Out-Law News 2 min. read
24 May 2016, 4:41 pm
In a speech in Brussels on Tuesday, Gottfried Leibbrandt said cyber fraud is "a big deal" that "gets to the heart of banking".
Leibbrandt's comments represent the latest warning from SWIFT on the cyber risks facing banks and follow an attack on Bangladesh Central Bank's computers in February which resulted in a theft of $81 million from the bank's account, as well as subsequent uses of malicious software (malware) that have affected other banks that SWIFT has identified.
"First it’s a problem because banks that are compromised like this can be put out of business," Leibbrandt said. "It’s not like retailers losing credit card details or telcos losing customer details. Telcos and retailers will take reputational hits, and may face some financial liabilities, but things will move on. When banks lose control of access to their payment channels, it’s different. In the recent cases, thieves were able to move just some of those banks’ overseas assets. As a result, for the banks concerned, the events haven’t been existential. The point is that they could have been."
In his speech Leibbrandt outlined a "five-part customer security programme" to help address cyber risks facing banks. As part of that initiative Leibbrandt said better sharing of information on cyber threats is needed across banks, third party suppliers, policymakers, regulators and SWIFT itself.
"Banks can learn from one another about the modus operandi and put better preventative measures in place; entities like SWIFT can serve as the information sharing channel, and we can develop indicators of compromise to help those banks improve their detective capabilities," Leibbrandt said. "But information sharing needs to get better, much better. It is critical that the global financial community works together to bolster our mutual security. We are calling for a collective effort in our global financial community to reinforce the security of our entire, shared system."
Leibbrandt said SWIFT "will demand more information of our customers, and share that back with the community" and intends for information sharing practices to be established on "an international scale".
"We will do it in a confidential way that uses the data while protecting the identity of the institution and customers," he said.
SWIFT will also "harden security requirements for customer-managed software" and "develop security audit frameworks for customers", he said.
Through its customer security programme SWIFT will also look to "support banks’ increased use of payment pattern controls to identify suspicious behaviour" and a new certification regime will also be set up for third party providers wishing to participate in the financial network, Leibbrandt said.
Banks were also urged to help improve cybersecurity through innovation.
Leibbrandt said: "Bring on the next generation of pattern recognition, monitoring, anomaly detection, authentication, biometrics – and a host of innovations we have yet to develop that will improve and preserve the security of our industry. We need more of these incredible innovations, and just as importantly, our industry needs to use more of what’s already available to us."