19 January 2018
Rik De Deyn

Payments Pay Off

Rik De Deyn - Oracle

3Posts 11,582Views 0Comments

The SWIFT Hackathon

17 May 2016  |  6061 views  |  0

Back in the days, a long time ago, when animals could still talk, I was working with the Belgian National Police. I was working in a highly secure environment, regularly being trained on the importance of being aware of cyber threats, including social hacking. I did some ethical hacking myself, and felt the rush of locking out the security officer of one of my customers, just to prove a point. I still vividly recall a demonstration session where two hackers asked the audience who they worked for. And surely, before the end of the one-hour session, one of the hackers had entered the systems of the company of someone in the audience. It was a bank.

Since those days, we have moved on tremendously. Our data centers are secured with biometric devices and impenetrable walls. They’re located at undisclosed sites; they’re protected with encryption software and legally binding legislation. And the bank that got hacked in the hackers’ session joined SWIFT, “The global provider of secure financial messaging services”.

And I started working with SWIFT. A lot. I enjoyed their professionalism, I made friends, and loved to hate them when they didn’t agree with the great business proposal I had for them this time.

The news that ‘SWIFT got hacked’ ran shivers down my spine. Come again? SWIFT? Surely not! I couldn’t have been more baffled if someone had told me that Nina Simone playbacked most of her gigs.

But then I got reading and reality started to seep in. I learned about the lack of decent firewalls, the technology behind it and the role of Alliance Access. SWIFT’s early warning didn’t prevent a hack in a second undisclosed bank and the attempted breach in Vietnam's Tien Phong Bank.

So what does this mean?

I certainly won’t be the next guy to envision that SWIFT will be replaced by blockchain. That’s too easy, and too opportunistic. Don’t get me wrong. Blockchain is important; it’s here to stay, and it’s here to play a very important role in our lives. Blockchain is here to challenge SWIFT. And that’s a great workout for SWIFT.

No, the opportunity lies elsewhere.

SWIFT will have no problems countering legal responsibility and accusations of malpractice by its technical staff. SWIFT has committed to a service, and has lived up to that commitment. Legally. The responsibility is with the banks.

The real question is however whether SWIFT is ready to go beyond its duties and innovate where it’s supposed to be strong.

If multiple banks are hacked at SWIFT’s endpoints, Alliance Access, there’s an opportunity to tackle that problem. If multiple banks don’t succeed in securing those end points, SWIFT has an obligation to extend their service and control to those end points. And yes, this means being responsible for the hardware (why not include Alliance Access and AMH in a SWIFT-controlled VPN box?), the data center (why not operate a SWIFT-locked portion of the bank’s data center?) and the possibility for human error (why not place SWIFT staff in the data center?).

SWIFT has the opportunity to innovate and go beyond their duties. I hope it happens. Soon.

The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.

a member-uploaded image TagsSecurityPayments

Comments: (0)

Comment on this story (membership required)

Latest posts from Rik

The SWIFT Hackathon

17 May 2016  |  6061 views  |  0 comments | recomends Recommends 0 TagsSecurityPayments

The Block Chainletter

27 November 2015  |  3149 views  |  1 comments | recomends Recommends 1 TagsPaymentsInnovation

Rik's profile

job title Sr. Director Payments Innovation
location Vilvoorde
member since 2015
Summary profile See full profile »
Head of Payments Innovation at Oracle

Rik's expertise

Member since 2015
3 posts0 comments
What Rik reads
Oracle Financial Services
Rik's blog archive
2017 (1)2016 (1)2015 (1)

Who's commenting on Rik's posts

Eran Eshel