back to article SWIFT threatens to give insecure banks a slap if they don't shape up

The SWIFT global payments system has announced it plans to suspend banks with weaker cyber defences until they improve their security. The threatened sanction follows a run of attacks on international banks over recent weeks, including the $81m mega-heist at the Bangladeshi Central Bank. These cyber-heists1 relied on hackers …

  1. BurnT'offering

    Network also says it will impose 'baseline' security standards

    That sounds like a plan. Presumably that came from their Department of Comedic Papal Millinery Assessment, Ursine Arboreal Excrement Location and Miscellaneous Exsanguinary Obviousness

  2. This post has been deleted by its author

  3. Chris Miller

    "Banks are already among the most heavily regulated organisations, thanks to regulations such as PCI and Sarbanes–Oxley"

    PCI is Payment Card Industry, so a security standard set by banks, not something they need to comply with. And S-Ox applies to all companies listed in the US, not just banks. Were you thinking of Basel III, perchance?

  4. Anonymous Coward
    Anonymous Coward

    Why not re-use the PCI standards...

    .. and require that SWIFT banking infrastructure follow these too.

    1. Chris Miller

      Re: Why not re-use the PCI standards...

      The PCI standards are designed to be satisfiable by corner shops and service stations that handle credit cards (as well as much larger businesses). I'm not sure they'd add much to SWIFT.

      I can't get my head round why this is even a problem. I understand why SMEs sometimes struggle to maintain adequate security, when they have limited budgets and It may not be seen as a core part of their business or very high value. But for a banking system specifically designed to handle multi-million (or even billion) dollar transactions many times a day without blinking - what lies behind inadequate protection for such a system? It can't really be simple stupidity and laziness, can it?

      1. Pascal Monett Silver badge

        Re: simple stupidity and laziness

        Those two points seem to be the bread and butter of the blackhat community.

        If users (banking or otherwise) were always alert and professional, blackhats would have a hell of a harder time getting their objectives fulfilled and social engineering would be a theoretical concept.

        Security is hard because IT is immensely complex. Add humans to the mix and breaches are practically inevitable in the long run. SWIFT needs to make the run longer than it is at the moment. Nothing like the one-percenters losing a fraction of a percent of their money to get some motivation into doing that.

      2. zerowaitstate

        Re: Why not re-use the PCI standards...

        The fact that it's international, that other national governments are involved in regulating (or preventing regulation), that banks are not necessarily trustworthy just because they're banks, and because there is an expectation that there will be a government rescue in the event of serious situation.

        The usual first reaction I've seen in the last several incidents has been to demand a US government agency compensate banks for their losses, so it's clear they're focused on political solutions rather than technical solutions.

  5. Anonymous Coward
    Anonymous Coward

    Any ueful info / links about this?

    "Just this week we saw the Federal Reserve announce it has been hacked more than 50 times in the past five years, so it is clearly losing the battle against cybercriminals.”

    1. diodesign (Written by Reg staff) Silver badge

      Re: Any ueful info / links about this?

      The link is in the very sentence you've quoted.

      C.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019