Dr.P.G.

Arul
Dept. of International Business
Pondicherry University
Pondicherry - 605014
Introduction:
• Today, it is easy to walk into a bank and transfer money anywhere around
the globe.
• SWIFT stands for the Society for Worldwide Interbank Financial
Telecommunications. It is a messaging network that financial institutions
use to securely transmit information and instructions through a
standardized system of codes.

• Behind most international money and security transfers is the SWIFT

system, a vast messaging network used by banks and other financial
institutions to quickly, accurately, and securely send and receive
information such as money transfer instructions.
• Every day, nearly 10,000 SWIFT member institutions send approximately
24 million messages on the network.
How SWIFT Operates?
SWIFT assigns each financial organization a unique code that has either eight
characters or 11 characters. The code is called interchangeably the bank identifier
code (BIC), SWIFT code, SWIFT ID, or ISO 9362 code.
To understand how the code is assigned, let’s look at Italian bank UniCredit Banca,
headquartered in Milan. It has the 8-character SWIFT code UNCRITMM.
• First four characters: the institute code (UNCR for UniCredit Banca)
• Next two characters: the country code (IT for the country Italy)
• Next two characters: the location/city code (MM for Milan)
• Last three characters: optional, but organizations use it to assign codes to
individual branches. (The UniCredit Banca branch in Venice may use the code
UNCRITMMZZZ.)
• (The main difference between an International Bank Account Number (IBAN) and a Society for Worldwide Interbank
Financial Telecommunication (SWIFT) code lies in what they identify. A SWIFT code is used to identify a specific bank
during international transaction, whereas IBAN is used to identify an individual account involved in the international
transaction. Both play an essential role in ensuring the smooth running of the international financial market)
Sample Transaction:
• Assume a customer of a Bank of America branch in New York wants to send
money to his friend who banks at the UniCredit Banca branch in Venice. The New
Yorker can walk into his Bank of America branch with his friend’s account number
and UnicaCredit Banca’s unique SWIFT code for its Venice branch. Bank of
America will send a payment transfer SWIFT message to the UniCredit Banca
branch over the secure SWIFT network. Once Unicredit Banca receives the SWIFT
message about the incoming payment, it will clear and credit the money to the
Italian friend’s account.

• As powerful as SWIFT is, keep in mind that it is only a messaging system—SWIFT

does not hold any funds or securities, nor does it manage client accounts.
World Before SWIFT
• Prior to SWIFT, Telex was the only available means of message
confirmation for international funds transfer. Telex was hampered by
low speed, security concerns, and a free message format--in other
words, Telex did not have a unified system of codes like SWIFT to
name banks and describe transactions. Telex senders had to describe
every transaction in sentences which were then interpreted and
executed by the receiver. This led to many human errors.
• To circumvent these problems, SWIFT system was formed in 1974.
Seven major international banks formed a cooperative society to
operate a global network that would transfer financial messages in a
secure and timely manner.
Why is SWIFT Dominant?
• Within three years of introduction, SWIFT membership had increased
to 230 banks across five countries. Although there are other message
services like Fedwire, Ripple, and CHIPS, SWIFT continues to retain its
dominant position in the market. Its success is attributed to how it
continually adds new message codes to transmit different financial
transaction.
• While SWIFT started primarily for simple payment instructions, it now
sends messages for wide variety actions including security
transactions and treasury transactions. Nearly 50 percent of SWIFT
traffic is still for payment-based messages, but 43 percent now
concern security transactions, and the remaining traffic flows to
treasury transactions.
Who Uses SWIFT?
In the beginning, SWIFT founders designed the
network to facilitate communication about
Treasury and correspondent transactions only. The
robustness of the message format design allowed
huge scalability through which SWIFT gradually
expanded to provide services to the following:
• Banks
• Brokerage Institutes and Trading Houses
• Securities Dealers
• Asset Management Companies
• Clearing Houses
• Depositories
• Exchanges
• Corporate Business Houses
• Treasury Market Participants and Service Providers
• Foreign Exchange and Money Brokers
SWIFT – Foreign Exchange Transaction:
What are the Services Offered by SWIFT?
Applications—SWIFT connections enable access to a variety of applications which
include real-time instruction matching for treasury and forex transactions, banking
market Infrastructure for processing payment instructions between the banks, and
securities market infrastructure for processing clearing and settlement instructions for
payments, securities, forex, and derivatives transactions.
Business Intelligence—SWIFT has recently introduced dashboards and reporting utilities
which enable the clients to get a dynamic, real-time view of monitoring the messages,
activity, trade flow, and reporting. The reports enable filtering based on region, country,
message types, and related parameters.
Compliance Services—Aimed at services around financial crime compliance, SWIFT offers
reporting and utilities like Know Your Customer (KYC), Sanctions, and Anti-Money
Laundering (AML). (See related: US And EU Sanctions Against North Korea)
Messaging, Connectivity, and Software Solutions—The core of SWIFT business resides in
providing a secure, reliable, and scalable network for the smooth movement of
messages. Through its various messaging hubs, software, and network connections,
SWIFT offers multiple products and services which enable its end clients to send and
receive transactional messages.
What are the Challenges faced by SWIFT?

