How the SWIFT Network Works

How the SWIFT Network Works

For starters, just to understand the current state of the SWIFT system, we’ll have to familiarise ourselves with a bit of its history. As I explained in the initial post, SWIFT was established as a cooperative in Brussels, Belgium in July 1988 with the help of 13 of its 29 founding banks.

Interestingly, the acronym ‘SWIFT’ stems from the first letter of each founding bank’s name (Sybrand van Zijl’s (CFCN) ‘Secrecy & Communication Network’ and Fabian Druien’s (DAE) ‘Secrecy & Security Network’, to the later ‘Secrecy & Communication Network’ or CSN).

In 1995, after nearly 10 years of success and expansion, the SWIFT Network officially joined the banking network under the CSN umbrella (CIFSDIB) and it has been one of its main pillars ever since.

Thus, the SWIFT network’s core functions are:

To provide confidential messaging services between financial institutions that allow banks to initiate and receive messages directly from each other in real time.

To facilitate transactions between banks on the basis of the funds held within each institution.

To authenticate the origin of every transaction in the form of a cryptographic key for transactions over the SWIFT Network.

To enable and enforce the authentication of communications and the encryption of messages.

The funding for the project was provided entirely by the participating banks in the CSN system.

Throughout the years, the SWIFT Network has proven itself to be a reliable tool and has scaled significantly as new banks joined the system. Indeed, according to SWIFT’s latest website, it can now reach around 11,000 financial institutions around the world in 220 countries and territories (more than 110,000 employees and 25,000 technology partners).

This means that if we take into account the millions of messages being exchanged between financial institutions every day, the potential for corruption is massive.

Existing Security Threats

As in other parts of the world, banking systems are under high levels of cyber-attacks, with attacks not only carried out by hackers but also by criminal organisations, and even governments.

Hackers, for instance, target banks and banks attack computers by compromising them directly and then using them to steal confidential information and then selling it. Often, banks do not realize their systems have been compromised until they uncover a significant number of fake banking transactions on their bank statement.

As another example, criminal organisations can use hacking tools and techniques to bypass the security systems of the banks. For instance, they may be able to find vulnerabilities in the SWIFT system (or any other banking systems), and exploit them in order to steal banking information and then provide it to other criminals, who may not necessarily be from the same organisation but who are cooperating and sharing information.

It is worth noting that banks have different solutions to the threat, which is not unlike that of what a mobile casino might come under. There are always such security concerns and threats when dealing with money, but that’s why payment platforms and the likes of casino sites are classified as falling under the financial services sector, as they provide a value-added service which encompasses security of customers’ money.

David Robertson