Cyber security news for all


    How cyber criminals use security holes in SWIFT?

    Payment instructions via SWIFT are generally considered safe. But there are loopholes in the system through which criminals regularly manage to commit fraud. Banks are increasingly using AI tools such as User Entity Behavior Analytics to protect themselves and their customers.

    SWIFT is a platform that does not itself manage any accounts or credit balances and through which financial institutions from all over the world carry out financial transactions with one another. The platform was originally founded to facilitate treasury and correspondence. The format turned out to be very safe and practical in the following years, so that more and more participants used the platform. In addition to central banks and normal banks, Swiftnet is now used by large companies, securities dealers, foreign exchange and numerous other market participants.

    security holes SWIFT

    Criminal Transactions In SWIFT Platforms

    Wherever people are responsible for adhering to processes, there are loopholes in security. Fraud with criminal transactions has also already occurred with the actually very secure Swift platform. This is possible if the processes of the Swift message clerk are not adhered to.

    In one case, one clerk faked a loan and the transfer was confirmed by all clerks. The transaction went through and was noticed later when it was too late. During the later investigation, it turned out that clerks had not conspired to commit the fraud, but that a single employee had simply processed and confirmed all parts of the process. The weak point was the organization of the bank, which was supposed to prevent one person from acting as a maker, checker and verifier at the same time.

    In another case, a bank clerk redirected loan proceeds to his personal account, also exploiting an organizational security hole resulting from a lack of staff. The bank had failed to introduce a dual control principle for the payment instructions through SWIFT between the checker and the verifier. For example, some Swift messages have not been checked by supervisors and the clerk simply redirects money to his own account.

    Recent Articles

    Related Stories