Given the broad reach and the vulnerable nature of the SWIFT platform across the payment industry, it remains an attractive channel for cyberattacks to leverage the flaws in the poor implementations of the systems. The SWIFT CSCF V2022 guidelines has been published in order to assist SWIFT users to detect, protect, and share information about financial services cybercrime. Let’s dive deep to uncover them.
In July 2021, SWIFT published the CSCF v2022 pdf detailing the new updates about some adjustments in the control policies, guiding rules, and many clarifications to the existing implementation guidelines and controls. SWIFT users need to attest their compliance against this new CSCF v2022 between early July and 31st December 2022.
Note: The CSCF v2022 updates will be implemented in the KYC-SA application (the online repository for customer attestations) in July 2022.
Generally, it is a challenging task to access the administrator-level operating system accounts in any organization. The usage is controlled, monitored, and only permitted for relevant software installation and configuration, maintenance, and emergency activities. The low privileged accounts open a system's vulnerabilities and allow cybercriminals to exploit processes. This extension ensures that control 1.2 now covers basic security hygiene on end-user devices and extends the scope to include general-purpose operator PCs and architecture B.
This newly incorporated control panel for architecture A4 will protect the customer connector and other customer-related equipment with the existing control 1.1, which applies to all architecture A types from external environments and compromises or attacks on the broader enterprise environment. It is analogous to the Secure Zone, a segmented and controlled environment tied to the SWIFT CSP control framework facilitating communication with an external messaging interface or a communication interface (or both) or to a service provider (handling the external connection)
SWIFT has recently added this 2.9 control as mandatory, which means that a 24/7 operational environment will be taken into account in order to curtail the menace of payment scams/fraud at a certain level. It does not matter which architectural types you have been using; this mandate will apply to everyone's architecture. Implementing transaction detection, prevention, and validation controls is imperative to restrict outbound transaction activity to regular business's expected bounds.
Customer connectors were introduced as an advisory component in-scope for numerous controls in CSCF v2021; now, users need to follow software integrity functions in the SWIFT software. Generally, a software integrity check is performed at regular intervals on messaging interface, communication interface, and other SWIFT-related applications as a disciplinary action to seize payment threats.
Secure Zones need to bolster new sanctioned controls.
Confidentiality, integrity, and authentication mechanisms are implemented to protect the SWIFT network.
It’s time to edge off all the redundant references from the customer connector
Explicitly refer to network devices
Critical outsourced activities should be protected
Explicitly refers to network devices
Explicitly refers to non-connected tokens
Align control objective with the requested recurring staff screening
Guide global log retention to support forensics in line with local legislation
Consider the SWIFT recovery roadmap as a guide
Split’ annual security awareness’ expectation from ‘maintaining knowledge over time
As SWIFT emphasized, applying security controls and measuring the current organizational environment to meet control objectives is a risky and time-consuming approach if it is not done aptly. Being a certified SWIFT Service Bureau, we offer comprehensive services for all SWIFT users, ranging from CSP consulting and advising on compliance requirements, to designing, and operating the SWIFT infrastructure in order to evaluate your compliance with the CSP controls (CSCF).
We are also offering the option of a “checkpoint” while performing a cybersecurity assessment of SWIFT-related environment to ensure that your business is complying with the SWIFT Customer Security Controls Framework (v 2022). We will take care of any vulnerability in your SWIFT network and application infrastructure by following an entire end-to-end chain of the transaction lifecycle.
As SWIFT emphasized, applying security controls and measuring the current organizational environment to meet control objectives is a risky and time-consuming approach if it is not done aptly. Being a certified SWIFT Service Bureau, we offer comprehensive services for all SWIFT users, ranging from CSP consulting and advising on compliance requirements, to designing, and operating the SWIFT infrastructure in order to evaluate your compliance with the CSP controls (CSCF).
We are also offering the option of a “checkpoint” while performing a cybersecurity assessment of SWIFT-related environment to ensure that your business is complying with the SWIFT Customer Security Controls Framework (v 2022). We will take care of any vulnerability in your SWIFT network and application infrastructure by following an entire end-to-end chain of the transaction lifecycle.
ECS Fin is an engineering enterprise that specializes in process optimization. We design software solutions with a systems approach to transaction processing.
50 Main Street #1000-1036 White Plains, NY 10606, New York
© 2024 ECS FIN. All Rights Reserved.