whopping $87M loss from cybercriminals jeopardizing their SWIFT infrastructures. To help thwart cyberfraud for all its members, SWIFT launched its Customer Security Program (CSP) in 2017. The program requires those who connect with SWIFT’s network to abide by a framework of IT security best practices, including 29 controls. Organizations interfacing with SWIFT’s network must prove they are abiding by SWIFT’s requirements. SWIFT is steadily raising compliance enforcement. This year, 19 of the SWIFT CSP’s 29 controls require mandatory self-attestation.
SWIFT members must submit attestation annually and can start to register their self-attestation against the next version of the CSP Framework. The deadline is coming up quickly; organizations who have not done so already must attest by the end of this year. SWIFT randomly checks network members and will report any non-compliant organizations to industry regulators, such as the Financial Conduct Authority.
3 Core SWIFT Requirements
The aim of CSP is to support SWIFT’s vast community in the fight against cyberfraud, but ultimately the responsibility lies on the member organization for protecting their own environment. The SWIFT security controls framework outlines three mandatory compliance requirements:
- Protecting Your Environment – Segregating the organization’s local SWIFT infrastructure from the larger enterprise, reducing the attack surface, thus preventing any threat to the general enterprise IT environment.
- Know & Limit Access – Implementing multi-factor authentication to prevent malicious actors from accessing a user’s credentials and privileges to mount an attack.
- Detect & Respond – Having a continuous record of security events along with detecting aberrant operations and actions in the SWIFT framework.
The Right Managed File Transfer (MFT) Suite Can Help You Comply
Globalscape’s MFT platform, Enhanced File Transfer (EFT), can help your organization compliantly integrate with SWIFT. EFT can be deployed and configured quickly, and changes to SWIFT transfers can be made quickly and easily without any scripting.
In a recent use case, Globalscape engineers designed a simple, powerful, and affordable SFTP solution to assist a leading consumer goods company in achieving SWIFT compliance. Read more here.
For more information on how EFT can help your organization comply with SWIFT requirements, check out the EFT Product Suite.