May 25, 2016

    Swift banks on new plan to fight hackers


    THE Swift secure messaging service that underpins international banking said it plans to launch a new security programme as it fights to rebuild its reputation in the wake of the Bangladesh Bank heist.

    Gottfried Leibbrandt, chief executive of the Society for Worldwide Interbank Financial Telecommunication (Swift), will tell a financial services conference in Brussels that it will launch a plan this week.

    Banks send payment instructions to one another via Swift messages. In February, thieves hacked into the Swift system of the Bangladesh central bank, sending messages to the Federal Reserve Bank of New York allowing them to steal US$81 million (S$112 million).

    The attack follows a similar but little noticed theft from Banco del Austro in Ecuador last year that netted thieves over US$12 million and a previously undisclosed attack on Vietnam's Tien Phong Bank that was not successful.

    The crimes have dented the banking industry's faith in Swift, a Belgium-based cooperative owned by its users.

    The Bangladesh Bank hack was a "watershed event for the banking industry", Mr Leibbrandt will say.

    Swift wants banks to "drastically" improve information sharing, toughen up security procedures and increase use of software that could spot fraudulent payments.

    It will also provide tighter guidelines that auditors and regulators can use to assess whether banks' Swift security procedures are good enough.

    Mr Leibbrandt will again defend Swift's role, saying the hacks happened primarily because of failures at users.

    However, some finance industry executives say Swift has not been as active as it should be in improving security.

    Users frequently do not inform Swift of breaches of their Swift systems. Even now, the cooperative has not proposed any sanctions for clients who fail to pass on information, which it says is key to stopping future attacks.

    Some critics say Swift should also be more active in auditing clients and be ready to cut off members whose security is not up to scratch.