SWIFT, the system banks use to send payment instructions worth trillions of dollars each day, was hacked at least three times over the summer and cyber attacks on banks are set to intensify, the cooperative said on Monday (September 26).
The theft of $81 million in February from Bangladesh’s central bank using SWIFT messages rocked faith in the system whose messages had, until then, been accepted at face value.
SWIFT chief executive Gottfried Leibbrandt told the Sibos conference in Geneva that hackers successfully breached the systems of two banks over the summer and a third bank repelled an attack before fraudulent SWIFT messages could be sent.
In the two cases where hackers sent payment instructions over SWIFT, the orders were not fulfilled because the receiving banks thought they did not conform with normal message patterns and questioned them.
In the third case, the bank had installed a patch from SWIFT which allowed the lender’s system to spot the infiltration.
“In all of those cases no money was lost,” Leibbrandt said.
The Belgium-based cooperative, which is owned by banks, said it was introducing a set of mandatory security measures in response to the attacks which customers were expected to take to safeguard their systems against cyber heists.
Customers will be required to show each year that they have checked 16 mandatory controls. In 2018, SWIFT will inspect clients and if they do not comply with the standards, the cooperative will inform the non-compliant bank’s counterparties and regulators.
Leibbrandt declined to comment when asked by reporters if SWIFT would boot non-compliant banks off the system.
SWIFT chairman Yawar Shah told the conference that the threat of cyber attacks was going to get worse and that banks needed to tighten their security practices.
“This rapidly evolving threat is a game changer,” he said.