SWIFT shares 'crisis' response
Payments cooperative SWIFT last night ended its long public silence on recent incursions on customer operations linked to its network.Gottfried Leibbrandt, SWIFT's CEO, used a European financial conference in Brussels to spell out the shape of response that's taken two months to sort out."We aim to drastically improve information sharing among the global financial community," Leibbrandt said."We will demand more information of our customers, and share that back with the community. The ambition is to do on an international scale what banks in several countries are already doing domestically. We will do it in a confidential way that uses the data while protecting the identity of the institution and customers."SWIFT, Leibbrandt said, "will harden security requirements for customer-managed software to better protect their local environments. Third, we will enhance our guidelines and develop security audit frameworks for customers."Fourth, we will look to see what we can do to support banks' increased use of payment pattern controls to identify suspicious behaviour."Finally, he said, SWIFT "will introduce certification requirements for third party providers."Leibbrandt repeated a core line from recent, curt media releases."SWIFT, our network, software and our core messaging services have not been compromised. "In Bangladesh and the other cases, the thieves compromised the IT environment and worked their way to the bank systems where the SWIFT instructions are generated and the confirmations received."While we (and other providers) give tools and software to our customers, our customers run these in their own environment and need to keep them secure. "We cannot secure our customers' environments and cannot assume responsibility for that."At the same time, we play a crucial role in the global payments system, and the events form a direct threat for that system. We therefore very much want to be part of the solution."