• Login
  • Sign Up
  • Fields marked with * are required!






    HomeBlog2017Security Controls Under the New SWIFT Customer Security Programme

    BLOG

    BLOG POSTS

    TAG CLOUD

    BIS | BOOST | code | community | EBAday | financial inclusion | financial interoperability | financial transactions | FINkers United | FinOps Suite | FinTP | FinTPc | FinTP project | hackathon | Innotribe | innovation | interview | Money2020 | open source | payments | SEPA | SIBOS | Sibos 2010 | Sibos 2011 | Sibos 2012 | SWIFT | SWIFT products and services | TOSS | User Group | whizzer | Workshop

    Security Controls Under the New SWIFT Customer Security Programme

    26 June 2017

    Cyberattacks are becoming more and more prominent and the funds transfer arena is one of the preferred targets of such threats. Given the agility and evolution of these cyber threats, combating fraud on the long term is a challenge and a key prevention factor for the entire financial industry.

    CSP Context and Principles

    As SWIFT partner since 2003, Allevo sustains and promotes SWIFT’s initiative to launch the Customer Security Programme (CSP), which aims to improve information sharing throughout the financial community, enhance SWIFT-related tools and provide audit frameworks, while recommending best practices and guidelines for fraud detection. Being at the heart of the banking-financial industry, SWIFT is committed to playing an important role in reinforcing and safeguarding the security of the wider ecosystem.

    The SWIFT Customer Security Controls Framework describes a set of mandatory and advisory security controls for SWIFT customers and addresses all entities that have an active BIC8. All controls are articulated around three main objectives:

    • ‘Secure your Environment’ – SWIFT customers are individually responsible to protect and secure their local environments in general, as well as the back-office systems that come in contact with SWIFT applications in particular
    • ‘Know and Limit Access’ – prevent and detect fraud in your commercial relationships – your counterparts
    • ‘Detect and Respond’ – defend against future cyber threats.

    Mandatory security controls establish a security baseline for the entire community, and must be implemented by all users on their local SWIFT infrastructure. SWIFT has chosen to prioritize these mandatory controls to set a realistic goal for near-term, tangible security gain and risk reduction.

    Self-attestations must be submitted by the end of 2017, starting July, and in this endeavor, SWIFT will work in close partnership with the banking community, to ensure everything goes as smoothly as possible for all parties involved.

    CSP actions include the introduction of 16 mandatory security controls, new services meant to help prevent and detect fraudulent activity, as well as community-wide information sharing initiatives that prepare for, and defend against, future attacks.

    The 11 advisory controls are based on good practice that SWIFT recommends users to implement. Note that some of them may in time become mandatory as well, due to the evolving threat landscape. Since nothing beats being prepared ahead of time, you should also consider these advisory aspects once all the mandatory requirements are met.

    CSP and SWIFT’s 2020 Strategy

    CSP is a multi-year programme, whose measures should become part of everyday practice, and although clear delivery milestones have been defined, there is no definitive end to this programme, as levels of security should constantly heighten in order to stay ahead of emerging cyber threats.

    As far as SWIFT2020 is concerned, you may already be aware that it focuses on operational excellence in SWIFT’s core financial messaging services in order to deliver on the highest expectations of customers, in terms of security, reliability and availability of service, while also addressing new cyber and geopolitical challenges.

    Considering the role SWIFT plays as an industry-wide cooperative, CSP not only fits like a glove for this long-term strategy focused on security, but is quite a natural extension of it.

    The Bigger Picture

    Besides these security controls, SWIFT has also introduced enhanced security features to their products, designed to assist users in addressing security concerns, such as stronger password management, enhanced integrity checking and built-in two-factor authentication.

    SWIFT is not only concerned with banks per se, but the entire ecosystem revolving around them, and banks should also care about breaches of security outside their walls, on their counterparties’ side.

    Part of what SWIFT can and will do on this matter is to keep banks up to date with relevant cyber intelligence, and to continue to expand their information sharing platforms. SWIFT is engaging with vendors and third parties to help secure the broader environment, but banks should also act in a timely manner on SWIFT information and security updates, of course.

    After all, this whole hassle is for the greater good of keeping everyone’s finances safe…

    *Article based on information found on SWIFT’s website.

    TAGS:
    SWIFT products and services

    Leave a Reply

    We use cookies to deliver a cosy experience on our website.

    The website is built over Wordpress and it uses plugins to display content as intended.

    By accepting this notice, you consent to cookies on this device as per our Cookie Policy.

    Some contents or functionalities here are not available due to your cookie preferences!

    This happens because the functionality/content marked as “%SERVICE_NAME%” uses cookies kept disabled. To view this content or use this functionality, please enable cookies: click here to open your cookie preferences.