If you can't read please download the document
Upload
rishabh-dangwal
View
5.821
Download
2
Embed Size (px)
Citation preview
SwiftNETThe high level overview you always wanted.
Rishabh DangwalConsultant, KPMG Cyber Security
www.theprohack.com | Twitter : @prohack | [email protected]
Agenda
Understanding SwiftNET Introduction Organizational Structure Partners
SwiftNET Messaging Architecture Services SwiftNET Modules
FIN InterACT FileACT Browse
SwiftNET Ancient Architecture
SwiftNET Contemporary Architecture
Introduction
Society for Worldwide Interbank Financial Telecommunications.
Formed because TELEX (& older systems) lacked speed, security & were cumbersome.
Started with 230 banks in 5 countries, now used by 10000 institutions in 212 countries.
Its ancient network was replaced with packet switched network X.25, which again was migrated to IP network (SwiftNET)
24 million daily messages comprising of 48% of payment messages 46% of securities messages & Remainder treasury, trade and system messages.
SWIFT takes full liability for each message once they have accepted it.
99.999 % reliability (YAY!)
SWIFT operates a number of services, primarily: General Purpose Application Financial Application
Initial Objective: To create a central point for the passing of secure and standardized messages coming from banks that are mainly interested in payment messages.
Today over 200 different SWIFT messages exist, including Credit and Debit Instructions Buy and Sell Orders Documentary Credits Collections, Guarantees, interbank transfers etc.
Introduction Cont..
Additionally, SWIFT provides a number of services* that are charged for over and above the normal fees. A few of these are:
IFT (Interbank File Transfer) ACCORD Directory Services RTGS
Users are charged on the character length (unit lengths of 325, 750, or 1950) or by message type.
The charges also vary depending on volume tier.
Introduction Cont..
courtesy of Swift.com
SwiftNET Organizational Structure
SwiftNET Partners
Business partnersOver the years SWIFT has built a network of external partner companies who act in selected countries or regions on SWIFT's behalf, called SWIFT business partners.
North America: S.I.D.E. America Corp, Middle East & Gulf Region: Eastern Networks Dubai, Balkan countries: CiS d.o.o. Serbia & Montenegro. Etc.
Network partnersSWIFT has adopted a multi-vendor model for its secure IP network (SIPN). The new architecture uses state-of-the-art security and ensures highest resilience and lowest risk. The key aspect of this architecture is the co-existence of multiple IP network partners.
SWIFT uses four network partners, each with a standard offering of managed IP-VPN services
AT&T BT Infonet Colt Telecom Orange Business Services
SwiftNET offers four modules or messaging services:
SwiftNET FIN Standard store & forward messaging for single instructions
SwiftNET Interact Interactive message exchange between two parties
SwiftNET FileACT Interactive exchange of files between two parties
SwiftNET Browse Provides https-based access to visual content on webservers from desktops
SwiftNET Services
Bank ACBS Swift Interface
Bank BCBS Swift Interface
Central Swift Interface
Information & Control Module (ICM)
SwiftFIN
S W I F T N E T
FIN Copy
FileACTReal time reporting
SwiftNET BrowseVisualization of
Information
InterACTReal time cash reporting
SwiftNET Messaging Architecture
Enables the exchange of messages with the traditional SWIFT MT standards.
MT is short for Message Type and all SWIFT messages start with MT.
This is then followed by a 3 digit number.
The first digit represents the Category. A category denotes messages grouped together because they all relate to particular financial instruments or services.
Group Messages:
MT0nn System Messages
MT1nn Customer Payments
MT2nn Financial Institution Transfers
MT3nn FX, Money Market & Derivatives
MT4nn Collections and cash letters
MT5nn Securities Markets
MT6nn Precious Metals & Syndications /GOLD
MT7nn Documentary Credits & Guarantees
MT8nn Travellers Cheques
MT9nn Cash Management & Customer Status
SwiftNET FIN
The second digit represents the Group denoting that the messages are related to similar parts of a transaction's lifecycle.
MT200 Financial Institution Transfer, Own Account MT202 Financial Institution Transfer, Third Party MT521 Receive (Securities) Against Payment MT523 Deliver (Securities) Against Payment
The last digit is the Type and denotes the individual message. There are several hundred message types across the categories in total. A special subset of Messages is known as the Common Group because the last two digits represent the same message in each category
MTn99 Free format MT299 Free format relating to transfers MT599 Free format relating to securities MT999 General free format
SwiftNET FIN Cont..
1. Payment Instruction (Swift Code : MT103, 103+, 202,204*)
2. Settlement request (Swift Code : MT096)
3. Settlement response (Swift Code: MT097)
4. Approved / Settled. Payment Instruction received
5. Sender / receiver notification and reporting (Swift Code : MT012, MT019, MT900, MT910, MT940, MT950 )
SWIFT Interface
SwiftNET FINPaymentorderY Copy
1
2
4
5
3
Bank A
5
Bank B
SwiftNET FIN Cont..
SwiftNET InterAct Q& R: interactive exchange of information for messages that are time-critical and need an instant response
New message types will be introduced as ISO XML messages for SwiftNET InterAct : cash management standards
Access to the web server through SwiftNET Interact:
Managing the payments queue
Liquidity management
Management of reservation and limits
SwiftNET InterACT
Authenticity, integrity, confidentiality, non-repudiation.
Flexible central routing.
Any type of file up to 250Mb, compression supported.
Store & Forward mode : Typically used to reach a large number of counterparties.
Realtime Mode : Happens for direct person to application transactions.
Bank A Bank B
Realtime Initiate File Transfer
Realtime Transfer Files
Optional File Delivery Notification
FileACT
SwiftNET FileACT
Secured with SwiftNET PKI (managed certificates)
Encryption, authentication and integrity control
Non-repudiation
Closed user group control
SIPN
SwiftNET FileACT Cont..
SwiftNET Browse enables secure browser-based access (over SIPN) from an operator using a standard browser and SWIFT Alliance WebStation to a service providers web server
Also, it allows to initiate InterAct or FileAct exchanges via a secure browser link. Through this, sensitive data as per security & reliability norms of SwiftNET, while preserving the benefits of a browser-based environment.
Bank AAlliance Workstation
SwiftNETService Provider Server
BROWSE
HTTPS authenticates System of End user
InterACT / FileACT authenticates end user using
SwiftNET PKI certificates
SwiftNET Browse
HLD courtesy of Swift.com
SwiftNET Architecture : Ancient Network
HLD courtesy of Swift.com
SwiftNET Architecture : SwiftNET
Questions?SuperZAP me at [email protected]
Thank You!
Rishabh DangwalConsultant, KPMG Cyber Security
www.theprohack.com | Twitter : @prohack | [email protected]
SwiftNETAgendaIntroductionIntroduction Cont..Introduction Cont..SwiftNET Organizational StructureSwiftNET PartnersSwiftNET ServicesSwiftNET Messaging ArchitectureSlide Number 10Slide Number 11Slide Number 12Slide Number 13Slide Number 14Slide Number 15Slide Number 16Slide Number 17Slide Number 18Questions?Thank You!