Banks tighten SWIFT system security after hacks
hacks had encouraged it to go one step further.
The bank is introducing a new layer of security whereby the staff who are approved to send SWIFT payment instructions must now sign on with a fingerprint scanner. This is in addition to passwords and a physical computer key.
“It was easier for us to make that investment knowing what has happened,” he told Reuters in an interview. “It suddenly became more important to get something like that.”
In time, SocGen may press its counterparties to use a similar system, only agreeing to fulfill payment instructions which carry a digital fingerprint, Desserre said. But he said cost could slow a broader rollout of the technology.
Facebook friends
In the wake of the hacks, the French bank also went through its SWIFT system to weed out redundant communications channels. SWIFT operates like Facebook in that members can only send messages to confirmed counterparties. But sometimes these links remain open even after business relationships end.
SWIFT’s Chairman Yawar Shah told delegates at the conference that such open channels were a security risk and that all banks should weed out unused channels.
Desserre said Societe Generale had removed thousands.
Cheri McGuire, Chief Information Security Officer at Standard Chartered said her bank was also conducting an internal review around its SWIFT systems. But banks are not just looking at their own systems.
The Bangladesh Bank heist involved diverting money held at accounts at the Federal Reserve Bank of New York into accounts in the Philippines.
Bankers said to avoid this happening in the future bigger banks needed to ensure the smaller banks they work with have appropriate security procedures.
Sergio Dalla Riva, Head of Product Development, Global Transaction Banking at Intesa Sanpaolo S.p.A. said understanding the security capabilities of your clients was becoming part of customer due diligence.
Lev Khasis, Chief Operating Officer at Sberbank, Russia’s biggest bank by assets, said he expected regulators to tighten oversight of security practices but that peer pressure would also play a role.
“Some big banks will be pushing their smaller counterparties to move in that direction,” he said. Sberbank was already pushing its clients in this way, he said.
New technology
The SWIFT hacks are also spurring interest in new technologies.
Lars Sjogren, Global Head of Transaction Banking at Danske Bank said his bank was working with technology companies to develop tools that would spot unusual and potentially fraudulent payment instructions sent via SWIFT.
“Payments of a certain size by a customer to people they normally pay should be green-lighted. But others could be yellow or red-lighted. There is a huge demand from our customers for that kind of service,” he said.
Others are looking at technologies which might one day replace the current SWIFT “FIN” message which banks send to tell another bank to move money around.