In the light of a recent heist of the Bangladesh Bank account from the New York Federal Reserve that resulted in cyber criminals making off with $81 million, many in investment banking are questioning whether there is a need to review financial software to improve cyber security measures within their institutions.
While the recent heist was foiled to prevent the intended transfer of $1billion dollars from the Bangladesh’s central bank account, it still raises some concerns as to how and why the fraudulent activity wasn’t detected earlier and how it could be prevented in the future.
The failure of the system
The whole premise behind the heist involved using the centrally governed SWIFT (Society for Worldwide Interbank Financial Telecommunication) messaging system that is universally used and trusted by over 11,000 members. Using this system, the cyber hackers stole the SWIFT credentials and sent 35 fraudulent messages in one day, requesting transfers totalling $1billion from the Bangladesh Bank to individual accounts. While looking at the Bangladesh Bank account history should have already indicated something suspicions to the NY Federal Reserve, it didn’t. And it appears that the detection of the fraudulent messages was in fact a stroke of luck, rather than deliberate detection.
Initially the 35 messages were rejected by the NY Fed because they missed vital information, but on resubmission by the hackers with the correct information supplied, 5 got through. However, the others were rejected by chance as the street name for the recipient bank in the Philippines was Jupiter Street, which just happens to be an Iranian oil tanker and shipping outfit that is under US sanctions.
Blockchains – a possible solution?
The scale of the recent heist has emphasised that despite numerous fortifications against cyber criminals, bank institutions are still vulnerable to tried and trusted methods of sophisticated cyber theft.
Blockchain was originally developed for Bitcoin, a virtual currency, providing a decentralised system using a network of different computers to write coded ledgers that create an irrefutable and incorruptible record of past transactions in individual Blockchains. These Blockchains are shared publicly as part of the decentralised system, meaning no central authority is required to process or record transactions, therefore making interactions safe, secure and trusted.
The structure of the Blockchain was specifically designed to create ledgers within an automated system; but distributed ledgers can offer a more comprehensive and robust system that can be supported by all types of systems. This would allow banks to implement varying levels of control and permissions within the system for greater flexibility, rather than be autonomous.
The current landscape
At present other than the SWIFT system, there is not much of a unified approach to risk assessment and management. The responsibility to carry out risk assessments and implement risk management systems currently falls to the individual institutions and happens internally, which has lead differing best practices and procedures across the board. This could make smaller banks with less sophisticated risk management systems more vulnerable to cyber attacks.
But with a distributed ledger system that is fully integrated across all banking systems worldwide, it could deliver much better cyber security. As much of the distributed ledgers are automated and the ledger history is ubiquitous and unchangeable, detailing a linear and chronological Blockchain of transaction history, it is not possible to delete or alter past transactions, so potential high-tech cyber attacks could be prevented before they happen.
With this in mind, it seems that many of the world’s central banks such as Goldman Sachs, JP Morgan, Citigroup, Wells Fargo and Bank of America are already experimenting with Blockchain. However, it’s worth noting that at this stage, much of the motivation behind this is economic rather than preventing cyber attacks. It’s thought that Blockchain could lead to significant operational savings, which would inevitably be beneficial, and preventing cyber-fraud in the process would be an added bonus.
When it comes to investment banking, the need to cover the eventuality of cyber criminality is key to protecting capital. Therefore, investing in a robust and reliable level of finance software is essential.