Cybercrime remains a top threat to the financial sector, with cyberattacks considered the number one man-made global risk by the World Economic Forum.
The sophistication of threat actors is increasing, attacks are continuing and virtually any organisation can be a target. Robust fraud prevention programmes are now an absolute must for banks, but what else can be done to diffuse the threat?
The growing and evolving threat of cyberattacks has never been more pressing, and the modus operandi of malicious actors is changing. Historically attacks focused on data theft, such as stealing credit card, debit card or bank account details, and served as an enabler of other criminal activity. As technology has evolved and increased in sophistication, so too have the tactics deployed by those seeking to carry out the attacks. Criminals are increasingly committing institutional payments fraud, attacking and compromising banks’ back office to then initiate fraudulent payments from the banks’ own systems.
Institutional payments are an attractive vehicle for criminals due to the potential scale of the thefts. Within the institutional segment, cross-border payments are particularly attractive owing to their multi-jurisdictional nature – attackers can hope to avert capture whilst authorities struggle to coordinate. Furthermore, the dramatic increase in the speed of international payments in recent years helps enable rapid payouts and complicates banks’ abilities to stop or recover funds. To fight the threat, financial institutions are bolstering the security of their back-office systems and enhancing their local security controls. They are reviewing their approach to fraud detection and prevention, and deploying new tools and services to help identify and prevent such unauthorised payments.
Banks under attack
Cyber attackers, or threat actors as they are termed in the cyber-crime prevention community, invest time and effort in understanding market and business practices and how best to defeat or circumvent banks’ cybersecurity controls. Larger threat actor groups run their operations like businesses. They use, sell and exchange toolkits and guides to facilitate attacks over extended periods of time.
“Recent trends have provided a huge wake-up call,” says Tony Wicks, head of financial crime compliance at SWIFT. “Criminals are no longer attacking the edge of the banking system – they are attacking its core. Once cyber hackers gain access to an institution’s environment, they have the potential to take complete control of, or disrupt its payment operations.”
In the wake of the Bangladesh Bank heist in 2016, there have been similar cyberattacks on banks worldwide, with particular focus on Africa, Central and South East Asia and Latin America. They also select particular jurisdictions for the cash-outs – particularly targeting ultimate beneficiary accounts in Asia Pacific, where a staggering 83% of thefts are directed. Europe, by comparison accounts for just 10%, North America for 4% and the Middle East for 3%.
“Fraudsters increasingly understand the payment landscape. They move money into jurisdictions with lower regulatory controls or where they can hide behind other legal protections. SWIFT and its community of banks, the regulators, overseers and third party cyber specialists are working collectively to tackle this threat,” adds Wicks.
The real-time challenge
In a world of interconnected global commerce, paying for goods and services across borders has become standard practice. For businesses, it is key that international trade be as frictionless as possible. As banks and corporates look to increase the speed of their cross-border payments they also wish to reduce friction. While fraud prevention measures can create some inconvenience and additional checks, they are vital to maintaining trust in the transaction chain, and ensuring the integrity of international payments.
SWIFT’s global payments innovation (gpi) is at the forefront of the transformation taking place in cross-border payments, bringing increased speed, transparency and end-to-end tracking. SWIFT gpi is helping correspondent banks to accelerate and streamline many aspects of their businesses, including compliance. However, increased speed and the ease that has produced in cross-border payments has generated new financial crime risks that need to be addressed.
“Real-time payments are becoming the norm,” says Wicks. “Instead of taking days to settle a cross-border transaction, it now just takes minutes or seconds. With SWIFT gpi, 40% of all transactions settle within 5 minutes – and more than 50% of SWIFT message traffic is now being sent via gpi. Thus, while the ability to track down a fraudulent payment has become easier thanks to the Tracker, it has also become more time sensitive owing to the speed of gpi.”
Supporting the community
The best way to address the security issues facing the industry is by taking a community-based approach. That is why SWIFT is working in close collaboration with its community of over 11,000 users to enhance the community’s security and assist users in protecting their local payments infrastructure, thereby providing a concerted response to the cyber fraud threat.
At the end of last year SWIFT launched Payment Controls, a new tool to prevent and detect fraud, which is an integral part of its Customer Security Programme (CSP). Payment Controls helps banks monitor and protect their core payments, by introducing real-time alerting and responding to fast-moving, suspect transactions efficiently.
“In the event of an attack, banks require separate controls to check and stop payments, and this in-network solution enables them to do just that,” says Wicks. “This is a significant development and provides a major means of defence for banks.”
As banks adapt to meet the opportunities and challenges of the global digital economy, the need for robust compliance practices and fraud prevention programmes is more important than ever. This is a journey that involves everyone working together in the fight against cyberattacks.