• The majority of SWIFT clients have huge transactional volumes for

which manual entry of instructions is not practical. The need for
automation for SWIFT message creation, processing, and transmission
is growing.
• However, this comes at a cost and operational overhead. Although
SWIFT has been successful in providing software for the same, that
too comes at a cost.
• SWIFT may need to tap into these problem areas for the majority of
its client base.
• Automated solutions within this space may bring in new stream of
income for SWIFT and keep clients engaged in the long run.
Conclusion:

• SWIFT has retained its dominant position in the global processing of

transactional messages. It has recently forayed into newer areas
offering reporting utilities and data for business intelligence, which
indicates its willingness to remain innovative. In the short to mid
term, SWIFT seems poised to continue dominating the market.
SWIFT Admits Hackers Sent Fraudulent Messages By Rakesh Sharma | April 26,
2016 — 3:46 PM EDT

• The February theft of $81 million from Bangladesh Central Bank’s account at the New
York Federal Reserve widened further in scope this morning, when officials at the Society
for Worldwide Interbank Financial Telecommunication or SWIFT, the exchange network
used to transfer cash between banks in different countries, said that it was aware of “a
number of cyber incidents” that involved sending fraudulent messages over its network.
• The full text of the message was as follows:
• “SWIFT is aware of a number of recent cyber incidents in which malicious insiders or
external attackers have managed to submit SWIFT messages from financial institutions'
back-offices, PCs or workstations connected to their local interface to the SWIFT
network.”
• The consortium also released a security patch on Monday morning to protect its systems
from similar attacks in the future. It also explained how the hack attack was carried out in
a note this morning. The hackers used credentials for officials responsible for approving
SWIFT messages and, subsequently, impersonated them to send out SWIFT transfer
messages from New York Fed to accounts in Philippines and Sri Lanka.
Contd.,
• FireEye Inc., a Silicon Valley-based security firm, had earlier stated that hackers had
breached as many as 32 computers on the Bangladesh Central Bank’s network. According
to British security firm BAE Systems, the bank also did not have firewall and used $10
network switches. The firm, which published its findings a couple days ago, said hackers
had modified Alliance Access, a software that reads and writes SWIFT messages to the
system and updates the Oracle database.
• A SWIFT spokeswoman told Reuters that the consortium had made Alliance interface
software update mandatory “as it is designed to help banks identify situations in which
attackers have attempted to hide their traces -- whether these actions are executed
manually or malware.”
• Security experts said further investigation into the SWIFT network would reveal more
discrepancies and hacks. Shane Shook, a banking security consultant, said hacks on the
SWIFT system were enticing "because smaller efforts result in much larger thefts." “It’s
much more efficient than stealing from consumers,” he is quoted in a Reuters interview.
SWIFT has a new five-part customer security program to
reinforce the security of the shared, global financial system

• SWIFT has a new five-part customer security program to reinforce the

security of the shared, global financial system. It was announced during the
keynote address by SWIFT CEO Gottfried Leibbrandt at the 14th annual
European Financial Services Conference in Brussels on May 24, 2016. The
five part-plan, includes initiatives to:
• Improve information sharing among the global financial community;
• Harden security requirements for customer-managed software to better
protect their local environments, enhance guidelines and develop security
audit frameworks for customers;
• Support banks’ increased use of payment pattern controls to identify
suspicious behavior; and
• Introduce certification requirements for third party providers.
Contd.,
• Earlier, in a communication issued on May 20, 2016 to its customers, SWIFT
reached out to its users seeking cooperation against cyber-threats while
providing them with updates on the steps needed to ensure better
security. In the press release SWIFT said, “The security of our global
financial community can only be ensured through a collaborative approach
among SWIFT, its users, its central bank overseers and third party suppliers.
SWIFT is fully committed to leading the community effort. To this end, it is
essential that you share critical security information related to SWIFT with
us.” is huge, and demands action, and change, by all stakeholders. And
change is hard. Sometimes it takes a crisis. As the saying goes: ‘a crisis is a
terrible thing to waste’; so let’s use this crisis as an industry to come out
stronger, better and even more secure.”
Hackers have once again managed to break into
the world’s largest system for transferring funds
• Hackers have once again managed to break into the world’s largest system for transferring funds. The Society for Worldwide Interbank Financial
Telecommunication, SWIFT, is owned by 3,000 financial companies and is responsible for sending financial transactions between financial institutions.
• Vietnam's Tien Phong Bank identified themselves as the second victim of the SWIFT cyberattack last week. However, TPBank said that they stopped
the attempt quickly enough to stop the attackers. Also, the bank found that the transfers were made using infrastructure from an outside vendor.
• SWIFT said that its network was not the one compromised. SWIFT has urged their customers to review controls in their payment environment, along
with all of their messaging, payments, and e-banking channels.
• J.P. Morgan Takes Action: J.P. Morgan Chase & Co. is the first major bank to implement measures over SWIFT’s security breach. The company limited
which employees can access SWIFT in hopes to seal off any potential gaps.
• Connections to Bangladesh and Sony: While the malware attacks on Swift seemed to be an isolated event, BAE Systems suggests that the malware
used in both the Bangladesh attack in February and the recent SWIFT attacks have several similarities. Some similarities include the names of the
malicious executables, the internal structure of the code, as well as a unique code that was used to wipe files and cover the attack.
• Not only did BAE Systems uncover similarities between the two recent attacks, but also found connections to the 2014 Sony attack, Operation
Blockbuster. Similarities include typos and development environment. In Operation Blockbuster, hackers misspelled “Mozilla” as “Mozillar.” In the
Bangladesh case, the misspelling of “foundation” as “fandation,” canceled their full transaction of $1B. In the Vietnamese attack, hackers spelled
“FilleOut” instead of “FileOut.” The malware creator of all three attacks also used Visual C++ 6.0 exclusively, which is an older development
environment released in 1998.
• Unlike the other attacks, the Vietnamese attack had some new features. One feature being that the malware cover-up for the Vietnamese attack
showed extensive knowledge of the software and systems used to transfer the money. The attackers also created a trojan version of the PDF reader,
that can detect the examination of the fraudulent transactions and show the banking staff different data.