Swift Infrastructure 2j1b
This document was ed by and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this report form. Report 3i3n4
Overview 26281t
& View Swift Infrastructure as PDF for free.
More details 6y5l6z
- Words: 2,245
- Pages: 67
SWIFT:
The Financial Industry Infrastructure for Secure Messaging Gabriel Soriano October 4th , 2006 NYSSA Banking Convention Corp_present_20060927_v27.ppt
Slide 1
Agenda 1 Overview of SWIFT 2 Access to the SWIFT interface 3 Access to the SWIFT network 4 Message integrity, confidentiality controls 5 Messaging Service and Interface Control functions
Corp_present_20060927_v27.ppt
Slide 2
Introducing SWIFT
y Sta t i n nd u ar d m m s Co
Platform
Corp_present_20060927_v27.ppt
Slide 3
The SWIFT community banks found SWIFT 1973
4
8 198
1990
2000
1996
19 98
- payments MIs - proxy voting agencies - non-shareholding financial institutions Corp_present_20060927_v27.ppt
19 92
1999
95 19
- treasury counterparties - treasury ETC service providers
travellers cheque issuers
9 198
2001
MA-CUGs securities MIs
20 02
0 20
fund s
19 87
securities market data providers
- broker/dealers - central depositories & clearing institutions - exchanges
money brokers - registrars & transfer agents - custody providers - trust or fiduciary services companies investment managers
trading institutions
treasury securities ETC service providers Slide 4
SWIFT governance Oversight
National Bank of Belgium and G-10 Central Banks
Governance Board Board Committees National Member Groups Groups SWIFT SWIFT community Corp_present_20060927_v27.ppt
Slide 5
Sibos – forum for industry dialogue Financial
industry’s premier event Global forum to debate strategic issues Conference, exhibition, networking 6,000 executives and technology managers 2007: Boston, US, 1-5 October
Corp_present_20060927_v27.ppt
Slide 6
Working with SWIFT Partners Solution Partners: Providers of business
applications, middleware, and interfaces
Service Partners: Implementation and integration
of connectivity and SWIFTSolutions
Business Partners: Partners Marketing and selling SWIFT
products
Network Partners: AT&T, Colt, Equant, BT Infonet
Corp_present_20060927_v27.ppt
Slide 7
SWIFT figures (July 2006) 2.5 billion messages per year 7,940 customers 206 countries Average daily traffic 11.2 million messages Peak day of 12.8 million messages 30 June 2006
Corp_present_20060927_v27.ppt
Slide 8
SWIFTNet FIN messages by market (July 2006) Treasury
Trade
104 million mgs 27 million mgs
6 %2 %
Securities
Payments
895 million mgs
605 million mgs
37%
Corp_present_20060927_v27.ppt
55%
Slide 9
Traffic and Pricing Harnessing economies of scale Price (EURcent/msg)
50 45
Traffic (Millions of messages)
3000 ffic
a Tr
40 35
2000
30
1500
25 20 15
2500
1000 Price
10
0
19 91 19 92 19 93 19 94 19 95 19 96 19 97 19 98 19 99 20 00 20 01 20 02 20 03 20 04 20 0 20 5 06 E
5
500
Corp_present_20060927_v27.ppt
Slide 10
Extending reach Embracing the business community
Corporates Securities Banking and Payments
Corp_present_20060927_v27.ppt
Slide 11
Banking Market Infrastructures – July 2006 Live Albania (AIP) Algeria (RTGS) Angola (PTR) Australia (PDS) Austria (ARTIS) Azerbaijan (AZIPS) Bahamas (BHS) Barbados (BDS) Belgium (ELLIPS) Bosnia & Herzegovina (BIH) Bulgaria (BGN-RINGS) Canada (LVTS) Chile (Netting - LBTR) CLS Bank Croatia (HSVP)
Denmark (DDK-KRONOS) Egypt (CBE) EBA Clearing (EURO1/STEP1) ECB (TARGET) Finland (BOF) (CRI – PNS/TBF) (RTGSPlus) Ghana (GISS) Greece (HERMES) Guatemala (RTGS) Hungary (VIBER) Ireland (IRIS) Italy (BIREL) Jordan (RTGS) Kenya (KEPSS)
Kuwait (RTGS) Latvia (LVL) Luxemburg (LIPS) Malta (MARIS) Mauritius (MACSS) Namibia (NISS) Netherlands (TOP) New Zealand (AVP) Norway (NICS) Oman (RTGS) Philippines (PPS) Romania (REGIS) Slovenia (SIPS) South Africa (BOP RTGS - SAMOS)
Implementation Bahrain (RTGS) Botswana (RTGS) Central African States (BEAC) Eurosystem (TARGET2) Israel (RTGS)
Corp_present_20060927_v27.ppt
Spain (NSLBE - SLBE) Sri Lanka (LankaSettle) Sweden (RIX) Switzerland (Remote Gate) Tanzania (TISS) Thailand (BAHTNET/2) Trinidad & Tobago (SAFE-TT) Uganda (UNIS) United Kingdom (CHAPS-£ CHAPS-€ / Enquiry Link) United States (CHIPS) Venezuela (PIBC) Zambia (RTGS) Zimbabwe (ZETTS) West African States (BCEAO)
