Could Anything Have Prevented SWIFT Attacks Against Banks?

Share Button

Just over two months after sophisticated cybercriminals used the SWIFT system to steal $81 million from a bank in New York, another such attack has come to light, making it more important than ever for banks to be vigilant against this type of scam.

The hackers were able to infiltrate the SWIFT financial messaging system and send 12 fraudulent wire transfer orders to the San Francisco-based Wells Fargo bank, requesting they wire a total of $12 million dollars from Ecuador’s Banco del Austro bank to four different accounts located in Hong Kong, Dubai and the US.

Thinking they were legitimate, Wells Fargo executed the transfers between January 12 and January 22 of 2015, but the heist was only made public in May of this year after the Reuters news agency broke the story.

Both the private SWIFT organization and Banco del Austro blamed Wells Fargo for the fraud.  While Banco del Austro has filed a lawsuit against the US bank for failing to prevent it, authorities in Bangladesh have pointed the finger for the $81 million robbery in March squarely at SWIFT.

The blame-game aside, evidence is mounting that the ecosystem surrounding SWIFT transfers is vulnerable to fraud, and therefore not as secure as it once might have been. Financial institutions should be looking for more secure ways to transfer funds – ideally with an adaptable solution that can stay abreast of the ever-evolving fraud threat environment.

One of the actions which SWIFT has pledged to make in the aftermath of the attack is to enhance knowledge sharing between itself and its members. Such sharing would provide other additional information which could be uploaded to systems and used in rules and analysis. The members could even create their own lists of suspicious items to share with the entire SWIFT network.

How the SWIFT Attacks Could Have Been Prevented

A solution with the capacity to record, track and contextualize all wire transactions passing from one bank account to another through SWIFT might have prevented the fraud. In the case of the $12 million passing through four fraudulent accounts, a solution with advanced anomaly detection and prediction based on machine learning would have thrown up red flags about the validity of the transactions.

We could also say that learning from previous transactional data would have allowed the banks to predict normal transactional activity, and investigate any transactions which didn’t fit these predictions. Determining characteristics such as the day of the month on which transfers are usually sent from individual accounts would have allowed alerts to be sent to bank agents so they could look into the details more carefully.

For example, in the attack, a bank employee found and prevented one of the transactions after noticing spelling mistakes in the destination details. An advanced anomaly detection solution complete with machine learning techniques would help banks to automate this process, and in the process more bad transactions would be stopped.

In order to greater secure the hundreds of thousands of international transactions handled daily, banks also need to have a method of automatically updating lists of known or suspected fraudulent destinations and the bank accounts tied to them.

That is exactly what can be expected from Easy Solutions’ DetectTA transaction anomaly detection. DetectTA’s suspicious activity analyzers send alerts for activity that is consistent with previously seen fraud patterns, and machine learning-based heuristic analysis helps to predict what kind of transactions will occur in the future.

Compounded evaluations also send alerts when two different patterns are observed occurring simultaneously. These patterns might not indicate fraud on their own, but when considered together, they may signal that fraud is taking place.

The solution’s dynamic lists are automatically updated by DetectTA during real-time monitoring. Accounts, credit or debit cards, IP addresses, terminals or any other item associated with a suspicious event can be added to a list, and then be used in subsequent fraud evaluations, or even exported to update third-party systems. So if a particular account is attempting to withdraw an excessive amount of money, and this account is on one of DetectTA’s dynamic lists, then the transaction would be prevented and flagged for further investigation.

Banks need not be worried about fraud scams just from carrying out day-to-day business. With the right protections in place, the multi-million dollar losses seen in the SWIFT attacks can be avoided.

To learn more about DetectTA, visit

Related Posts

Meet Lucifer: A New International Trojan The cat-and-mouse game between cybercriminals and security analysts never stops. Every so often, the mouse (in this case, represented by some kind of malware) pulls out front at a pace that catches that cat (the security solution) off guard.
Blunt Phishing’s Hook with Victim Insights 2.0

Typically, anti-phishing protection is a hammer that views every malicious site as a similarly-sized nail. It discovers a phishing site, slates it for removal, and eventually removes it from the...internet so that users can’t click on or enter their credentials into it.

Leave a Reply

Your email address will not be published. Required fields are marked *