What is institutional payment fraud?
It is essential to prepare for fraud attacks on a variety of fronts. Fraudsters are currently focusing on application fraud attacks, where stolen identities are used to apply for financial products, along with a plethora of phishing and mule recruitment efforts. In fact, Barracuda Research reported a seven fold increase in spear-phishing attacks between the end of February and mid-April 2020.
However, evidence shows that the damage that can be caused by institutional fraud continues to concern the financial community. Institutional fraud involves attacks performed by external parties on the financial institution infrastructure by installing malware, either remotely or by using the institution’s own staff.
Institutional payments are an attractive vehicle for criminals due to the speed and finality of settlement. Once a payment is made and settled, it’s very hard to recoup any losses. While the overall frequency of institutional payment fraud is lower, the impact is significant both in terms of the amount of funds at risk and the potential reputational damage for the attacked institution.
Ensuring that the most effective and appropriate internal strategies and controls are in place will help protect your funds and your organization. So, if you haven’t already considered solutions available to help defuse the threat, your electronic transfers could be at risk.
Fighting institutional payments fraud in the new normal
The COVID-19 pandemic has led to extraordinary working conditions. Staff have had to stay away from their secure office environments and work remotely, mostly from their own homes. And organisations have had to adapt front and back office processes to ensure business continuity, potentially accepting additional security risks.
Fraudsters have been quick to exploit the opportunities presented by changes to working processes. Early in 2020, the Monetary Authority of Singapore (MAS), the United States Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), and the United Kingdom’s National Cyber Security Centre (NCSC) all released statements warning that cybercriminal and advanced persistent threat groups (APT) were targeting individuals and organisations of various sizes in COVID19-related scams.
These scams included email phishing and the creation of fake websites selling personal protective equipment (PPE). The agencies further warned that an increase in remote working and use of virtual private networks (VPNs) could amplify the risks of cyber-attack.
A few months into the global outbreak of COVID-19, different parts of the world find themselves at varying stages of controlling the spread of the disease. While business continuity remains a top priority, financial institutions are also looking at how they can move back to a more recognisable way of working and how to put in place policies, processes and tools fit for the new business normal.
Keen to learn as much as it can from the crisis, the industry is looking at how to establish additional controls should it be again faced with such exceptional and rapid changes to working practices.
This ‘new normal’ means that staff are more likely than ever to be working remotely. Security and particularly the security of back-office processes and payments networks to prevent institutional payment fraud are primary concerns for financial institutions. Separate and independent fraud controls are more important than ever.
Common threat – shared commitment
While financial institutions operate within a highly competitive landscape, they all face the same challenges when it comes to stopping fraud. The financial services industry is global, and so are the cybersecurity challenges it faces. Attacks on one institution in one location can easily be replicated or have an impact elsewhere.
SWIFT users are part of a broad ecosystem. Even with strong security measures in place, attackers are ever more sophisticated and all organisations need to assume that they or their counterparts may be the target of cyberattacks. That is why it is vital to manage security risk in your interactions with counterparties, and employ tools, policies and processes that actively protect your payment flows.
In 2016 SWIFT launched its Customer Security Programme (CSP) to provide a forum for industry-wide collaboration against the growing threat from cyberattacks and to help reinforce and safeguard the security of the wider ecosystem.
Through close collaboration with financial institutions, industry experts, including anti-virus vendors and incident response teams, we have been able to quickly identify threats and tactics used by cybercriminals.
If you have been targeted or breached, it is vital to share all relevant information and let SWIFT know there is a problem as soon as possible. Working with you, we will then share anonymised information or indicators of compromise (IOCs) across the global financial community. This is proven to help limit further attacks and keep financial institutions safe.
We will inform you of relevant intelligence, and continue to expand our information sharing platforms to do so.