Reply to post: Re: Co-op concerns

Analysts apply Occam's razor to Tesco Bank breach

Anonymous Coward
Anonymous Coward

Re: Co-op concerns

SWIFTNet yes uses a private IP network (SIPN). And typically the underlying servers that communicate via SWIFT are heavily secured and firewalled away. At the same time, the client software that manages and controls those servers sits on standard desktop PCs, and very often those PCs are also used for regular office use, email and web etc. I know at least one bank that recently stopped those PCs from having any kind of external internet access.

But, getting access to the SWIFT network is a million miles away from having the ability to exploit it for fraudulent payment purposes. All SWIFT participants use the SWIFT RMA facility to manage public/private key setup which restricts which other SWIFT participants you'll accept messages from. And then of course, you need correspondent banking relationships with banks in other countries in order to have them act upon the SWIFT messages you send. Contrary to popular belief, SWIFT is not a payment network and does not support clearing or settlement of payments, just the passing of instructions between banks who hold account relationships in order to instruct your correspondent to make payments for you. Those payments are then of course transacted in the appropriate local payment system, e.g. A foreign bank might ask their UK SWIFT correspondent to make a payment for them, which the UK bank will then action through BACS/CHAPS/Faster Payments as appropriate.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020