SWIFT Customer Security Program (CSP) Assessments

Any SWIFT infrastructure should be protected from potentially compromised environments or IT equipment.

Secure Your Environment

Know and Limit Access

Detect and Respond

SWIFT Customer Security Program (CSP) Assessments

Society for Worldwide Interbank Financial Telecommunications Customer Security Program (SWIFT CSP)

SWIFT is a messaging network that financial institutions use to securely transmit information and instructions through a standardized system of codes. SWIFT assigns each financial organization a unique code that has either eight characters or 11 characters. The code is interchangeably called the bank identifier code (BIC), SWIFT code, SWIFT ID, or ISO 9362 code.

Although there are other message services like Fedwire, Ripple, and CHIPS, SWIFT continues to retain its dominant position in the market. Its success is attributed to how it continually adds new message codes to transmit different financial transactions. While SWIFT started primarily for simple payment instructions; it now sends messages for a wide variety of actions, including security transactions and treasury transactions.

 In the beginning, SWIFT founders designed the network to facilitate communication about Treasury and correspondent transactions only. The robustness of the message format design allowed huge scalability through which SWIFT gradually expanded to provide services to the following:

  • Banks
  • Brokerage Institutes and Trading Houses
  • Securities Dealers
  • Asset Management Companies
  • Clearing Houses
  • Depositories
  • Exchanges
  • Corporate Business Houses
  • Treasury Market Participants and Service Providers
  • Foreign Exchange and Money Brokers

Services offered by SWIFT:

  • Applications – SWIFT connections enable access to a variety of applications, which include real-time instruction matching for treasury and forex transactions, banking market infrastructure for processing payment instructions between banks, and securities market infrastructure for processing clearing and settlement instructions for payments, securities, forex, and derivatives transactions.
  • Business Intelligence – SWIFT has recently introduced dashboards and reporting utilities which enable the clients to get a dynamic, real-time view of monitoring the messages, activity, trade flow, and reporting. The reports enable filtering based on region, country, message types, and related parameters.
  • Compliance Services – Aimed at services around financial crime compliance, SWIFT offers reporting and utilities like Know Your Customer (KYC), Sanctions, and Anti-Money Laundering (AML).
  • Messaging, Connectivity, and Software Solutions – The core of SWIFT business resides in providing a secure, reliable, and scalable network for the smooth movement of messages. Through its various messaging hubs, software, and network connections, SWIFT offers multiple products and services which enable its end clients to send and receive transactional messages.

Restrict Internet access  and protect critical systems from general IT environment:

  • Any SWIFT infrastructure should be protected from potentially compromised environments or IT equipment.
  • Restrict and control accounts which have administrative permissions over applications and operating systems.

Reduce attack surface and vulnerabilities:

  • Ensure secure connections between SWIFT applications and SWIFT operators.
  • Reduce vulnerabilities in SWIFT infrastructure and supporting applications.
  • Ensure the attack surface of SWIFT infrastructure is kept to a minimum

Physically secure the environment:

  • Prevent unauthorised physical access to SWIFT infrastructure, cloud-based locations and workplace environments.

Prevent Compromise of Credentials:

  • Ensure that passwords are sufficiently strong to prevent password guessing.
  • Prevent compromise of weak passwords by using a second factor of authentication.

Manage Identities and Segregate Privileges:

  • Enforce least privilege access controls.
  • Ensure physical tokens are managed and tracked.
  • Protect physically and logically recorded passwords.

Detect Anomalous Activity to Systems or Transaction records:

  • SWIFT infrastructure is protected against malware.
  • SWIFT applications are protected against integrity lessening attacks.
  • Database records created by the SWIFT messaging interface have their integrity ensured.
  • Security events and anomalous activity in SWIFT infrastructure is monitored and recorded.

Plan for incident response and information sharing:

  • Ensure a consistent and effective response for the management of cyber incidents.
  • Ensure all staff are aware of their responsibilities and are trained to be “cyber-aware”.