An Opportunity for Innovation: Preventing Bank Fraud in the Face of SWIFT, NPP, and Evolving Technology
It should be no surprise to anyone, least of all security teams, that technology is ever-evolving. But while this constant innovation enables so much good in the business world, it also presents a daunting challenge for cybersecurity to match pace. The global financial services industry is currently coming face-to-face with this reality as a wave of new payment platforms and platform controls are forcing institutions to re-evaluate their security approaches.
Take, for example, the implementation of SWIFT CSC guidelines. SWIFT (the Society for Worldwide Interbank Financial Telecommunications) provides a network that allows financial institutions globally to send and receive financial transaction information. As of January 1st, SWIFT began enforcing the Customer Security Controls (CSC) Framework – a baseline of mandatory and recommended security measures that all SWIFT customers must meet. These controls emphasize the need for financial institutions to prioritize cybersecurity in a world of growing data breach risk.
Another prime example is the introduction of the New Payments Platform (NPP) in the Asia-Pacific region. As the name implies, the NPP is a new domestic payments infrastructure that enables connected Australian financial institutions to offer their customers – consumers, businesses and government agencies – near real-time interbank payments.
These real-time systems pose significant security challenges, especially when it comes to detecting bank fraud. A bank in Chile, for example, had its payment transfer system targeted by hackers, resulting in the theft of $10 million. Mexico’s central bank saw a similar attack that resulted in $15 million in losses.
These events have financial institutions globally on high alert. The rise of these real-time systems, and the guidelines surrounding them, are raising a host of complex questions for today’s financial orgnaizations: how is it possible to protect against fraud when banking technology takes these kinds of drastic steps forward? And how is it possible to keep pace with innovation when it comes at speed of these new, real-time transaction messaging platforms?
Answering these questions will require institutions to significantly rethink their security posture (since many legacy tools do not have the speed, flexibility, or scalability to cover real-time transactions). However, it is also an important opportunity to take a giant step forward. With a shift in mindset and approach, banks can protect themselves against banking fraud and meet SWIFT CSC requirements - even with the use of real-time systems.
A New Focus on Critical Priorities
In order to adjust to these innovations, organizations need to place their focus on a few major priorities:
User-Based Intelligence & Identity - It should come as no surprise that when it comes to preventing bank fraud, understanding identity is critical. Banks need to know which users initiated activities, accessed certain sensitive files, etc. – and that means basing visibility and intelligence around the user. How are users accessing and using accounts? How are users sharing and utilizing privileges? How are they handling files? And, critically, are any of these answers unusual compared to that user’s typical behavior? These are all questions that banks need to be able to not only answer, but answer in real-time - not only to meet new mandates and requirements, but also keep up with the lightning-fast nature of financial transactions.
Even beyond financial services, more and more organizations are coming to the same conclusion. In today’s world, with the growing need for flexibility and increased access to systems and data, organizations can’t afford not to base their security around the user.
Scalable Visibility and Awareness - In order to achieve effective security in such a fast-paced environment, organizations need to be fully aware of every user accessing their networks, but also every action and behavior taking place across all of their systems. This includes activity that takes place off of the corporate network, on administrative accounts - and a number of other areas that are often neglected. And this means that financial institutions need to deploy full, unobstructed visibility across the entire enterprise - not only for its practical importance, but also because it is mandated by SWIFT controls.
Employee monitoring is sometimes unfairly conflated with legacy tools, but the truth is that most use heavy, privacy-invasive methods that are largely ineffective in the modern enterprise. There is, however, a new wave of employee visibility tools that avoid the pitfalls of legacy solutions - capable of delivering meaningful, actionable insights into employee behavior in a way that’s scalable and flexible enough to work within today's distributed enterprises.
Anomaly Detection and Machine-Learning - Rule-based tools are no longer enough to stop modern cyberattacks, especially when it comes to internal fraud or data loss that’s more deeply entrenched in shades of grey, like negligent data risk. The average organization faces so many different variables when it comes to how data is handled -- and lost or stolen -- that it is unrealistic to think that a rule could be developed to watch for every potential risky scenario. At best, rules drown analysts in noise. At worst, they let bad actors sneak in and data slip out through the cracks.
This is doubly true when it comes to real-time payment platforms. In their CSC controls, SWIFT formally recognized the need for anomaly detection. This is the natural evolution of truly understanding identity and user behavior. Monitoring may provide the ability to see or capture user behaviors, but intelligence is recognizing when that behavior is normal vs. abnormal and delivering reliable, meaningful information accordingly. And that leads us to the final critical aspect of complying with these controls:
Speed, Flexibility, and Adaptability – Real-time technology means that everything is moving faster: data, transactions, communications, and users. It also creates an environment where threats are moving targets, with increasingly stealthy and rapidly changing tactics. What’s more, the real-time nature of these irrevocable transactions means that threats need to be detected in a matter of minutes, not hours, days, or weeks.
With this in mind, it’s imperative that financial institutions build security systems that are also able to quickly adapt and shift priorities. This means focusing on lightweight tools that don’t require prohibitive set-up or tuning, so that you can shift priorities when necessary. This is yet another reason why anomaly detection is so critical: rules simply don’t provide the flexibility necessary for a real-time environment.
Defining a Universal Approach
The first step to building a sustainable cybersecurity plan in the face of technological advancements -- as the banking industry must -- is building upon these foundational principles. Ultimately, most of the SWIFT CSC controls apply to the above tenants, and each of those considerations are critical when it comes to fighting bank fraud and other security threats in a real-time environment.
But, it is also important to recognize that this challenge is by no means limited to the financial services industry. While regulated industries are often the ones that are forced to adopt new technologies due to laws or regulations, every industry should constantly be re-assessing their security measures - ensuring they are up-to-par and able to protect the systems and infrastructure they have in place.
And every organization, no matter the industry, will inevitably be forced to evolve their cybersecurity practices as technology innovates and changes. In the short term, it may cause some upheaval. In the long term, however, these considerations will result in a stronger, faster, and smarter security foundation.