But the reports will arrive up to a day after the payments were made, leaving criminals with a window of opportunity Swift is introducing a new reporting system to help banks identify fraudulent payments made over its financial transfer network — but the reports will arrive up to a day too late to stop them. Over the last year, cybercriminals have hacked systems at a number of banks, using their credentials to issue fraudulent payment instructions over the Swift network. Swift’s network wasn’t comprimised, but because genuine credentials were used on authorized bank terminals, no alarms were raised until some time after the transfers were made, leaving victims struggling to recover their funds from the destination accounts. From December, Swift will send banks a Daily Validation Report, summarizing activity across currencies, countries and counterparts (destination banks), and also highlighting large or unusual payments and new combinations of payment parties. Banks can then reconcile details of such payments with their own records of the transfers they intended to make. Any discrepancies would provide warning of fraudulent activity, increasing banks’ chances of cancelling the transfers. But critics might say the report is just a way to shut the stable door a little sooner after the horse has bolted. Criminals timing their illicit transfers for just after Swift generates its daily reports could have a whole day to empty the destination account and make off with the proceeds. In the attack on Bangladesh Bank disclosed in February, thieves initially sought to transfer $951 million, and ultimately got away with $81 million of that. The other transfers were blocked or cancelled, or the funds returned. Swift plans to send the summaries via a different channel to the one used to make payments. That way, if criminals have compromised a bank’s Swift terminal to the point where they can hide locally generated reconciliation records, they will not also be able to intercept and tamper with the validation report. That, security researchers said in April, was what the Bangladesh Bank attackers tried to do with some custom malware. In May, Swift said attackers had sought to cover up their actions in a similar way at a second of its customers, widely believed to be a commercial bank in Vietnam. Related content news Palo Alto extends SASE security, performance features Palo Alto rolls out Prisma SASE 3.0 to secure unmanaged devices, increase AI capabilities. By Michael Cooney May 02, 2024 3 mins SASE Network Security Networking how-to The logic of && and || on Linux These AND and OR equivalents can be used in scripts to determine next actions. By Sandra Henry-Stocker May 02, 2024 4 mins Linux analysis Cisco-backed startup Corelight raises $150M to expand network security services Corelight aims to boost AI-driven security operations, cloud visibility and detection, and next-generation SIEM platforms. By Michael Cooney May 02, 2024 4 mins Network Security Networking news F5 looks to squelch 'ball of fire' that is application security Updates include security scanning and penetration testing capabilities for web applications, as well as a new container-based web application firewall. By Michael Cooney May 01, 2024 4 mins Firewalls Network Security Networking PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe