Banks use a service to send secure messages built by the Society for Worldwide Interbank Financial Telecommunications (SWIFT) to send financial transaction instructions. But recently it hasn't been so secure: Hackers stole $12 million from Ecuador banks earlier this week, the latest in a slew of thefts. Today, SWIFT released a plan to work with its customers (the banks) to shore up the messaging system's security.
The plan is rooted in some standard anti-cyber attack strategies: Share information on breach attempts, beef up safety tools and enforce security protocols at all staff levels. While SWIFT's core business has been passing authenticated messages between banks, the security overhaul includes checking whether those messages are consistent with past activity, much like how banks flag suspicious activity on personal accounts.
But the outline seems more plaintive than commanding, urging SWIFT customers to obey its security protocols rather than requiring adherence to use the service. As SWIFT CEO Gottfried Leibbrandt said in a statement, "While each individual SWIFT customer is responsible for the security of its own environment, the security of global banking can only be ensured collectively."
This year has already seen numerous instances of fraudulent SWIFT requests funneling money into hackers' dummy accounts. Earlier this month, a Vietnamese bank prevented an attempted heist, while a typo tipped off bank officials to an attempt in Bangladesh back in February -- but not before the thieves made off with $81 million. The latter group of hackers have also been connected to SWIFT-breaching attempts in the Philippines and other Southeast Asian countries.