In light of the events surrounding the $81 million Bangladesh central bank heist, SWIFT has stepped forward to clarify that it does not hold any liability for fraudulent transactions originating from cyberattacks on its customers’ networks.
The statement comes after weeks of mudslinging, wherein Bangladeshi officials blamed SWIFT technicians for introducing security loopholes into the bank’s network while connecting the messaging network to Bangladesh’s first real-time gross settlement (RTGS) system.
“SWIFT is not, and cannot, be responsible for your decision to select, implement [and maintain] firewalls, nor the proper segregation of your internal networks,” SWIFT wrote in a letter to its customers.
“As a SWIFT user, you are responsible for the security of your own systems interfacing with the SWIFT network and your related environments,” SWIFT said. “We urge you to take all precautions.”
The Brussels-based cooperative, which is owned by 3,000 FIs, authenticates its customers through SWIFT-issued encryption tools, which include digital signatures and public key infrastructure (PKI) certificates, Reuters reported.
“Customers are responsible for all messages signed with their certificates and, of course, for protecting their certificates and ensuring only duly authorized operators can use them to sign messages,” a SWIFT spokesperson told Reuters. “SWIFT is not, and cannot be, responsible for messages that are created fraudulently within customer firms.”
In another revelation, the cooperative put a kibosh on speculation that suggested that hackers stole the $81 million by breaking into SWIFT’s network. The company’s CEO, Gottfried Leibbrandt, said that its network, which is used by companies and FIs around the world to exchange information on transactions, remains unscathed.
“At the end of the day, we weren’t breached; it was, from our perspective, a customer fraud,” Leibbrandt said. “I don’t think it was the first; I don’t think it will be the last.”
As PYMNTS reported, the New York Fed, SWIFT and Bangladesh are now working together to retrieve the missing $81 million. The three parties met together recently in Basel, Switzerland, to discuss their plan of action.
The meeting marked the first time officials decided to cooperate.