LONDON (Reuters) - The SWIFT inter-bank messaging network plans to send daily reports to clients to help them more quickly identify unauthorized payment instructions like those used by hackers to steal $81 million from Bangladesh’s central bank in February.
Trillions of dollars worth of inter-bank payments are made each day using SWIFT messages but the Bangladesh theft and others which have came to light this year have knocked confidence in the supposedly super-secure system.
SWIFT said in a statement on Tuesday that from December it would begin sending ‘Daily Validation Reports’ to clients.
These would list the messages sent from the client’s SWIFT terminal, thus allowing a bank to spot any payment instructions that it had not intended to send.
The report will also contain a risk report aimed at showing whether transfer instructions deviated from the client’s typical payment patterns.
In the Bangladesh heist and a $12 million theft from a Colombian bank last year, hackers covered their tracks by deleting records of fraudulent SWIFT messages they sent from the banks’ terminals.
In both cases, it took days for the thefts to be discovered.
The new reports will be sent to customers’ payments and compliance teams through a separate channel to the normal SWIFT terminal, so that even if hackers have gained access to the terminal, the reports will get through.
Some former SWIFT staff and clients say the Belgium-based organization, a co-operative controlled by the biggest global banks, have been slow to react to growing security risks in recent years.
SWIFT denies it overlooked risks around unauthorized access to client terminals, saying it was up to banks to secure their own facilities.
However, in June the co-operative launched a new ‘Customer Security Programme’ and is in the process of developing new measures to help clients, particularly smaller banks, ensure they are not victims of hacking.
Reporting by Tom Bergin; Editing by Richard Balmforth