Risk and complexity – managing these with technology
The Bangladesh Bank hack of 2016, had happened in stealth mode, a situation made all the more favourable for the hackers because it happened on a weekend.
According to Eastnet’s Regional Sales Manager, Adrian Ng, the attack comprised of credentials being stolen, fake accounts being set up, and then the hackers logging in to initiate multiple USD transactions that fateful weekend when no one was working.
He shared, “No one asks questions when SWIFT handles millions of dollars,” a fact which had also exacerbated the situation and made it conducive for the hackers to commit the nefarious deed. SWIFT is best described as a cooperative of over 3000 organisations that maintain a messaging platform for banks to move money across borders.
The cooperative known as Society for Worldwide Interbank Financial Telecommunication (SWIFT) has been in operation for over 45 years, with a majority of international inter-bank messages using its network to conduct transactions over 200 countries via more than 11,000 financial institutions.
Eastnets, a compliance, payment and cloud solutions provider, proposes their Compliance Suite as the solution that would have been be able to spot the anomaly in transactions because of built-in intelligence to differentiate between working and non-working hours.
Having helped businesses manage risk and complexity for the past 30 years, with cyberfraud and anti-money laundering solutions, Eastnets is also a certified SWIFT Service Bureau provider.
What that means is an external or third party provider used by a bank to connect to the SWIFT network.
“Service Bureau has all the experts in one data centre, complete with reporting tools, duplicate detection feature, message relay checking, anti-money laundering checking… there are many enhanced services offered,” he said.
There are a few ways it can be deployed – as infrastructure installed in-house, or in a data centre with a subscription to its services.
Besides detecting suspicious patterns in financial transactions, Ng emphasised that periodic checking and monitoring of accounts is important. After the screening process that a bank does during the onboarding phase of a new customer, there has to be regular scanning of the customer. Ng explained, “This is required to ensure any customer that has been blacklisted is identified and the appropriate policy-based action is taken. – for example to freeze the account, or to terminate the account.”
Besides this, any payment message has to be screened against any sanction list or politically-exposed persons (PEP) list. “This is a daily activity,” Ng said.