The SWIFT network transfers billions of dollars each day between banks, “We were not aware” doesn’t really cut it.
The network – which allows banks to process billions of dollars in transfers each day – is considered the backbone of international banking. SWIFT, a cooperative owned and governed by representatives of the banks it serves, was founded in 1973 and operates a secure messaging network that has been considered reliable for four decades. But recent attacks involving the Belgium-based cooperative have underscored how the network’s central role in global finance also presents systemic risk.
Apparently issues surrounding the network go much deeper than latest fraud reports (here & here). There is a real problem when no one stands up to take responsibility. Cyber thieves exploit banks’ faith in SWIFT transfer network. It seems like a weekly occurrence these days.
On January 12, 2015, a message from a secure computer terminal at Banco del Austro (BDA) in Ecuador instructed San Francisco-based Wells Fargo to transfer money to bank accounts in Hong Kong. Wells Fargo complied. Over 10 days, Wells approved a total of at least 12 transfers of BDA funds requested over the secure SWIFT system. Wells Fargo transferred $12 million of BDA’s money to accounts across the globe. Both banks now believe those funds were stolen by unidentified hackers, according to documents in a BDA lawsuit filed against Wells Fargo in New York this year.
“We were not aware,” SWIFT said in a statement responding to Reuters inquiries. “We need to be informed by customers of such frauds if they relate to our products and services, so that we can inform and support the wider community. We have been in touch with the bank concerned to get more information, and are reminding customers of their obligations to share such information with us.”
The case – details of which have not been previously reported – raises new questions about the oversight of the SWIFT network and its communications with member banks about cyber thefts and risks. The network has faced intense scrutiny since cyber thieves stole $81 million in February from a Bangladesh central bank account at the Federal Reserve Bank of New York.
On Friday, following the publication of this Reuters story, SWIFT urged all of its users to notify the network of cyber-attacks. “It is essential that you share critical security information related to SWIFT with us,” the company said in a communication to users.
The criminals behind such heists are exploiting banks’ willingness to approve SWIFT requests at face value, rather than making additional manual or automated checks, said John Doyle, who held a variety of senior roles at SWIFT between 1980 and 2005.
“SWIFT doesn’t replace prudent banking practice” he said, noting that banks should verify the authenticity of withdrawal or transfer requests, as they would for money transfers outside the SWIFT system.
This week, Vietnam’s Tien Phong Bank said its SWIFT account, too, was used in an attempted hack last year. That effort failed, but it is another sign that cyber-criminals are increasingly targeting the messaging network.
In the Ecuadorean case, Citibank repaid the $1.8 million to BDA, according to a BDA court filing in April. For its part, Wells Fargo refunded to BDA $958,700 out of the $1,486,230 it transferred to an account in the name of a Jose Mariano Castillo at Wells Fargo in Los Angeles, according to the lawsuit.
The BDA theft and others underscore the need for banks on both sides of such transactions – often for massive sums – to rely less on SWIFT for security and strengthen their own verification protocols, Cumberland said.
Show me the
More Here [reuters]