SWIFT – The Catalyst Behind Cyberattacks on the Banking System

Everything you need to know about SWIFT, the payment messaging system used by banks across the world.

S Aadeetya
Tech News
Updated:
Most banking frauds in recent times have a common element, which is Swift. 
i
Most banking frauds in recent times have a common element, which is Swift. 
(Photo: iStock/Altered by The Quint)

advertisement

(The story was first published on 21 February 2018 and has been recontextualised after the recent bank attacks were done via SWIFT payments.)

The State Bank of Mauritius said its Indian operations faced a cyberattack that could lead to a potential loss of $14 million (about Rs 100 crore) in the third such breach in the country this year.

The attack happened on 2 October through fraudulent SWIFT payments and the bank is conducting an internal investigation, according to a statement on website of SBM Holdings, the lender’s parent.

It’s a case of deja vu for many, even in India, who were jolted by the recent Rs 11,300 crore banking scam involving diamantaire Nirav Modi and Punjab National Bank.

You’d be wondering what does the Nirav Modi scam have to do with the recent attack on a bank. The common denominator is the global banking technology called ‘SWIFT.’

So, what is SWIFT and how is it used? We tell you everything there is to know.

What Is SWIFT

SWIFT – or Society for Worldwide Interbank Financial Telecommunication – is a well-known electronic payment messaging service used by banks to transfer big-ticket transactions. This is the same banking technology which was allegedly misused by hackers in the $81 million Bangladesh Bank heist last year.

SWIFT succeeded Teleprinter Exchange (Telex), which was used to transmit data during World War II. SWIFT was developed out of Brussels in 1973 by a group of seven banks. As technology evolved, Telex, which registered human errors, was replaced with SWIFT – it was seen as a secure alternative back then.

Bank transfers happening via SWIFT are used by various countries. (Photo: Reuters)

Presently, SWIFT is trusted by over 11,000 financial institutions across 20 countries, including banks, brokerages, mutual fund firms, and those dealing in securities.

A basic messaging system, SWIFT does not directly involve money, but its main process revolves around checking and verifying the transaction to be made.

ADVERTISEMENT
ADVERTISEMENT

How SWIFT Works

As experts put it, a successful SWIFT transaction involves three people: a maker, who initiates the transaction and reaches out to the checker, the checker, who passes the same to the verifier, and a verifier who authorises it. Once the verifier gives the go-ahead, the takes the transaction forward.

Initially, these steps were thought to have minimised fraud, but recent incidents tell a different story.

Like every banking transaction, SWIFT also functions around its ecosystem which comes in the form of SWIFT codes. This is a standard format of bank identifier codes (just like IFSC codes in India) that are approved by the International Organisation for Standardization (ISO).

SWIFT codes act as identity of banks used while transferring money, especially during international wire transfers. It is also used to exchange other messages between banks.
How SWIFT codes are formed. (Photo: The Quint)

Let’s take a practical example to make things clearer for you. If customer A goes to his bank to transfer money via SWIFT to customer B in another country, both banks will communicate via the system, cross-check for the finances in question, and the verifier gives the maker the go-ahead for the money to be sent.

And if you think all this is free to use, then no, SWIFT provides its services for a fee. It basically makes money for setting up the network, servicing it, and charging for the equipment fee. It also earns a commission on every message that is sent.

Where the Problem Lies

All this sounds good enough, right? What could possibly go wrong with this system? The biggest loophole in SWIFT is also the main reason why banking heists have taken place recently.

Most banks believe that setting up their own SWIFT system keeps them secure from other banking networks. This self-dependent approach has worked against them, resulting in large-scale, untraced money movement.

And it’s no surprise to see that Punjab National Bank is operating with its dedicated SWIFT interface available on-premises. Its SWIFT system was under the control of two managers, who managed to control the movement of money with the SWIFT codes of the bank, making them hard to detect.

Alarm bells were also raised by the Reserve Bank of India on Tuesday, 20 February. It said the central bank had "confidentially" cautioned banks thrice since August 2016 on the risks arising from malicious use of the SWIFT system, something that obviously hasn’t been taken seriously by the banks.

All in all, if the Bangladesh bank heist and the Nirav Modi scam are anything to go by, then the weakness in the SWIFT messaging system surely needs urgent attention.

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)

Published: 21 Feb 2018,06:46 PM IST

ADVERTISEMENT
SCROLL FOR NEXT