Menu
SWIFT’s Customer Security Program (CSP) helps financial institutions ensure their defenses against cyberattacks are up to date and effective, to protect the integrity of the wider financial network. Users compare the security measures they have implemented with those detailed in the Customer Security Controls Framework (CSCF), before attesting their level of compliance annually.
Implementing the latest security controls, being compliant to the latest security control and performing an independent assessment are the three levels to reach overall compliance.
At the end of 2015, a bank in Vietnam was hacked and became the victim of a cyber attack on the SWIFT system, when attackers aimed to steal USD 1.36 million from the bank’s account. In 2016, an increase in the number of cyberattacks on the SWIFT system was reported globally with the most severe case being a compromise by the Central Bank of Bangladesh resulting in fraudulent remittance instructions with total value of $951 million, of which $101 million was handled by the Federal Reserve Bank of New York.
In response to cyberattacks and breaches throughout 2015-2016, in 2017 SWIFT issued 16 mandatory and 11 optional security controls to all 11,000 customers worldwide. All clients are required to attest to meeting annual controls and the results of this are shared with partners and regulators.
The latest Customer Security Control Framework (CSCF) consists of a set of 3 objectives which focus on 7 principles and contain 32 controls. This framework is applicable to five type of SWIFT user architectures titled A1, A2, A3, A4 and B. SWIFT users must first identify which architecture applies to them before implementing the controls.
Security is critical in the financial messaging service. Customers must follow the SWIFT Customer Security Controls Framework (CSCF), which SWIFT describes as “a security baseline for the entire community”.
Implementing the latest security controls, being compliant to the latest security control and performing an independent assessment are the three levels to reach overall compliance.
Engaging Ejabi InfoSec as an external specialist will not only ensure that you meet Swift’s mandatory compliance requirements but will also provide additional assurance in the security of your Swift-related infrastructure. An attestation assessment determines whether Swift CSP risk drivers are met. Our clear report meets Swift IAF supporting document requirements, provides insight and tailored advice on how to address non-compliance ,and guides you through the submission of a fully compliant attestation via the Swift KYC-SA application
Our SWIFT CSP gap assessment analyzes your organization’s SWIFT-related infrastructure to determine what you need to do to meet SWIFT’s mandatory compliance requirements. Consultants will interview relevant staff, review your current policies, procedures, and practices, and then produce a detailed gap report that defines your current compliance levels, highlights any areas that need to be addressed, and provides tailored recommendations to achieve compliance against the Swift CSCF controls
It is imperative for businesses to secure their data with proactive security solutions. Reach out to Ejabi InfoSec today and learn how our services can help you safeguard your business.