FRANKFURT (Reuters) - Cyber attacks on banks in Bangladesh and Vietnam are raising questions about the security of the global payment system and one of its key components, the SWIFT messaging network.
Following is a basic explanation of how bank payments work in the euro zone:
Most bank payments in the euro zone are settled via the Target 2 payment system, owned and managed by the European Central bank and the national central banks (NCB) of euro zone countries.
When a bank makes a payment to another bank via Target 2, the account of the paying bank at its national central bank is debited and the account of the recipient bank at its own NCB is credited.
To exchange information about payments on Target 2’s platform, banks use a messaging system supplied by SWIFT, a cooperative owned by 3,000 financial firms and founded in 1973.
The SWIFT network is used by about 11,000 banks around the world and helps move billion of dollars every day.
Target 2 is used by around 1,800 banks in 25 European countries to make payments on their own account or on behalf of their customers, according to ECB data.
Taking into account branches and subsidiaries, more than 55,000 banks across the world can be reached via Target 2. Foreign payment systems and firms which settle financial transactions also have access to Target 2.
On the average day in 2015, Target 2 handled 343,729 payments, worth some 1.8 trillion euros ($2.0 trillion).
Around 55 percent of payments were between bank customers, 30 percent between banks themselves and the remainder were so-called ‘ancillary system payments’, such as transactions relating to financial securities.
While the average transaction was worth 5.3 million euros, more than two-thirds of all Target 2 payments had a value of less than 50,000 euros.
In total, 99.9 percent of Target 2 payments were processed in less than five minutes.
A key part of SWIFT’s job is to authenticate the messages sent by its customers, encrypt them and ensure they remain confidential and safe until they are delivered.
On top of its messaging system, SWIFT provides software such as Alliance Access that links banks’ internal IT system to the SWIFT network.
Researchers at British defense contractor BAE Systems said Alliance Access was probably manipulated by hackers who stole $81 million dollars from a U.S. account of Bangladesh’s central bank earlier this year, in a bid to help hide their traces.
Cyber-criminals also unsuccessfully tried to send money using the SWIFT network from a Vietnamese bank to a Slovenian one in December, a top Vietnamese central bank official said on Tuesday.
SWIFT released a mandatory security update to the software on Monday, saying it was designed to help banks identify situations in which attackers have attempted to cover their tracks.
The ECB has yet to comment on its response to growing concerns about cyber attacks on banks.
ECB Governing Council Member and Lithuanian central bank governor Vitas Vasiliauskas told Reuters his bank was working on a daily basis to improve its own and his country’s banks’ ability to prevent cyber attacks, but he saw no need to make changes.
The Bank of England ordered UK banks to detail steps taken to secure computers connected to the SWIFT bank messaging network, three people familiar with the efforts told Reuters.
Major U.S. banks are also scrutinizing the security of the SWIFT messaging network following the cyber attacks, according to media reports on Tuesday.
Writing By Francesco Canepa; Editing by Hugh Lawson