The financial sector is a favoured target for cybercriminals across the globe. In fact, according to the Accenture Security analysis, there was a 125% year-on-year increase in cyber–attacks in 2021, with banking being the target of 10% of all incidents.
Cyber-attacks are becoming more sophisticated and financial institutions must protect their customers and environment from these threats. That is why the SWIFT CSP was created in 2017 along with the Customer Security Control Framework (CSCF).
CSP at a Glance
CSP stands for Customer Security Programme and has the goal to help financial institutions strengthen their defenses against cyber fraud and protect the integrity of the SWIFT network. Inside the CSP you will find the Customer Security Control Framework (CSCF), which contains a series of mandatory and recommended security controls for any financial organization that utilizes SWIFT’s services.
Every July, SWIFT releases an updated version of the CSCF and as of 2021 your attestation needs to be supported by an independent assessment that can be completed by an independent internal or external assessor. All SWIFT members are required to submit their SWIFT CSP attestation by December 31st.
The Risks of Not Being Compliant with the CSP
In the case that a SWIFT member does not comply with the SWIFT CSP, SWIFT holds the right to report the non-compliance directly to other SWIFT members and local government authorities. Not only can this directly compromise your business operations but it can also cause severe damage to your business reputation.
In addition to the SWIFT CSCF, SWIFT has also created an Information Sharing and Analysis Centre (SWIFT ISAC), where you have access to the different cyber-security threats reported by financial institutions around the world.
One of the latest vulnerabilities reported is the reply chain phishing campaigns, a particular phishing technique in which the attacker hijacks legitimate email correspondence chains to insert a phishing email into an existing email conversation.
👉 We recommend that you always keep yourself updated about the reports on this portal to better defend your institution against potential future cyber-attacks.
How DiXiO Can Help You as an Independent Assessor
Enabling DiXiO as your SWIFT CSP service provider to conduct your assessment can lead to several benefits for your institution.
Thanks to our practical methodology we are able to significantly reduce the burden of performing an annual CSP assessment. Your team will only be contacted when absolutely necessary and we will also provide you with guidance and best practices tailored to your institution’s environment. Alongside the mentioned, we will also educate and empower your team so they can become more independent.
Our experts will be by your side during every step of your SWIFT attestation journey. We work with our clients as true business partners, not just as auditors.
DiXiO’s experts have extensive experience conducting CSP assessments for clients all over the world, which has allowed us to improve our knowledge and methodology to help you go through all mandatory and recommended security controls with minimum effort.
DiXiO is a company of SWIFT & Financial Messaging Experts operating in more than 50 countries. In recent years, DiXiO has established itself as the reference in the Financial Messaging industry and was registered as an official SWIFT agent.
The Customer Framework for 2023 has already been released. Looking for an independent advisor to help your institution? Contact us!