19 October 2017
Richard Ransom

Bottomline Technologies

Richard Ransom - Bottomline

13Posts 53,025Views 3Comments
Finextra community

SWIFT Matters

A community that concentrates on SWIFT as an important business tool in the payments and standards world.

The Clock is Ticking: Are You Ready for SWIFT’s CSP?

13 October 2017  |  3765 views  |  0

Remember the days of being assigned a paper to write when you were in school? You’d be given months to complete it and yet somehow you always found yourself, on the weekend before the deadline, scrambling to get it done

Ok, well maybe the last minute approach was just me. But just in case, don’t forget that there’s another deadline looming that can’t wait until the last minute. As I write this, there are fewer than 90 days left to declare your compliance status against the 16 mandatory controls in SWIFT’S Customer Security Programme (CSP). That’s less than three months to understand if you’ve met the reasonable security standards SWIFT has set, or else declare non-compliance of controls, the status of which will be made visible to your counterparties should you grant them access when they request it.

It would be easy to view the SWIFT CSP as an exercise that just needs to be done with so you can get on with your real work, but I challenge you to view it from a broader perspective.

The sophistication of the payment fraud that’s taking place today is at a level that security experts couldn’t have predicted and it’s getting worse with each new case we hear about. Raising the bar on payment security has got to be a priority for businesses, at every level of the organisation -- and basic strategies that focus mostly on perimeter security aren’t enough.

The harsh reality is that you will be breached. 75% of finance professionals report that their organisations experienced attempted or actual payment fraud in 2017. That’s a huge increase compared to previous years and it’s a statistic that’s getting exponentially worse by the day. You need a strategy that goes beyond just protecting against the next attack but secures your organisation against threats as they evolve well into the future. Meeting the CSP requirements provides a great foundation for creating a broader security strategy designed to stop fraudulent payments before they happen.

That being said, here are three key steps to take to make sure you’re on track to meet attestation:

  1. 1.       Set up a project team

Seems like a basic first step, but its importance can’t be understated. Involve your security team early on, agree on who will take ownership of each component of the CSP, then make sure everyone has the proper SWIFT credentials to log in to the website. The last thing you want is to miss the deadline over a silly technicality like someone not having access to the system (these kinds of “the dog ate my homework” excuses never worked for me and they won’t here either).

  1. 2.       Asses your current state of compliance

Assemble the team you put together in step 1 and take a good honest look at where you really stand with meeting security controls (now is not the time to sugar-coat the situation - frank honesty is vital to achieve effective security). Start by focusing on adhering to the 16 mandatory controls. I also strongly recommend that you plan to comply with the 11 advisory controls as well. For one thing, many of them are just common sense measures you should be doing anyway. You also never know when the severity of the security landscape will require that those “optional” controls become mandatory anyway, so you might as well get ahead of the game now.

  1. 3.       Get compliant!

Now that you’ve identified what needs to be done, make it happen! Build the baseline of security standards that SWIFT is requiring now, then continue to keep security a top priority for your organisation. Creating a security strategy that’s designed to stop fraudulent payments before they happen is time very well spent and a business decision that will protect not only your payments, but your reputation as well.

90 days should be enough time to implement the level of security SWIFT requires. More importantly, it’s all the time you have to evaluate whether or not your security is up to the challenge of protecting against modern threats. Fraudsters are using every tool and trick available to them. Are you?

P.S. For those of you who never waited until the 11th hour to write term papers, cheers to you! Now you can move on to using SWIFT’s CSP to create an unfair advantage for your business.

TagsSecuritySibos

Comments: (0)

Comment on this story (membership required)

Latest posts from Richard

The Clock is Ticking: Are You Ready for SWIFT’s CSP?

13 October 2017  |  3765 views  |  0 comments | recomends Recommends 0 TagsSecuritySibosGroupSWIFT Matters

New players need old players to flourish

01 August 2017  |  3701 views  |  0 comments | recomends Recommends 0 TagsEBAdayBrexitGroupFintech

Open Banking and PSD2: New players need old players to flourish

24 July 2017  |  347 views  |  0 comments | recomends Recommends 0 TagsPaymentsGroupFintech

What can businesses learn about financial documents from sending a birthday present?

30 November 2016  |  3966 views  |  0 comments | recomends Recommends 0 TagsPayments

Bacs Payments - a lifeline to those who aren't ready

04 August 2016  |  4030 views  |  0 comments | recomends Recommends 0 TagsSecurityPayments

Richard's profile

job title Payment Solutions Lead
location Reading
member since 2013
Summary profile See full profile »
Richard Ransom is Aggregator Solutions Lead at Bottomline Technologies. He is a subject matter expert on Bacs, FPS, SEPA, SWIFT based payments, access to payment systems, and financial document automa...

Richard's expertise

Member since 2009
10 posts3 comments
What Richard reads

Who's commenting on Richard's posts