Notice follows reported breaches at customer sites in Bangladesh, Vietnam and Ecuador
Attendees of a finance conference visit the Society for Worldwide Interbank Financial Telecommunication stand during at the Dubai International Convention and Exhibition Centre in 2013.
The global interbank fund-transfer service Swift told customers Friday it is working on new measures to better secure links to its network after a series of breaches and reminded banks they are required to immediately report any unauthorized access to the system.
The message came in a notice sent by Swift, the Society for Worldwide Interbank Financial Telecommunication, to its customers, detailing steps it is taking to better safeguard its network against increasingly sophisticated cyberthreats.
“We specifically remind all users to respect their obligations to immediately inform Swift of any suspected fraudulent use of their institution’s Swift connectivity or related to Swift products and services,” the company wrote.
The notice to users follows a series of attacks at customer sites in recent months: one in February at the central bank in Bangladesh, one in Vietnam at a commercial bank called TPBank, and one in early 2015 at Ecuadorean bank Banco Del Austro. Swift said Thursday it hadn’t been alerted to the breach in Ecuador.
Swift has repeatedly said its core-messaging network and services weren’t compromised, and the culpability lies at the customer end. But it is taking steps to enhance the system’s overall resilience to such attacks. That fight, said Swift, involves customers becoming more proactive about sharing the latest intelligence about attacks or breaches, and using their “collective force to reduce the risk of cyberintrusions.”
“The security of our global financial community can only be ensured through a collaborative approach,” the company wrote in the notice. “To this end, it is essential that you share critical security information related to Swift with us.”
In section 14.2.2 of its terms and conditions with customers, Swift states customers must notify Swift Customer Support promptly of any problems, assist Swift in investigating and resolving the issue, and respond promptly to any actions required. It is unclear if Swift has taken any actions to enforce these conditions in the past.
Swift said it has a new program for beefing up security that it will detail next week, following feedback from a board committee and its regulators. But in an initial step, to improve security, it has centralized all information about ongoing attacks and security measures in a restricted section of its website.
Swift, a member-owned industry cooperative, is regulated by the G-10 central banks under the leadership of the National Bank of Belgium. The company, which is based outside of Brussels, has more than 11,000 financial institutions and corporations as customers, and processes millions of funds-transfer instructions daily.