Remember the days of being assigned a paper to write when you were in school? You’d be given
months to complete it and yet somehow you always found yourself, on the weekend before the deadline, scrambling to get it done
Ok, well maybe the last minute approach was just me. But just in case, don’t forget that there’s another deadline looming that can’t wait until the last minute. As I write this, there are fewer than 90 days left to declare your compliance status against
the 16 mandatory controls in SWIFT’S Customer Security Programme (CSP). That’s less than three months to understand if you’ve met the reasonable security standards SWIFT has set, or else declare non-compliance of controls, the status of which will be made
visible to your counterparties should you grant them access when they request it.
It would be easy to view the SWIFT CSP as an exercise that just needs to be done with so you can get on with your real work, but I challenge you to view it from a broader perspective.
The sophistication of the payment fraud that’s taking place today is at a level that security experts couldn’t have predicted and it’s getting worse with each new case we hear about. Raising the bar on payment security has got to be a priority for businesses,
at every level of the organisation -- and basic strategies that focus mostly on perimeter security aren’t enough.
The harsh reality is that you will be breached.
75% of finance professionals report that their organisations experienced attempted or actual payment fraud in 2017. That’s a huge increase compared to previous years and it’s a statistic that’s getting exponentially worse by the day. You need a strategy
that goes beyond just protecting against the next attack but secures your organisation against threats as they evolve well into the future. Meeting the CSP requirements provides a great foundation for creating a broader security strategy designed to stop fraudulent
payments before they happen.
That being said, here are three key steps to take to make sure you’re on track to meet attestation:
- 1. Set up a project team
Seems like a basic first step, but its importance can’t be understated. Involve your security team early on, agree on who will take ownership of each component of the CSP, then make sure everyone has the proper SWIFT credentials to log in to the website.
The last thing you want is to miss the deadline over a silly technicality like someone not having access to the system (these kinds of “the dog ate my homework” excuses never worked for me and they won’t here either).
- 2. Asses your current state of compliance
Assemble the team you put together in step 1 and take a good honest look at where you really stand with meeting security controls (now is not the time to sugar-coat the situation - frank honesty is vital to achieve effective security). Start by focusing
on adhering to the 16 mandatory controls. I also strongly recommend that you plan to comply with the 11 advisory controls as well. For one thing, many of them are just common sense measures you should be doing anyway. You also never know when the severity
of the security landscape will require that those “optional” controls become mandatory anyway, so you might as well get ahead of the game now.
- 3. Get compliant!
Now that you’ve identified what needs to be done, make it happen! Build the baseline of security standards that SWIFT is requiring now, then continue to keep security a top priority for your organisation. Creating a security strategy that’s designed to stop
fraudulent payments before they happen is time very well spent and a business decision that will protect not only your payments, but your reputation as well.
90 days should be enough time to implement the level of security SWIFT requires. More importantly, it’s all the time you have to evaluate whether or not your security is up to the challenge of protecting against modern threats. Fraudsters are using every
tool and trick available to them. Are you?
P.S. For those of you who never waited until the 11th hour to write term papers, cheers to you! Now you can move on to
using SWIFT’s CSP to create an unfair advantage for your business.