An introduction to SwiftNET
5 likes17,335 views
SwiftNET is a messaging network owned and operated by the Society for Worldwide Interbank Financial Telecommunications (SWIFT). It allows financial institutions to securely transmit standardized financial messages. The network has transitioned from using older telecommunication systems to a packet switched network and now uses a secure IP network architecture with multiple vendors. SwiftNET provides four core messaging services - FIN for payment messages, InterACT for interactive exchanges, FileACT for file transfers, and Browse for secure web access.
An introduction to SwiftNET
- 1. SwiftNETThe high level overview you always wanted. Rishabh Dangwal Consultant, KPMG Cyber Security www.theprohack.com | Twitter : @prohack | admin@theprohack.com
- 2. Agenda Understanding SwiftNET Introduction Organizational Structure Partners SwiftNET Messaging Architecture Services SwiftNET Modules FIN InterACT FileACT Browse SwiftNET Ancient Architecture SwiftNET Contemporary Architecture
- 3. Introduction • Society for Worldwide Interbank Financial Telecommunications. Formed because TELEX (& older systems) lacked speed, security & were cumbersome. Started with 230 banks in 5 countries, now used by 10000 institutions in 212 countries. Its ancient network was replaced with packet switched network X.25, which again was migrated to IP network (SwiftNET) 24 million daily messages comprising of 48% of payment messages 46% of securities messages & Remainder treasury, trade and system messages. SWIFT takes full liability for each message once they have accepted it. 99.999 % reliability (YAY!)
- 4. SWIFT operates a number of services, primarily: General Purpose Application Financial Application Initial Objective: To create a central point for the passing of secure and standardized messages coming from banks that are mainly interested in payment messages. Today over 200 different SWIFT messages exist, including – Credit and Debit Instructions Buy and Sell Orders Documentary Credits Collections, Guarantees, interbank transfers etc. Introduction Cont..
- 5. Additionally, SWIFT provides a number of services* that are charged for over and above the normal fees. A few of these are: IFT (Interbank File Transfer) ACCORD Directory Services RTGS Users are charged on the character length (unit lengths of 325, 750, or 1950) or by message type. The charges also vary depending on volume tier. *more on this later Introduction Cont..
- 6. courtesy of Swift.com SwiftNET Organizational Structure
- 7. SwiftNET Partners Business partners Over the years SWIFT has built a network of external partner companies who act in selected countries or regions on SWIFT's behalf, called SWIFT business partners. North America: S.I.D.E. America Corp, Middle East & Gulf Region: Eastern Networks Dubai, Balkan countries: CiS d.o.o. Serbia & Montenegro. Etc. Network partners SWIFT has adopted a multi-vendor model for its secure IP network (SIPN). The new architecture uses state-of-the-art security and ensures highest resilience and lowest risk. The key aspect of this architecture is the co-existence of multiple IP network partners. SWIFT uses four network partners, each with a standard offering of managed IP-VPN services AT&T BT Infonet Colt Telecom Orange Business Services
- 8. SwiftNET offers four modules or messaging services: SwiftNET FIN – Standard store & forward messaging for single instructions SwiftNET Interact – Interactive message exchange between two parties SwiftNET FileACT – Interactive exchange of files between two parties SwiftNET Browse – Provides https-based access to visual content on webservers from desktops SwiftNET Services
- 9. Bank A CBS – Swift Interface Bank B CBS – Swift Interface Central Swift Interface Information & Control Module (ICM) SwiftFIN S W I F T N E T FIN Copy FileACT Real time reporting SwiftNET Browse Visualization of Information InterACT Real time cash reporting SwiftNET Messaging Architecture
- 10. Enables the exchange of messages with the traditional SWIFT MT standards. MT is short for “Message Type” and all SWIFT messages start with MT. This is then followed by a 3 digit number. The first digit represents the Category. A category denotes messages grouped together because they all relate to particular financial instruments or services. Group Messages: MT0nn System Messages MT1nn Customer Payments MT2nn Financial Institution Transfers MT3nn FX, Money Market & Derivatives MT4nn Collections and cash letters MT5nn Securities Markets MT6nn Precious Metals & Syndications /GOLD MT7nn Documentary Credits & Guarantees MT8nn Travellers Cheques MT9nn Cash Management & Customer Status SwiftNET FIN
- 11. The second digit represents the Group denoting that the messages are related to similar parts of a transaction's lifecycle. MT200 Financial Institution Transfer, Own Account MT202 Financial Institution Transfer, Third Party MT521 Receive (Securities) Against Payment MT523 Deliver (Securities) Against Payment The last digit is the Type and denotes the individual message. There are several hundred message types across the categories in total. A special subset of Messages is known as the Common Group because the last two digits represent the same message in each category MTn99 Free format MT299 Free format relating to transfers MT599 Free format relating to securities MT999 General free format SwiftNET FIN Cont..
- 12. 1. Payment Instruction (Swift Code : MT103, 103+, 202,204*) 2. Settlement request (Swift Code : MT096) 3. Settlement response (Swift Code: MT097) 4. Approved / Settled. Payment Instruction received 5. Sender / receiver notification and reporting (Swift Code : MT012, MT019, MT900, MT910, MT940, MT950 ) SWIFT Interface SwiftNET FIN Payment order Y Copy 1 2 4 5 3 Bank A 5 Bank B SwiftNET FIN Cont..
- 13. SwiftNET InterAct Q& R: interactive exchange of information for messages that are time-critical and need an instant response New message types will be introduced as ISO XML messages for SwiftNET InterAct : cash management standards Access to the web server through SwiftNET Interact: Managing the payments queue Liquidity management Management of reservation and limits SwiftNET InterACT
- 14. Authenticity, integrity, confidentiality, non-repudiation. Flexible central routing. Any type of file up to 250Mb, compression supported. Store & Forward mode : Typically used to reach a large number of counterparties. Realtime Mode : Happens for direct person to application transactions. Bank A Bank B Realtime Initiate File Transfer Realtime Transfer Files Optional File Delivery Notification FileACT SwiftNET FileACT
- 15. Secured with SwiftNET PKI (managed certificates) Encryption, authentication and integrity control Non-repudiation Closed user group control SIPN SwiftNET FileACT Cont..
- 16. SwiftNET Browse enables secure browser-based access (over SIPN) from an operator using a standard browser and SWIFT Alliance WebStation to a service provider’s web server Also, it allows to initiate InterAct or FileAct exchanges via a secure browser link. Through this, sensitive data as per security & reliability norms of SwiftNET, while preserving the benefits of a browser-based environment. Bank A Alliance Workstation SwiftNET Service Provider Server BROWSE HTTPS authenticates System of End user InterACT / FileACT authenticates end user using SwiftNET PKI certificates SwiftNET Browse
- 17. HLD courtesy of Swift.com SwiftNET Architecture : Ancient Network
- 18. HLD courtesy of Swift.com SwiftNET Architecture : SwiftNET
- 19. