What is SWIFT CSP 2022?
SWIFT (Society for Worldwide Interbank Financial Telecommunication) is a network that allows financial institutions to communicate and receive information on financial transactions in a safe and dependable environment. The SWIFT Customer Security Program (CSP) focuses on identifying and preventing suspicious activity via a collection of mandated security controls, initiatives, and product features.
SWIFT has implemented many updates to the Customer Security Programme (CSP) and Customer Security Controls Framework in 2021. (CSCF). The modifications to the SWIFT CSP service are an ongoing effort to guard against assaults and fraudulent financial operations. The SWIFT CSP is a cybersecurity barricade around the banking sector in response to multiple cyber heists.
Due to the importance and breadth of the SWIFT infrastructure, it has long been a target for criminals in the financial industry. As a result of technology improvements, attackers now exploit even the most basic flaws in organisational systems. SWIFT CSP 2022 intends to ensure the security and sturdiness of the financial sector by implementing a yearly-increasing direction that is a healthy solution to the problem.
Customer Security Controls Framework (CSCF): A Brief History
The Customer Security Controls Framework (CSCF) is constantly evolving. In a few years, the number of controls has increased from 27 in 2017 to 31 in 2021. Over the years, there has been a notable increase in the number of obligatory controls. 18 months are allotted to organisations for comprehending and implementing any modifications to the framework.
The most recent version of CSCF introduced was in 2020, and organisations are expected to comply with the new standards by the end of 2021. The CSCF change management has recommended a ‘Phased Approach’ for adopting its most recent improvements to the framework: new obligatory controls or scope expansions are initially presented as advisory controls, followed by changes to controls that become mandatory.
A further insight into the continuous updating component of CSCF is that an increasing number of advisory controls will soon become necessary, and companies will need to be prepared to test and apply these controls. If you follow the security controls before they get implemented, it will help you develop the maturity and attitude you need. In addition, it may assist companies in avoiding nonconformities and noncompliances.
Updates for 2022: SWIFT CSCF
SWIFT released the most recent version of CSCF for the second half of 2022. This is the futuristic perspective that the 2022 upgrade will implement.
- The most important change is the transformation of the ‘Transaction Business Controls’ from advisory to mandatory. This action is intended to reduce fraudulent financial losses.
- A further upgrade accompanies the introduction of a new advisory control – Customer Environment Protection – which ensures the security of the customer environment and customer-related goods.
- There is an expansion in the control scope for;
- Software integrity is now an advisory for architecture A4.
- Likewise, Operating System Privileged Account Control is now recommended for systems with architecture B and general-purpose operators.
In addition to the above, there are minor modifications to security controls such as Internet Data Flow Security, Customer Environment Protection, Back Office Data Flow Security, Password Policies, Vulnerability Scanning, Multi-Factor Authentication, Token Management, Access Control, Staff screening, Incident Planning, Logging, and Security Training & Awareness. By the beginning of 2022, we will have a comprehensive understanding of this via our tech blogs.
Axletree can assist in complying with CSP by using our technology and cyber-security knowledge and solutions to safeguard their revenues and reputations. Our assessment models can be modified to begin with a fundamental evaluation of SWIFT CSP certification and controls which go all the way to assisting with remedial efforts, if required.
June 29, 2022
