.jpg)
SWIFT has delivered the following customer communication to all its users, providing an update on the steps we are taking in light of the recent customer security issues.
Dear SWIFT User,
SWIFT has recently shared information regarding a number of fraudulent payment cases where affected customers suffered a breach in their local payment infrastructure. We would like to reassure you again that SWIFT’s network, services and software were not compromised. While customers are responsible for the security of their own environment, security is our top priority and as an industry owned cooperative we are committed to helping our customers fight against cyber-attacks.
In this letter, we provide you with an update on the steps that we are taking in light of these recent customer cases, and on specific measures we need you to take to ensure that our community is using its collective force to reduce the risk of cyber intrusions.
Information sharing approach
SWIFT will continue to notify you as soon as possible of any cases of malware known to us so that you can better target your preventative and detective efforts in your local environment. We will also continue to share best practices to help all our users improve their security as we have been doing very proactively over recent months. We are currently working to further reinforce our support to customers in securing their access to the SWIFT network; we are receiving feedback from the relevant board committee and overseers in the coming days and will be sharing plans with the wider community. We will provide further information on a new programme shortly.
Given that we are a global community, we need to share relevant cyber information amongst ourselves. To improve information sharing, as a first step, we will be centralising all new and existing security information though KB tip 5020928 in the restricted customer section on SWIFT.com.
We will update this tip with relevant information, including any new customer malwares or other indicators of compromise (IOCs) supporting the same modus operandi we have seen in the previous cases. We recommend that you have your IT security team review this information today and on an ongoing basis.
Going forward, all new and relevant information related to cyber incidents at customers’ institutions known to us will be posted on that KB tip, allowing your security team to have the most up to date information, which should enhance their ability to react and respond.
To access the tip, go to: swift.com > Ordering & support > Go to mySWIFT > [login] > Enter tip number in the ‘Explore our Knowledge centre’ search box and press Enter.
Furthermore to help you stay up to date, you can find all of our public statements on security matters on the home page of SWIFT.com.
Collaboration against cyber-threats
The security of our global financial community can only be ensured through a collaborative approach among SWIFT, its users, its central bank overseers and third party suppliers. SWIFT is fully committed to leading the community effort. To this end, it is essential that you share critical security information related to SWIFT with us.
We specifically remind all users to respect their obligations to immediately inform SWIFT of any suspected fraudulent use of their institution’s SWIFT connectivity or related to SWIFT products and services. In such cases SWIFT may require certain diagnostic information from you as set out in our terms and conditions (14.2.2).
To notify SWIFT at any time please contact Customer Support [Click on ‘Support tools’ in the login area of swift.com> Support Services > Contact Support].
Your organisation’s role in this effort is critical. Incorporating these steps as part of your security protocol will allow SWIFT to better support your institution in solving any issues that may arise, to understand any patterns between cases, and to provide general advice and alerts to other users in order to protect them from similar cases. Any information shared will be treated confidentially within the existing framework between SWIFT and its users.
We appreciate you working together with us to further reinforce the security of the global banking system.
Sincerely,
SWIFT
