By Tom Bergin
GENEVA (Reuters) - SWIFT, whose messaging network is used by banks to send payment instructions worth trillions of dollars each day, said three clients were hacked over the summer and cyber attacks on banks are set to increase.
The theft of $81 million in February from Bangladesh's central bank using SWIFT messages rocked faith in the system whose messages had, until then, been accepted at face value.
SWIFT Chief Executive Gottfried Leibbrandt told the Sibos conference in Geneva on Monday that hackers breached the systems of two banks over the summer and a third bank repelled an attack before fraudulent SWIFT messages could be sent.
In the two cases where hackers sent payment instructions over SWIFT, the orders were not fulfilled. In the first, the receiving bank noticed that the instruction did not conform with normal transaction patterns and queried it.
In the second case, the payment was held up because the receiving bank had concerns about the ultimate beneficiary of the transfer and flagged the transaction to the paying bank, which then realized it had been hacked.
In the third case, the bank had installed a software patch from SWIFT which allowed the lender's system to spot the infiltration.
"In all of those cases no money was lost," Leibbrandt said.
SWIFT declined to say which banks were involved or where they were based. It told clients in a letter in late August that other hacking attempts had been made since the Bangladesh Bank case but had not provided details.
The Belgium-based cooperative which is owned by banks around the world, said its own network, which transfers messages between bank terminals, had not been compromised.
SWIFT also said on Monday it was introducing a set of mandatory security measures in response to the attacks which customers were expected to take to safeguard their systems against cyber heists.
Customers will be required to show each year that they have checked 16 mandatory controls. In 2018, SWIFT will inspect clients and if they do not meet the standards, the cooperative will inform the non-compliant bank's counterparties and regulators.
Leibbrandt declined to comment when asked by Reuters if SWIFT would boot non-compliant banks off the system.
Analysts said it was likely correspondent banks, which offer banking services to other lenders, would cut their relationships with any clients that SWIFT said were non-compliant.
SWIFT Chairman Yawar Shah told the conference that the threat of cyber attacks was going to get worse and that banks needed to tighten their security practices.
"This rapidly evolving threat is a game changer," he said.
(Editing by David Clarke)