You may also be interested in:

Articles

SWIFT Service Bureau Targeted in 1.3MM Bank Hack Attempt

  • By Andrew Deichler
  • Published: 5/16/2016
COMM-16-swift2-PgHdr.jpgThe latest twist in the unfolding SWIFT hacking scandal may hit even closer to home for corporate treasurers, as a SWIFT Service Bureau was the method of choice in a bank hack attempt worth more than $1.3 million.

Defense contractor BAE Systems, which first reported that SWIFT software had been compromised in the Bangladesh Bank hack, said Friday that fraudsters targeted a Vietnamese bank in the second attack. Although the bank was not named, Vietnam’s Tien Phong Bank (TPBank) told Reuters on Sunday that a third-party service it used to connect to SWIFT was attacked by hackers late last year.

TPBank said it identified a suspicious transaction worth more than $1.3 million, transferred by invalid SWIFT messages that the bank did not execute itself. Fortunately, the attack did not cause any actual losses and “had no impact on the SWIFT system in particular and the transaction system between the bank and customers in general,” the bank said.

TPBank added that the servers of the third-party vendor were based overseas. It has since stopped using the vendor on SWIFT's advice.

This latest development should serve as a cautionary tale to corporate treasurers. Any corporates who connect to the network through a SWIFT Service Bureau (SSB) should do their due diligence and make sure that the vendor’s security is up-to-date. "As a chain is only as strong as its weakest link it is important to ensure all parties a corporate uses for transfers are secure," said Magnus Carlsson, Manager, Treasury & Payments for AFP.

Fortunately for SWIFT, at least some corporates that use the network are not blaming the cooperative for this recent string of attacks. A treasurer who wished to remain anonymous told AFP that he is confident the SWIFT network wasn’t breached and added that it is not SWIFT’s responsibility to oversee financial institutions’ secondary controls within their respective firewalls.

AFP has prepared a list of five steps treasury can take to protect its organization.
DOWNLOAD
The Call for Speakers is OPEN
Think you have what it takes to lead an educational session at FinNext 2019? We KNOW you do. Just pick a topic you're passionate about and share it with your FP&A peers. This is your time to shine. 
Submit your Proposal

Copyright © 2018 Association for Financial Professionals, Inc.
All rights reserved.