Planning/Discussion
Lesotho (RTGS) Morocco (RTGS) Pakistan (RTGS) Singapore (MEPS+) Tunisia (RTGS)
High-Value Payments
Fiji (RTGS) Georgia (RTGS) Lebanon (RTGS) Palestine (RTGS) Peru (RTGS) Russian Federation (RTGS)
Slide 12
Community and Business dimensions Heritage
• Established in 1973 by 239 banks in 15 countries • Developed shared messaging platform for financial transactions • Emphasis on security, reliability and availability
Understanding
• Serving over 7,800 financial institutions across 204 countries • Payments, Securities, Foreign Exchange, Treasury and Trade • Reducing costs, improving automation, managing risk
Neutrality
• Industry-owned community • Overseen by regulatory authorities • Impartial to the data transacted across the messaging platform
Technology
• Store and forward, file transfer, interactive query & response • Open standards • IP VPN over fibre-optic backbone
Corp_present_20060927_v27.ppt
Slide 13
SWIFT Business
and Technical Messaging Communications across the lifecycle of a financial transaction
SWIFT
does NOT provide clearing or settlement services
SWIFT
does not hold s or assets
Participants SWIFT
are responsible for their data
is neutral, apolitical and -owned
Corp_present_20060927_v27.ppt
Slide 14
Introducing SWIFT
y Sta t i n nd u ar d m m s Co
Platform
Corp_present_20060927_v27.ppt
Slide 15
Message categories 0 System messages 1 Customer transfers & cheques 2 Financial institutions transfer 3 Foreign exchange, money markets & derivatives 4 Collections & cash letters 5 Securities markets 6 Precious metals & syndications 7 Documentary credits & guarantees 8 Travellers cheques 9 Cash management & customer status
Corp_present_20060927_v27.ppt
Slide 16
Message structure
Corp_present_20060927_v27.ppt
Slide 17
SWIFTStandards development A business centric approach Business process modelling
Standards
SWIFTNet
SWIFT Corp_present_20060927_v27.ppt
Market practice
Applications Integration
Partners Slide 18
SWIFTStandards Payments market
Single Credit Transfers Exceptions & Investigations Cash Management
Cash Management
MT 9xx
MT 101
MT 9xx
Ordering customer
Corp_present_20060927_v27.ppt
MT 9xx
MT 1xx, 2xx
Exceptions & Investigations
Beneficiary customer’s financial institution
Bulk Payments (CT + DD)
Exceptions & Investigations
Cash Management
Payment Initiation (CT + DD)
Ordering customer’s financial institution
Beneficiary customer FIN-based
XML-based (under construction)
Slide 19
Introducing SWIFT
y Sta t i n nd u ar d m m s Co
Platform
Corp_present_20060927_v27.ppt
Slide 20
Single access infrastructure Applications Trade
■Payments ■Foreign Exchange ■ Securities ■ Reporting
Messaging Services ■ FIN ■ FileAct ■ InterAct ■ Browse
ABC Bank
Treasury SWIFTNet
XYZ Bank
SWIFTNet interface Payments Investigation
One platform
Lower costs
Full STP
Reduced risk
Highest level of security and resiliency
Improved liquidity management
Facilitate Compliance
Corp_present_20060927_v27.ppt
Standards
Other Bank
Any Bank Slide 21
SWIFT product stack Payments Treasury Trade Securities Standards
Rules
Messaging Services Directories and Information Services
Interfaces
Security
Resilience
Quality of service
SWIFTSolutions
SWIFTSolutions
Secure IP Network (SIPN) Corp_present_20060927_v27.ppt
Reliability
Slide 22
Identify potential risks in the following areas :
Access
to the SWIFT interface
Access
to the SWIFT network
Integrity/confidentiality Integrity
of the SWIFT messages
of the message flow
Corp_present_20060927_v27.ppt
Slide 23
SWIFT interfaces – Open and close connection to
STN/SIPN – Send messages to SWIFT – Receive messages from SWIFT – Manually enter messages – Accept messages from a back
office application – Send messages to a back office
application – Send messages to a printer
Corp_present_20060927_v27.ppt
Slide 24
SWIFT interfaces
– SWIFTAlliance Access – SWIFTAlliance Entry – MERVA/ESA – TURBO SWIFT – STELINK – MINT – FASTWIRE – BESS – NOVA SWIFT – ...
Corp_present_20060927_v27.ppt
Slide 25
Connecting to SWIFTNet Many ways of implementing… Messaging Layer
Business Layer
Back Office application
SWIFTNet Services
Middleware
Messaging interfaces
Back Office application
Back Office application
Communication Layer
Communication Interfaces
VPN box
SWIFTNet
Middleware
Back Office application
Back Office application
…….
Corp_present_20060927_v27.ppt
Your counterparty
Slide 26
SWIFTAlliance interface Application Layer
Middleware Layer
Messaging Layer
SWIFTAlliance Access (SAA) SWIFTAlliance Entry (SAE)
You
Corp_present_20060927_v27.ppt
Communication Layer
SWIFTNet Services
SWIFTAlliance Gateway (SAG) SWIFTAlliance Starter Set (SAS)
VPN box
SWIFTNet
Your counterparty
Slide 27
g on to the SWIFT interface
Corp_present_20060927_v27.ppt
Slide 28
s Initialisation Master
✓
s documents available ?
✓
Access to s documents ?
Corp_present_20060927_v27.ppt
Slide 29
s of the SWIFT interface Anonymous
names vs Personal operator names Are
all operators still using the interface?
Corp_present_20060927_v27.ppt
Slide 30
Enabling an operator Automatic
enabled when approved by both LSO and RSO
Corp_present_20060927_v27.ppt
Slide 31
Disabling an operator Automatic
after too many wrong s
Manually
by LSO, RSO or anybody with disabling permission
Corp_present_20060927_v27.ppt
Slide 32
Security parameters List
of configuration parameters
– e.g. period, max # of bad s… only
visible by LSO and RSO
Corp_present_20060927_v27.ppt
Slide 33
SWIFTAlliance: Segregation of duties
Creation
Verification
Authorisation
Approval Modification
Corp_present_20060927_v27.ppt
Slide 34
Profiles Each
operator has minimum one profile
a
profile defines the applications, functions and permissions for one or more operators
one
profile can be given to several operators
if
permissions change, then the operators are disabled. LSO and RSO must re-approve these operators
Corp_present_20060927_v27.ppt
Slide 35
Profile details A
profile has 3 levels
– applications – functions – permissions
Corp_present_20060927_v27.ppt
Slide 36
Permission details Prohibited
nothing = no restrictions
Allowed
are all MTs starting with 1, 2 and 9
SWIFT
FIN system MTs not allowed
Corp_present_20060927_v27.ppt
Slide 37
What to check in a profile? Access
control
Message
Creation and Modification
Message
Approval
Message
File
Security
Definition
Corp_present_20060927_v27.ppt
Slide 38
Identify potential risks in the following areas :
Access
to the SWIFT interface
Access
to the SWIFT network
Integrity/confidentiality Integrity
of the SWIFT messages
of the message flow
Corp_present_20060927_v27.ppt
Slide 39
SWIFT’s Secure IP Network (SIPN) Customer
Swift
Network Partner
Network Partner 1
VPN box Customer
Swift
VPN box
POP
M-E
IPsec tunnels provide end-to-end protection through the ‘untrusted’ vendor IP networks
Network Partner 2
SIPN Backbone Network OPCs
SIPN Access Network
Backbone Access Points
SIPN Corp_present_20060927_v27.ppt
Slide 40
Security equipment needed to connect to FIN Card
readers
Integrated
Circuit Cards (ICCs)
Bank A
Corp_present_20060927 _v27 .ppt
Bank B
Slide 4 4
Secure Card Reader (SCR) Functions
related to BKE and SLS services
Configuring
and managing ICCs
PIN
updates
SCR
configuration
Corp_present_20060927_v27.ppt
Slide 42
Integrated Circuit Card (ICC) contains
functional elements of microcomputer
embedded works
chip within the card
only when inserted into card reader
protected unique
by 1 or 2 PINs
reference = SWIFT Card Number (SCN)
Corp_present_20060927_v27.ppt
Slide 43
Connecting to the SWIFT network Secure and Select (SLS)
FIN
APC SELECT LTC
Corp_present_20060927_v27.ppt
Slide 44
Manual and Select Insert
ICC in the card reader
use
the CBT to send and Select to SWIFT
Corp_present_20060927_v27.ppt
Slide 45
Automated and Select No
operator intervention
ICC must be in card reader on and Select
or
Session Keys must have been ed in advance
Corp_present_20060927_v27.ppt
Slide 46
Disconnecting from the SWIFT network
FIN
APC
QUIT
LTC
Corp_present_20060927_v27.ppt
Slide 47
SWIFTNet FIN Phase 2 PKI: FIN Access control PKI: End-2-end security RMA: Relationship mgt.
SWIFTNet PKI
PKI HSM
SWIFTNet FIN interface
Corp_present_20060927_v27.ppt
PKI
FIN PKI
PKI
HSM
SWIFTNet FIN interface
Slide 48
Identify potential risks in the following areas :
Access
to the SWIFT interface
Access
to the SWIFT network
Integrity/confidentiality Integrity
of the SWIFT messages
of the message flow
Corp_present_20060927_v27.ppt
Slide 49
Authentication applied
on -to- messages
assures
identity of sender
integrity
of message text
mandatory
Corp_present_20060927_v27.ppt
for most message types
Slide 50
Authenticator keys : what to check? Keys Still
regularly changed ?
correspondent relationship ?
Keys
securely stored ?
Procedure
for unsuccessful BKE ?
Procedure
for messages that failed authentication?
Corp_present_20060927_v27.ppt
Slide 51
Local Authentication authentication
between back-office application and SWIFT interface
Corp_present_20060927_v27.ppt
Slide 52
Integrity of the message flow : session numbers
FIN
1281 APC
Select
1265 LTC
Corp_present_20060927_v27.ppt
Slide 53
Sequence numbers 472136 Input Sequence Number
327185 Output Sequence Number
Corp_present_20060927_v27.ppt
Slide 54
Message Input Reference (MIR)
031020ABNKBEBBAXXX0142123456 input date
Corp_present_20060927_v27.ppt
sender’s address
input input session sequence number number
Slide 55
Message Output Reference (MOR)
031020ABNKBEBBAXXX0142654321 output date
Corp_present_20060927_v27.ppt
output output receiver’s address session sequence number number
Slide 56
Routing in the SWIFT interface
printer 1
printer 2
application
Corp_present_20060927_v27.ppt
Slide 57
Routing in the SWIFT interface Are
all messages ed for ?
Are
all the messages routed to the right place ?
Is
there any specific routing for received messages with PDE or PDM trailer ?
Corp_present_20060927_v27.ppt
Slide 58
Interface/Network Audit Trails
Corp_present_20060927_v27.ppt
Slide 59
Message File keeps
copy of all messages
status
and history of messages can be checked
Corp_present_20060927_v27.ppt
Slide 60
Identification of a message : UUMID (Unique)
Message Identifier
IBNPAFRPPXXX202TR7823689
input/output message
MT
sender’s reference
correspondent
Corp_present_20060927_v27.ppt
Slide 61
Event Journal events
in the SWIFT interface actions initiated by the software or actions by s
Corp_present_20060927_v27.ppt
Slide 62
Search function in Event Journal Search
on
– date and time – class and severity – operator – description of the event
Corp_present_20060927_v27.ppt
Slide 63
MT 081 Daily Check Report lists
number of messages sent and received for all APC or FIN sessions closed since previous MT 081 daily at approximately midnight local time, provided APC and FIN are closed
FIN 081
APC 081
generated
Corp_present_20060927_v27.ppt
LTC
Slide 64
MT 082 Undelivered Message Report received
from SWIFT every day
lists
all undelivered messages at generation time : messages sent by your institution but not yet received by your correspondent
082
Corp_present_20060927_v27.ppt
Slide 65
tion
Example of an auditor’s profile Applications
Functions
Permissions
Access Control
Signon
Applic. Interface
Open/Print Partner First part Local Aut Key = Yes
BK Management
Open/Print Communicating Pair (pre-agree/keys) Access : Prohibited nothing
Event Journal
-
Message File
Search
Start and End time
Completely hide messages of other units=No
Corp_present_20060927_v27.ppt
Slide 66
Making financial messaging safer and less costly
Corp_present_20060927_v27.ppt
Slide 67
The Financial Industry Infrastructure for Secure Messaging Gabriel Soriano October 4th , 2006 NYSSA Banking Convention Corp_present_20060927_v27.ppt
Slide 1
Agenda 1 Overview of SWIFT 2 Access to the SWIFT interface 3 Access to the SWIFT network 4 Message integrity, confidentiality controls 5 Messaging Service and Interface Control functions
