Business Essentials for Professionals


Media Reports say SWIFT Security Scrutinized by Major US Banks

Media Reports say SWIFT Security Scrutinized by Major US Banks
Media reports making the rounds of banking and technology markets claims that following cyber attacks in Bangladesh and Vietnam involving fraudulent transfer requests a number of major U.S. banks are scrutinizing security of the SWIFT messaging network.
The Wall Street Journal reported, citing people familiar with the matter that amid questions about the breaches at two Asian banks, the very large US bank, JPMorgan Chase & Co, has limited SWIFT access to some employees.
The bank is doing this as a part of its policy to review user access to certain systems following news of a security threat and the actions are not tied to a specific concern about JPMorgan's vulnerability to SWIFT, The Wall Street Journal said, citing a person familiar with the bank.
Representatives with JPMorgan could not immediately be reached for comment.
A cooperative owned by some 3,000 global financial institutions operates and runs Brussels-based SWIFT.
In the wake of the attacks, which involved fraudulent transfer requests sent over SWIFT's private bank messaging system, major U.S. banks want SWIFT to boost security, reported Bloomberg News in a separate article.
Bloomberg cited one unidentified source as saying that some U.S. banks want to discuss if SWIFT should help banks better secure their systems and whether SWIFT responded quickly enough to the breaches.
The Bloomberg News report cited a second unidentified source as saying that some of the U.S. banks expect SWIFT to come up with a technological solution that would help it to reduce the risk of further attacks.
Bloomberg reported, citing a private report published by BAE Systems PLC  that the malware used in an attack that Vietnam's Tien Phong Bank disclosed over the weekend contained SWIFT codes for at least seven international banks and these codes were written into malware.
Bloomberg reported that transaction messages involving those banks were hidden in the malware through a special configuration. The report names that  the SWIFT Codes of banks that were used in the malware included the Industrial & Commercial Bank of China Ltd, Bank of Tokyo Mitsubishi UFJ Ltd, UniCredit SpA, Australia & New Zealand Banking Group Ltd, United Overseas Bank Ltd of Singapore, South Korea’s Kookmin Bank and Japan’s Mizuho Bank Ltd.
Bloomberg reported, citing people familiar with several banks in the U.S. and Europe that the fact that the hackers were not focusing solely on small banks in developing nations became evident from the revelations of information that such names of such large banks were mentioned in the code which raised concerns of global lenders.

A SWIFT spokeswoman declined comment on both reports when contacted by Reuter and other media.

Christopher J. Mitchell

Markets | Companies | M&A | Innovation | People | Management | Lifestyle | World | Misc