QuickTake Q&A: Global Banking’s Message System Attracts HackersBy and
Think of Swift as the Gmail of global banking. Its message traffic -- 25 million on a typical day -- includes orders and confirmations for payments, trades and currency exchanges. Now hackers are using Swift to steal money.
1. What is Swift?
It’s an acronym for Society for Worldwide Interbank Financial Telecommunication. The member-owned cooperative, based in Brussels, was founded in 1973 to end reliance on the telex system. Its secure messaging delivers instructions among more than 11,000 financial institutions in 200-plus countries and territories. Swift is so central to global finance that Iran’s access to it was cut as part of the sanctions ordered by the EU.
2. Why is Swift in the news?
There have been multiple attempts to rob financial institutions through fraudulent Swift messaging. Bangladesh’s central bank disclosed that it had lost $81 million to hackers who breached it and tricked the Federal Reserve Bank of New York into sending funds. An earlier attempted cyber heist targeted Vietnam’s Tien Phong Commercial Joint Stock Bank. Ecuador’s Banco del Austro says hackers used Swift to move about $12 million through Wells Fargo to banks in Hong Kong last year.
3. Why is this happening?
One feature of Swift is its adaptability. A bank can choose to let employees open Swift’s main interface, Alliance Access, right from their desktop browser. That user-friendliness makes the system susceptible to schemes including phishing and malware. Hackers apparently are using faked credentials to get into Swift, ordering money transfers using banks’ identifying Swift codes, and covering their tracks with malware sneaked onto bank computer systems. Swift emphasizes that the network itself hasn’t been breached.
4. What’s next?
Swift says it’s working on new measures to tighten the network security, while reminding its member banks that they "are responsible for the security of their own environment." At Swift conferences last year and this year, there was support for moving to blockchain, or digital ledger technology, the methodology underlying bitcoin and similar crypto-currencies.
5. Who regulates Swift?
Since it doesn’t hold funds or manage accounts, Swift isn’t regulated the way a bank is. It’s overseen by the National Bank of Belgium and representatives from the U.S. Federal Reserve, the Bank of England, the European Central Bank, the Bank of Japan and other major banks. They hold Swift to a mutually agreed-upon list of five "High Level Expectations."