Corp_present_20060927_v27.ppt
Slide 2
Introducing SWIFT
y Sta t i n nd u ar d m m s Co
Platform
Corp_present_20060927_v27.ppt
Slide 3
The SWIFT community banks found SWIFT 1973
4
8 198
1990
2000
1996
19 98
- payments MIs - proxy voting agencies - non-shareholding financial institutions Corp_present_20060927_v27.ppt
19 92
1999
95 19
- treasury counterparties - treasury ETC service providers
travellers cheque issuers
9 198
2001
MA-CUGs securities MIs
20 02
0 20
fund s
19 87
securities market data providers
- broker/dealers - central depositories & clearing institutions - exchanges
money brokers - registrars & transfer agents - custody providers - trust or fiduciary services companies investment managers
trading institutions
treasury securities ETC service providers Slide 4
SWIFT governance Oversight
National Bank of Belgium and G-10 Central Banks
Governance Board Board Committees National Member Groups Groups SWIFT SWIFT community Corp_present_20060927_v27.ppt
Slide 5
Sibos – forum for industry dialogue Financial
industry’s premier event Global forum to debate strategic issues Conference, exhibition, networking 6,000 executives and technology managers 2007: Boston, US, 1-5 October
Corp_present_20060927_v27.ppt
Slide 6
Working with SWIFT Partners Solution Partners: Providers of business
applications, middleware, and interfaces
Service Partners: Implementation and integration
of connectivity and SWIFTSolutions
Business Partners: Partners Marketing and selling SWIFT
products
Network Partners: AT&T, Colt, Equant, BT Infonet
Corp_present_20060927_v27.ppt
Slide 7
SWIFT figures (July 2006) 2.5 billion messages per year 7,940 customers 206 countries Average daily traffic 11.2 million messages Peak day of 12.8 million messages 30 June 2006
Corp_present_20060927_v27.ppt
Slide 8
SWIFTNet FIN messages by market (July 2006) Treasury
Trade
104 million mgs 27 million mgs
6 %2 %
Securities
Payments
895 million mgs
605 million mgs
37%
Corp_present_20060927_v27.ppt
55%
Slide 9
Traffic and Pricing Harnessing economies of scale Price (EURcent/msg)
50 45
Traffic (Millions of messages)
3000 ffic
a Tr
40 35
2000
30
1500
25 20 15
2500
1000 Price
10
0
19 91 19 92 19 93 19 94 19 95 19 96 19 97 19 98 19 99 20 00 20 01 20 02 20 03 20 04 20 0 20 5 06 E
5
500
Corp_present_20060927_v27.ppt
Slide 10
Extending reach Embracing the business community
Corporates Securities Banking and Payments
Corp_present_20060927_v27.ppt
Slide 11
Banking Market Infrastructures – July 2006 Live Albania (AIP) Algeria (RTGS) Angola (PTR) Australia (PDS) Austria (ARTIS) Azerbaijan (AZIPS) Bahamas (BHS) Barbados (BDS) Belgium (ELLIPS) Bosnia & Herzegovina (BIH) Bulgaria (BGN-RINGS) Canada (LVTS) Chile (Netting - LBTR) CLS Bank Croatia (HSVP)
Denmark (DDK-KRONOS) Egypt (CBE) EBA Clearing (EURO1/STEP1) ECB (TARGET) Finland (BOF) (CRI – PNS/TBF) (RTGSPlus) Ghana (GISS) Greece (HERMES) Guatemala (RTGS) Hungary (VIBER) Ireland (IRIS) Italy (BIREL) Jordan (RTGS) Kenya (KEPSS)
Kuwait (RTGS) Latvia (LVL) Luxemburg (LIPS) Malta (MARIS) Mauritius (MACSS) Namibia (NISS) Netherlands (TOP) New Zealand (AVP) Norway (NICS) Oman (RTGS) Philippines (PPS) Romania (REGIS) Slovenia (SIPS) South Africa (BOP RTGS - SAMOS)
Implementation Bahrain (RTGS) Botswana (RTGS) Central African States (BEAC) Eurosystem (TARGET2) Israel (RTGS)
Corp_present_20060927_v27.ppt
Spain (NSLBE - SLBE) Sri Lanka (LankaSettle) Sweden (RIX) Switzerland (Remote Gate) Tanzania (TISS) Thailand (BAHTNET/2) Trinidad & Tobago (SAFE-TT) Uganda (UNIS) United Kingdom (CHAPS-£ CHAPS-€ / Enquiry Link) United States (CHIPS) Venezuela (PIBC) Zambia (RTGS) Zimbabwe (ZETTS) West African States (BCEAO)
Planning/Discussion
Lesotho (RTGS) Morocco (RTGS) Pakistan (RTGS) Singapore (MEPS+) Tunisia (RTGS)
High-Value Payments
