As part of the Customer Security Program SWIFT offers new services, the sharing of which, together with the implementation of security controls, will provide the necessary measures to detect suspicious operations and fight against cybercrime:
- Relationship Management Application (RMA) plays an important part in supporting communication between different financial institutions. The RMA is a SWIFT-mandated filter that enables financial institutions to define which counterparties can send them FIN messages. Any unwanted traffic is blocked at the sender level, reducing the operational risks associated with handling unwanted messages and providing a first line of defense against fraud.
- Daily Validation Reports is a daily analytical report that allows SWIFT clients to analyze their transactional activities and determine potential risks in payments based on bank payment behavior patterns.
- Payment Controls is a service for controlling SWIFT transactions that helps customers timely detect and prevent high-risk payments at the SWIFT network level (after the transaction has left the bank’s infrastructure) based on personal parameters and rules.
Payment Controls is an important part of SWIFT’s Customer Security Programme, a community-driven initiative that is enhancing cyber security for the global financial industry. The service helps to identify unusual behavior when making payments, even if the attackers damaged the system, database and log files.
Payment Controls combines real-time monitoring of payments received, blocking suspicious transactions and daily reporting of all SWIFT payments. It helps institutions detect and prevent high risk payments and mitigate business disruption, and financial losses in the event of back-office compromise.
Payment Controls monitors the payments you send and can block these in real time to prevent fraud. High risk and out of policy payments are alerted instantly, enabling you to act quickly to prevent losses.
Messages can be customized for different scenarios:
- Business calendars: Payments sent on non-business days or outside of normal business hours.
- Threshold: Payments that are high risk or fall outside of business policy, based upon individual payment value or aggregate value/volume.
- Profiles: Payment behavior that is uncharacteristic, based on past learned behavior.
- New scenarios: Payments sent through or to new institutions, in new currencies or using previously unseen message type.
- Account monitoring: Payments to/from high-risk beneficiary /originator customer accounts or payments to/from accounts that are not present on a subscriber-defined «accept list».
- Badly formed messages: Payments that are preceded by elevated/ repetitive NACKs to the same beneficiary customer account.
- Risk Scoring: each payment is evaluated by SWIFT by risk level, analyzed by the number of transactions, the volume of transactions, and the payment corridor.
You can configure any rule in one of three operational modes:
- Manual review mode: The triggering payment message will be held in-network by the service and an alert will be generated for your review and investigation. You decide whether to abort the message or release it for delivery.
- Alert-only mode: The triggering payment message will be delivered to your receiver without interruption, and an alert will be generated simultaneously. You can investigate this alert and undertake any necessary response and recovery actions.
- Auto-action mode: The triggering payment message will be automatically aborted and an alert will be generated simultaneously.
Reporting is provided by two daily reports:
- Validate activity: Quickly assess and validate inbound and outbound payment flows. Daily activity is aggregated by message type, currency, country, and counterparty, enabling easy comparison with internal reports from core systems. Daily value and transaction references help you match individual transactions for more detailed validation.
- Assess risk: Highlight large or unusual message flows that may indicate fraud risks. You can review new or unfamiliar counterparties or counterparty combinations, including nested activity. Transactions sent or received outside of user-defined business hours are highlighted.
Payment Controls covers MT 103, MT 202, MT 202COV, MT 205, MT 205COV. * MT 101 is scheduled for implementation in 2019. Outgoing payments are processed for notifications. Both incoming and outgoing payments are processed for reporting.
SWIFT recognized Ukraine as a country with a high level of cybercrimes. This means that Ukrainian banks must develop measures to prevent and suspend suspicious fraudulent messages through SWIFT and implement independent transaction control. In Ukraine, there are already several banks that ordered Payment Controls.