In February 2016, cyber-thieves stole $81 million from the Central Bank of Bangladesh by sending fraudulent messages through the SWIFT payment network. The heist sounded a wake-up call that if financial services firms wanted to protect themselves against similar acts of thievery, they would have to evolve their defenses, and quickly.
First, some background. SWIFT is short for the Society for Worldwide Interbank Financial Telecommunication, a global industry cooperative. More than 11,000 financial institutions in more than 200 countries and territories around the world use SWIFT’s messaging platform, averaging some 26 million SWIFT messages per day, and more than six billion in 2016, according to SWIFT figures.
The Bank of Bangladesh attack opened a Pandora’s Box, as criminal groups ramped up copycat attacks. SWIFT stopped short of disclosing the number of attacks, identifying the banks involved or disclosing...