Fiji (RTGS) Georgia (RTGS) Lebanon (RTGS) Palestine (RTGS) Peru (RTGS) Russian Federation (RTGS)
Slide 12
Community and Business dimensions Heritage
• Established in 1973 by 239 banks in 15 countries • Developed shared messaging platform for financial transactions • Emphasis on security, reliability and availability
Understanding
• Serving over 7,800 financial institutions across 204 countries • Payments, Securities, Foreign Exchange, Treasury and Trade • Reducing costs, improving automation, managing risk
Neutrality
• Industry-owned community • Overseen by regulatory authorities • Impartial to the data transacted across the messaging platform
Technology
• Store and forward, file transfer, interactive query & response • Open standards • IP VPN over fibre-optic backbone
Corp_present_20060927_v27.ppt
Slide 13
SWIFT Business
and Technical Messaging Communications across the lifecycle of a financial transaction
SWIFT
does NOT provide clearing or settlement services
SWIFT
does not hold s or assets
Participants SWIFT
are responsible for their data
is neutral, apolitical and -owned
Corp_present_20060927_v27.ppt
Slide 14
Introducing SWIFT
y Sta t i n nd u ar d m m s Co
Platform
Corp_present_20060927_v27.ppt
Slide 15
Message categories 0 System messages 1 Customer transfers & cheques 2 Financial institutions transfer 3 Foreign exchange, money markets & derivatives 4 Collections & cash letters 5 Securities markets 6 Precious metals & syndications 7 Documentary credits & guarantees 8 Travellers cheques 9 Cash management & customer status
Corp_present_20060927_v27.ppt
Slide 16
Message structure
Corp_present_20060927_v27.ppt
Slide 17
SWIFTStandards development A business centric approach Business process modelling
Standards
SWIFTNet
SWIFT Corp_present_20060927_v27.ppt
Market practice
Applications Integration
Partners Slide 18
SWIFTStandards Payments market
Single Credit Transfers Exceptions & Investigations Cash Management
Cash Management
MT 9xx
MT 101
MT 9xx
Ordering customer
Corp_present_20060927_v27.ppt
MT 9xx
MT 1xx, 2xx
Exceptions & Investigations
Beneficiary customer’s financial institution
Bulk Payments (CT + DD)
Exceptions & Investigations
Cash Management
Payment Initiation (CT + DD)
Ordering customer’s financial institution
Beneficiary customer FIN-based
XML-based (under construction)
Slide 19
Introducing SWIFT
y Sta t i n nd u ar d m m s Co
Platform
Corp_present_20060927_v27.ppt
Slide 20
Single access infrastructure Applications Trade
■Payments ■Foreign Exchange ■ Securities ■ Reporting
Messaging Services ■ FIN ■ FileAct ■ InterAct ■ Browse
ABC Bank
Treasury SWIFTNet
XYZ Bank
SWIFTNet interface Payments Investigation
One platform
Lower costs
Full STP
Reduced risk
Highest level of security and resiliency
Improved liquidity management
Facilitate Compliance
Corp_present_20060927_v27.ppt
Standards
Other Bank
Any Bank Slide 21
SWIFT product stack Payments Treasury Trade Securities Standards
Rules
Messaging Services Directories and Information Services
Interfaces
Security
Resilience
Quality of service
SWIFTSolutions
SWIFTSolutions
Secure IP Network (SIPN) Corp_present_20060927_v27.ppt
Reliability
Slide 22
Identify potential risks in the following areas :
Access
to the SWIFT interface
Access
to the SWIFT network
Integrity/confidentiality Integrity
of the SWIFT messages
of the message flow
Corp_present_20060927_v27.ppt
Slide 23
SWIFT interfaces – Open and close connection to
STN/SIPN – Send messages to SWIFT – Receive messages from SWIFT – Manually enter messages – Accept messages from a back
office application – Send messages to a back office
application – Send messages to a printer
Corp_present_20060927_v27.ppt
Slide 24
SWIFT interfaces
– SWIFTAlliance Access – SWIFTAlliance Entry – MERVA/ESA – TURBO SWIFT – STELINK – MINT – FASTWIRE – BESS – NOVA SWIFT – ...
