Prevent Endpoint Payment Fraud in Your Wholesale Operations
In today's highly connected digital environment, cyberattacks are a seemingly everyday occurrence that threatens everyone's financial security. But what about banks and the financial institutions that participate in the clearing and settlement of large electronic value transfers, also known as wholesale payments? Are they vulnerable to the same types of fraud as businesses and individuals?
The short and very expensive answer is yes. Here's what wholesale businesses need to know about endpoint payment fraud—what it is, how it works and what's being done to prevent it.
What is the wholesale payment system?
Every day, billions of dollars are transferred between banks and countries over wholesale payment systems. These systems are overseen and connected to central banks around the world to ensure smooth inter-bank and inter-country transactions. These large-value, time-critical payments are processed electronically and are used primarily for transfer services for US government and agency securities, real estate transactions, foreign exchange transactions and similar financial market transactions.
There are two steps in the wholesale payment process: clearing and settlement. Clearing is the sending and confirmation of the request between two financial institutions, while settlement is the actual transfer of funds from one financial firm to the other.
Some of these clearing and settlement systems include:
- Fedwire Funds Services
- Clearing House Interbank Payments System, or CHIPS
- National Settlement Services, or NSS
- The messaging system known as the Society for Worldwide Interbank Financial Telecommunication, or SWIFT
How does endpoint payment fraud happen?
An endpoint in the wholesale payment network is any step or instance when payment request, instructions and information is exchanged between the participants. These participants include the requesting banks and financial institutions, the receiving banks or financial institutions and the clearing and settlement systems relaying and fulfilling that request. It's at these points in the wholesale payment system that a cyberattacker can compromise that data and commit endpoint payment fraud.
For example, over a 10-day period in 2015, hackers were able to use Ecuador's Banco del Austro's secured SWIFT messaging system to transfer $12 million from the bank's Wells Fargo accounts to bank accounts around the world. And in 2016, hackers were able to use the Bank of Bangladesh's SWIFT messaging system to steal $81 million from the bank's Federal Reserve account and transfer the funds to casinos in the Philippines. Only $18 million were ever recovered.
This type of fraud can have huge consequences for not only the parties involved but the entire international financial infrastructure. Wholesale payments are critical to organizations across the entire economy. Any vulnerability is a shared one, and a major attack could compromise resiliency and create disruption across the entire supply chain.
Best practices for prevention and response
Not surprisingly, stakeholders throughout the wholesale payment system are taking steps to mitigate this type of fraud. In 2016, SWIFT introduced its Customer Security Program with three components: information sharing, enhanced tools and a customer security controls framework.
Some progress has been made on defending institutions against fraud. The Federal Reserve has proposed a policy requiring real-time monitoring of all Fedwire payments and a cap on certain transactions. The Federal Financial Institution Examination Council put forth suggestions on securing wholesale payment systems, including using authentication and encryption technology.
The most robust effort, however, has been by led by the Committee on Payments and Market Infrastructures, or CMPI. In 2018, CMPI issued a final strategy report on reducing endpoint payment fraud containing seven elements for operators and participants of a wholesale payment system. These elements include establishing endpoint security requirements and using information and tools to improve prevention and detection.
The best way wholesale business owners can help protect themselves against fraud is by communicating with their banks. Ask your banks what type of wholesale payment systems they use, what they're doing to protect themselves from endpoint payment fraud and what precautions they are taking to protect their customers' funds.
Financial insights for your business
This information is provided for educational purposes only and should not be relied on or interpreted as accounting, financial planning, investment, legal or tax advice. First Citizens Bank (or its affiliates) neither endorses nor guarantees this information, and encourages you to consult a professional for advice applicable to your specific situation.