12 Dec 2019
According to a new report (“How Banks Are Combating the Rise in SWIFT Cyber Fraud”) from EastNets, the problem of SWIFT fraud may be more widespread and dangerous than originally thought. In the aftermath of the epic $81 million SWIFT fraud attack on Bangladesh Bank in 2016, the SWIFT interbank messaging platform immediately put new safeguards in place in order to neutralize risk. However, EastNets surveyed 200 banks worldwide and found that 4 in 5 of these banks had experienced at least one SWIFT fraud attempt since 2016, and the problem appears to be growing on an annual basis.
Key findings on SWIFT fraud
Despite best efforts by SWIFT to upgrade the security profile of its network, it appears that SWIFT cyber fraud is actually on the rise, not the decline, since 2016. Of those surveyed, 2 out of 3 banks said that SWIFT cybercrime had increased since the Bangladesh Bank incident of 2016. Moreover, only 2 in 5 banks are “very confident” that they have detected every attempt at SWIFT cyber fraud, opening up the prospect that the SWIFT fraud issue might actually be worse than described in the report.
Despite this spike in SWIFT cybercrime activity, most banks and financial services providers are taking a hands-off approach to dealing with this problem. According to the EastNets report, a “significant portion” of the banks surveyed said that they still did not have prevention policies in place to address SWIFT fraud. In many ways, they appear to be relying on the SWIFT network to do all the heavy lifting – or they might simply be burying their heads in the sand, hoping that the problem just goes away.
One problem, says EastNets, is that “insider risk” is on the rise. In other words, hackers on the outside are combining forces with employees at banks in charge of sending or receiving SWIFT payments in order to approve certain financial transactions or to override any red flag signals the security system might be generating. According to the SWIFT fraud report, 1 in 7 banks have experienced at least one SWIFT fraud attempt involving an employee.
While the problem of SWIFT fraud is worldwide, the problem appears to be particularly acute in the Asia-Pacific region. This, of course, was the region where the epic Bangladesh Central Bank fraud took place (which involved accounts the bank had the Federal Reserve Bank of New York). Asia is also a prime destination for “beneficiary accounts” linked to hackers. Of the money stolen from the SWIFT network, 83% is forwarded to beneficiary accounts in Asia, and 10% to Europe. Moreover, the risks involving banks in Asia-Pacific are highlighted by the fact that almost 100% of banks and financial services providers in the Asia-Pacific region using the SWIFT payment network have been victimized at least once by SWIFT fraud. In other words, it’s not a matter of “if” SWIFT fraud is going to occur in Asia, but “when.”
Recommendations and best practices to avoid SWIFT fraud
While the EastNets report paints a dismal picture of SWIFT fraud on a global basis, it also offers a few recommendations, insights and best practices for dealing with this growing problem. For example, EastNets suggests that “internal collaboration” between the various departments of a bank is more important than ever in order to spot fraud. Only 20% of the banks surveyed said that internal departments collaborate “very strongly” to prevent SWIFT cyber fraud.
By Nicole Lindsey, CPO Magazine, 11 December 2019
Read more at CPO Magazine
RiskScreen: Eliminating Financial Crime with Smart Technology
You can claim CPD minutes for this content, by signing up to our CPD WalletFREE CPD Wallet