Corp_present_20060927_v27.ppt
Slide 25
Connecting to SWIFTNet Many ways of implementing… Messaging Layer
Business Layer
Back Office application
SWIFTNet Services
Middleware
Messaging interfaces
Back Office application
Back Office application
Communication Layer
Communication Interfaces
VPN box
SWIFTNet
Middleware
Back Office application
Back Office application
…….
Corp_present_20060927_v27.ppt
Your counterparty
Slide 26
SWIFTAlliance interface Application Layer
Middleware Layer
Messaging Layer
SWIFTAlliance Access (SAA) SWIFTAlliance Entry (SAE)
You
Corp_present_20060927_v27.ppt
Communication Layer
SWIFTNet Services
SWIFTAlliance Gateway (SAG) SWIFTAlliance Starter Set (SAS)
VPN box
SWIFTNet
Your counterparty
Slide 27
g on to the SWIFT interface
Corp_present_20060927_v27.ppt
Slide 28
s Initialisation Master
✓
s documents available ?
✓
Access to s documents ?
Corp_present_20060927_v27.ppt
Slide 29
s of the SWIFT interface Anonymous
names vs Personal operator names Are
all operators still using the interface?
Corp_present_20060927_v27.ppt
Slide 30
Enabling an operator Automatic
enabled when approved by both LSO and RSO
Corp_present_20060927_v27.ppt
Slide 31
Disabling an operator Automatic
after too many wrong s
Manually
by LSO, RSO or anybody with disabling permission
Corp_present_20060927_v27.ppt
Slide 32
Security parameters List
of configuration parameters
– e.g. period, max # of bad s… only
visible by LSO and RSO
Corp_present_20060927_v27.ppt
Slide 33
SWIFTAlliance: Segregation of duties
Creation
Verification
Authorisation
Approval Modification
Corp_present_20060927_v27.ppt
Slide 34
Profiles Each
operator has minimum one profile
a
profile defines the applications, functions and permissions for one or more operators
one
profile can be given to several operators
if
permissions change, then the operators are disabled. LSO and RSO must re-approve these operators
Corp_present_20060927_v27.ppt
Slide 35
Profile details A
profile has 3 levels
– applications – functions – permissions
Corp_present_20060927_v27.ppt
Slide 36
Permission details Prohibited
nothing = no restrictions
Allowed
are all MTs starting with 1, 2 and 9
SWIFT
FIN system MTs not allowed
Corp_present_20060927_v27.ppt
Slide 37
What to check in a profile? Access
control
Message
Creation and Modification
Message
Approval
Message
File
Security
Definition
Corp_present_20060927_v27.ppt
Slide 38
Identify potential risks in the following areas :
Access
to the SWIFT interface
Access
to the SWIFT network
Integrity/confidentiality Integrity
of the SWIFT messages
of the message flow
Corp_present_20060927_v27.ppt
Slide 39
SWIFT’s Secure IP Network (SIPN) Customer
Swift
Network Partner
Network Partner 1
VPN box Customer
Swift
VPN box
POP
M-E
IPsec tunnels provide end-to-end protection through the ‘untrusted’ vendor IP networks
Network Partner 2
SIPN Backbone Network OPCs
SIPN Access Network
Backbone Access Points
SIPN Corp_present_20060927_v27.ppt
Slide 40
Security equipment needed to connect to FIN Card
readers
Integrated
Circuit Cards (ICCs)
Bank A
Corp_present_20060927 _v27 .ppt
Bank B
Slide 4 4
Secure Card Reader (SCR) Functions
related to BKE and SLS services
Configuring
and managing ICCs
PIN
updates
SCR
configuration
Corp_present_20060927_v27.ppt
Slide 42
Integrated Circuit Card (ICC) contains
functional elements of microcomputer
embedded works
chip within the card
only when inserted into card reader
protected unique
by 1 or 2 PINs
reference = SWIFT Card Number (SCN)
Corp_present_20060927_v27.ppt
Slide 43
Connecting to the SWIFT network Secure and Select (SLS)
FIN
APC SELECT LTC
Corp_present_20060927_v27.ppt
Slide 44
Manual and Select Insert
ICC in the card reader
use
the CBT to send and Select to SWIFT
Corp_present_20060927_v27.ppt
Slide 45
Automated and Select No
operator intervention
ICC must be in card reader on and Select
or
Session Keys must have been ed in advance
Corp_present_20060927_v27.ppt
Slide 46
Disconnecting from the SWIFT network
FIN
APC
QUIT
LTC
Corp_present_20060927_v27.ppt
Slide 47
SWIFTNet FIN Phase 2 PKI: FIN Access control PKI: End-2-end security RMA: Relationship mgt.
