SWIFT BANKING

SWIFT stands for the Society for Worldwide Inter-bank Financial Telecommunication. It is a
network that financial institutions use to securely transmit information and instructions through a
standardized system of codes.
SWIFT does not transfer funds, but rather sends payment orders that must be settled by
correspondent accounts that the institutions have with each other. Each transaction is categorized by
a unique code to specify the type of transaction being executed.
How it works:
1. When a bank initiates a transaction, it sends a message via SWIFT to the recipient bank. The
message includes payment instructions.
2. The message is received and processed by SWIFT, which then securely sends the message to
the recipient bank.
3. Upon receiving the message, the recipient bank carries out the instructions provided. This
could be a request to transfer funds, a notice of a deposit, or any other type of financial
transaction.
SWIFT messages are securely sent and received because each bank has a unique identification code.
This ensures that the financial transactions are conducted between the right parties.
SWIFT is used by more than 11,000 financial institutions in over 200 countries around the world. It
is the standard for financial transactions and is used to transmit billions of messages each year.
As of the available information cut-off in September 2021, SWIFT is constantly updating its
systems and protocols to ensure the security and efficiency of the transactions. This involves both
software and hardware updates, as well as adherence to various international regulations regarding
financial transactions.
SWIFT (Society for Worldwide Inter-bank Financial Telecommunication) is a member-owned
cooperative that provides safe and secure financial transactions for its members, including banks,
market infrastructures, and businesses. It was founded in 1973 with the goal of creating a shared
worldwide data processing and communications link, as well as a common language for
international financial transactions.
Its services are designed to facilitate standardized and reliable communication between financial
institutions. This includes:

1. Messaging Services: SWIFT is best known for its secure messaging services. It provides a
network that enables financial institutions worldwide to send and receive information about
financial transactions in a secure, standardized, and reliable environment. These messages
typically include payment instructions for transactions like money transfers.

2. Software and Services: Beyond just messaging, SWIFT also provides software and services
to help financial institutions with tasks like compliance, analytics, and managing their
communications infrastructure.
 3. Standards Development: SWIFT has a role in developing standards for financial
communications. These standards ensure that all messages sent over the SWIFT network
follow a common format and thus can be understood by all participants.
The core of SWIFT's operations is the SWIFTNet Network, which is used to transmit messages
using the SWIFT protocol. This protocol is a standard for syntax in financial messages. Messages
sent over the SWIFT network are divided into five blocks, each containing different types of
information, including the details of the sending and receiving banks, transaction amount, and
transaction type.
It's important to understand that SWIFT itself does not hold accounts for its members nor does it
perform any form of clearing or settlement. Instead, it provides a secure and reliable system for
sending and receiving payment orders. Actual transfer of funds is conducted over correspondent
banking relationships, typically in the form of Nostro and Vostro accounts.
SWIFT codes, also known as BIC (Bank Identifier Codes), are a key part of how the system
functions. A SWIFT code is an 8-11 character code that identifies a particular financial institution.
The code is composed of a 4-character bank code, a 2-character country code, a 2-character location
code, and an optional 3-character branch code.
SWIFT's security and reliability have been critical to its widespread adoption. However, the system
has not been without its controversies and criticisms, including its role in facilitating financial crime
and the potential for surveillance of the SWIFT network by intelligence agencies. Despite these
issues, SWIFT remains the standard for international financial transactions.
Due to these insecurities, cybersecurity is a critical concern for financial institutions worldwide, and
banks in Uganda, such as Stanbic bank, Centenary Rural Development Bank, Bank of Baroda,
DFCU Bank among many others are no exception. Cyberattacks on banks can have severe
consequences, including financial losses, damage to the reputation of the institution, and erosion of
customer trust. Hackers employ various techniques to exploit vulnerabilities in the banks' systems,
and their tactics evolve continuously, making it an ongoing challenge to defend against these
threats.
Some notable cyberattacks on banks in Uganda include:
1. Stanbic Bank Uganda
Unidentified hackers broke into the systems of Pegasus Technologies, a company that
integrates mobile money transactions between telcos, banks, and other local, regional and
international money transfer services, making off with a yet to be known sum, but said to be
in billions of Shillings. This follows the cyber-attack on telecoms (MTN and Airtel).
In a joint statement released on, Anne Juuko, Wim Vanhelleputte, and VG Somasekhar, the CEOs
of, MTN Uganda, and Airtel Uganda respectively, admitted there was an "incident", but did not give
details.
MTN Uganda and Airtel Uganda inform the public and their customers, a third-party service
provider experienced a system incident which impacted Bank to Mobile Money transactions. All
Bank to Mobile Money/Wallet services had to be temporarily suspended. However this system
incident had no impact on any balances on both Bank and Mobile Money accounts as stated by the
technical teams that analyzed the incident and restored services as soon as possible.
Though a source at one of the affected companies, told reporters that hackers broke into the system
of Pegasus Technologies who handles MTN to Airtel and Airtel to MTN transactions as well as the
respective telcos to bank payments on Thursday night. Pegasus also handles Flexipay, a cashless
solution that allows the bank's customers to pay for goods and services via mobile money.
"The Hack started on Thursday night, and went on undetected until Saturday. By this time, hackers
had sent themselves almost UGX1.3 billion but had managed to withdraw UGX900 million from
Airtel Money. We estimate MTN also lost almost twice the same amount of money since they are
mobile money leaders. When the fraud was detected all transactions going through Pegasus
Technologies, were suspended," said the source.
2.Multiple Banks (2018)
In 2018 hackers targeted several banks in Uganda, including the Bank of Africa, DFCU Bank, and
Centenary Bank. These attacks were believed to be part of a coordinated effort, demonstrated the
vulnerability of financial institutions to cyber threats. The exact details of each attack might differ,
but they typically involved unauthorized access to the banks' systems to perform fraudulent
transactions, often resulting in significant financial losses.
Cyberattacks against banks can take various forms, such as:
1. Phishing: This is a social engineering attack where hackers trick bank employees or
customers into providing sensitive information or credentials through seemingly legitimate
emails or websites.
2. Malicious software, such as viruses or ransomware, can be used to infiltrate a bank's systems
to steal data, disrupt operations, or extort money by encrypting data and demanding a
ransom for its release.
3. DDOS: these attacks involve overwhelming a bank's systems with excessive traffic, causing
them to crash and disrupt services.
4. APTs: these sophisticated, targeted attacks typically involve hackers gaining unauthorized
access to a bank's systems and remaining undetected for an extended period while gathering
information or performing other malicious activities.
These cyberattacks underscored the urgency for banks in Uganda and around the world to bolster
their cybersecurity measures. Given the ever-evolving nature of cyber threats, this is not a one-time
effort but a continuous process that involves:
1. Risk assessment: Regular evaluations to identify potential vulnerabilities in the banks'
systems and operations.
2. Employ training: Ensuring all staff members understand their role in maintaining security,
including recognizing potential phishing attempts and adhering to best practices for
password management.
3. Implementing robust antivirus software, firewalls, encryption, intrusion detection systems,
and other security technologies.
4. Establishing clear procedures to respond to and recover from cyberattacks, including
communication strategies to inform customers, staff, and regulators.
 5. Adhering to all relevant regulations and standards pertaining to cybersecurity in the banking
sector.
The increasing digitalization of banking services, while providing numerous benefits, also opens
new avenues for potential attacks. This emphasizes the need for banks to prioritize cybersecurity
and take proactive measures to protect their systems, financial assets, and customer data against
potential cyber threats.