The Committee on Payments and Market Infrastructures (CPMI) has set out a plan to improve the security of wholesale payments that involve financial institutions in a bid to prevent a repeat of last year's $81 million Bangladesh Bank hack.
Last September, following a rising number of sophisticated cyber-attacks on the financial services sector, not least a series of hits on banks using the Swift interbank messaging network, the CPMI set up a taskforce.
Led by Lawrence Sweet of the Federal Reserve Bank of New York and Johan Pissens of the National Bank of Belgium, the taskforce has now come back with a discussion note that sets out seven elements designed to address all areas relevant to preventing, detecting, responding to and communicating about wholesale payments fraud.
Operators and participants in payment systems and messaging networks need to make sure that they identify and understand the risks relate to endpoint security that they face - individually and collectively, says the paper.
Operators must establish clear endpoint security requirements for participants, for the prevention and detection of fraud, response to fraud, and for alerting the rest of the community.
"Wholesale payments fraud is becoming increasingly sophisticated and is expected to evolve further. We need to move fast, and together, to guard against any loss of confidence in the system," says CPMI Chairman Benoît Cœuré.The document is now open to comments until the end of November before guidance on each of the seven elements is developed by early next year.
Download the document now