SWIFTNet PKI
PKI HSM
SWIFTNet FIN interface
Corp_present_20060927_v27.ppt
PKI
FIN PKI
PKI
HSM
SWIFTNet FIN interface
Slide 48
Identify potential risks in the following areas :
Access
to the SWIFT interface
Access
to the SWIFT network
Integrity/confidentiality Integrity
of the SWIFT messages
of the message flow
Corp_present_20060927_v27.ppt
Slide 49
Authentication applied
on -to- messages
assures
identity of sender
integrity
of message text
mandatory
Corp_present_20060927_v27.ppt
for most message types
Slide 50
Authenticator keys : what to check? Keys Still
regularly changed ?
correspondent relationship ?
Keys
securely stored ?
Procedure
for unsuccessful BKE ?
Procedure
for messages that failed authentication?
Corp_present_20060927_v27.ppt
Slide 51
Local Authentication authentication
between back-office application and SWIFT interface
Corp_present_20060927_v27.ppt
Slide 52
Integrity of the message flow : session numbers
FIN
1281 APC
Select
1265 LTC
Corp_present_20060927_v27.ppt
Slide 53
Sequence numbers 472136 Input Sequence Number
327185 Output Sequence Number
Corp_present_20060927_v27.ppt
Slide 54
Message Input Reference (MIR)
031020ABNKBEBBAXXX0142123456 input date
Corp_present_20060927_v27.ppt
sender’s address
input input session sequence number number
Slide 55
Message Output Reference (MOR)
031020ABNKBEBBAXXX0142654321 output date
Corp_present_20060927_v27.ppt
output output receiver’s address session sequence number number
Slide 56
Routing in the SWIFT interface
printer 1
printer 2
application
Corp_present_20060927_v27.ppt
Slide 57
Routing in the SWIFT interface Are
all messages ed for ?
Are
all the messages routed to the right place ?
Is
there any specific routing for received messages with PDE or PDM trailer ?
Corp_present_20060927_v27.ppt
Slide 58
Interface/Network Audit Trails
Corp_present_20060927_v27.ppt
Slide 59
Message File keeps
copy of all messages
status
and history of messages can be checked
Corp_present_20060927_v27.ppt
Slide 60
Identification of a message : UUMID (Unique)
Message Identifier
IBNPAFRPPXXX202TR7823689
input/output message
MT
sender’s reference
correspondent
Corp_present_20060927_v27.ppt
Slide 61
Event Journal events
in the SWIFT interface actions initiated by the software or actions by s
Corp_present_20060927_v27.ppt
Slide 62
Search function in Event Journal Search
on
– date and time – class and severity – operator – description of the event
Corp_present_20060927_v27.ppt
Slide 63
MT 081 Daily Check Report lists
number of messages sent and received for all APC or FIN sessions closed since previous MT 081 daily at approximately midnight local time, provided APC and FIN are closed
FIN 081
APC 081
generated
Corp_present_20060927_v27.ppt
LTC
Slide 64
MT 082 Undelivered Message Report received
from SWIFT every day
lists
all undelivered messages at generation time : messages sent by your institution but not yet received by your correspondent
082
Corp_present_20060927_v27.ppt
Slide 65
tion
Example of an auditor’s profile Applications
Functions
Permissions
Access Control
Signon
Applic. Interface
Open/Print Partner First part Local Aut Key = Yes
BK Management
Open/Print Communicating Pair (pre-agree/keys) Access : Prohibited nothing
Event Journal
-
Message File
Search
Start and End time
Completely hide messages of other units=No
Corp_present_20060927_v27.ppt
Slide 66
Making financial messaging safer and less costly
Corp_present_20060927_v27.ppt
Slide 67
Related Documents 3h463d
Swift Infrastructure 2j1b
December 2019 43
Physical Infrastructure 1q3k5p
July 2022 0
Swift Errors 1q1j53
December 2019 65
Swift Shader 1d5k3p
April 2023 0
Leggere Swift 39371v
August 2021 0
Swift Implementing_your_project_standards_mt_migration_guide.pdf 2m321b
December 2019 32More Documents from "Arvind Chaudhary" 5cc4t
Swift Infrastructure 2j1b
December 2019 43
Managerial Economics_ 6 Basic Principles Of Managerial Economics - Explained! 51x50
November 2019 67
Myrinet 2e4o31
November 2021 0
C-ran Brief Introduction.ppt 113hp
June 2020 4
Hitachi Command Control Interface (cci) Quick Reference Guide t2d4e
December 2019 89