CBI News 02/28/2018 Acknowledgment from SWIFT International

by **Rocky** Wed 28 Feb 2018, 4:36 pm

Rocky

Rocky: Admin Assist; Posts : 268390
Join date : 2012-12-21

Post n°1

CBI News 02/28/2018 Acknowledgment from SWIFT International

by Rocky Wed 28 Feb 2018, 4:36 pm

CBI News 02/28/2018

[You must be registered and logged in to see this link.]

February 28, 2018

[You must be registered and logged in to see this image.]

In appreciation of the efforts to provide the Iraqi banking system Mttmla Central Bank of Iraq and all operating banks in Iraq used the security standards of your self-approval of the Customer Security the Program ( the CSP) , the Central Bank of Iraq received a letter of thanks from the Swift global company and thus the Central Bank of Iraq is one of the first central banks Middle East, which has committed itself and committed its banking system to implementing these standards as part of the measures to enhance the security of the external remittance environment.
[You must be registered and logged in to see this link.]

by **Rocky** Wed 28 Feb 2018, 4:39 pm

Rocky

Rocky: Admin Assist; Posts : 268390
Join date : 2012-12-21

Post n°2

Customer Security Programme (CSP) SWIFT

by Rocky Wed 28 Feb 2018, 4:39 pm

[size=44][You must be registered and logged in to see this link.]

Reinforcing the security of the global banking system

[/size]
[size=30]Programme description[/size]
Combating fraud is a challenge for the entire financial industry. The threat landscape adapts and evolves daily, and both SWIFT and its customers have to remain vigilant and proactive over the long term.
While all customers are responsible for protecting their own environments, SWIFT has established the Customer Security Programme (CSP) to [You must be registered and logged in to see this link.] customers in the fight against cyber-attacks.
The CSP is articulated around three mutually reinforcing areas. Customers will first need to protect and secure their local environment (You), it is then about preventing and detecting fraud in your commercial relationships (Your counterparts) and continuously sharing information and preparing to defend against future cyber threats (Your community).
[size=18]Table of contents
[/size]

1. You: Secure and Protect

2. Your counterparts: Prevent and Detect

3. Your community: Share and Prepare

Actions on the programme include the introduction of mandatory security controls, new services to help prevent and detect fraudulent activity, and community-wide information sharing initiatives to prepare for, exchange information about, and defend against, future attacks.
[You must be registered and logged in to see this link.]

1. You: Secure and Protect

Securing your local SWIFT-related infrastructure and putting in place the right people, policies and practices, are critical to avoiding cyber related fraud.
To [You must be registered and logged in to see this link.] the industry, SWIFT has published a core set of mandatory security controls that build upon SWIFT’s existing security guidance, taking into account the latest intelligence on known cyber threats and incidents. They have been reviewed by external industry experts and assessed against industry standard frameworks and good security practices.
The [You must be registered and logged in to see this link.] is available on swift.com. Customers must log in to mySWIFT with their swift.com credentials to access the document. (swift.com > Ordering & [You must be registered and logged in to see this link.] > User Handbook home > A-Z > Customer Security Programme).
To ensure adoption, and to complement the SWIFT Customer Security Controls Framework, SWIFT has published further details of the related attestation policy and process in the SWIFT Customer Security Controls Policy document.
We have also introduced enhanced security features to our products designed to assist SWIFT users in addressing security concerns, such as stronger default password management, enhanced integrity checking and built-in two-factor authentication (2FA) for Alliance Access clients who do not have existing 2FA implementations. We will continue efforts to harden SWIFT-provided products as part of our product roadmaps, combined with timely security updates to products to allow you to maintain your systems to a high level of protection.

2. Your counterparts: Prevent and Detect

Companies do not operate in a vacuum and all SWIFT users are part of a broader ecosystem. Even with strong security measures in place, attackers are very sophisticated and you need to assume that you may be the target of cyber attacks. That’s why it is also vital to manage security risk in your interactions and relationships with counterparties - which fall into two main areas:
If you are breached: Strong detection measures need to be put in place to increase the chances of stopping or mitigating fraud in case your environment is breached. To [You must be registered and logged in to see this link.] smaller institutions in particular, SWIFT has launched new reporting tools to provide users with daily activity reports which furnish an independent record of their transaction data over SWIFT. These [You must be registered and logged in to see this link.] offer both a secondary check on transactions to help prevent and detect fraud and a focused review of large or unusual flows. They are available as an independent, SWIFT-generated source of transaction data that can be reconciled with local transaction data to help in detecting whether a SWIFT user’s environment has been compromised and their local records altered.
If your counterparty is breached: You also need to prepare for the possibility that one of your counterparties may be breached, and that you may receive suspicious or fraudulent messages from that counterparty. A basic starting point is to check that you are only doing business with trusted counterparties. SWIFT’s [You must be registered and logged in to see this link.] supports customers by enabling them to control counterparty relationships through RMA tools.

3. Your community: Share and Prepare

The financial industry is truly global, and so are the cyber challenges it faces. What happens to one company in one location can easily be replicated elsewhere in the world. That’s why SWIFT is encouraging two important community principles:
Share and Prepare. If you suspect your organisation has been targeted or breached, it is vital that you share all relevant information and let us know there is a problem as soon as possible – which is part of your contractual obligations to SWIFT as a user of SWIFT services. SWIFT introduced a dedicated Customer Security Intelligence team that shares the latest anonymised information on Indicators of Compromise (IOCs) and details the modus operandi used in known attacks. Issuing such information has already made a tangible difference in the fight against fraud. SWIFT has introduced a [You must be registered and logged in to see this link.] to share detailed and technical intelligence to allow the community to protect itself, to take mitigating actions, and to defend against further attacks.
The second community principle is ‘prepare’. We will do our best to inform you of relevant cyber intelligence, and we intend to continue to expand our information sharing platforms to do so. We are also engaging with vendors and third parties to help secure the wider ecosystem. But we also expect you to prepare by acting in a timely manner on the information and security updates we provide, and ensuring that you meet mandatory [You must be registered and logged in to see this link.] for your SWIFT-related infrastructure.

[You must be registered and logged in to see this link.]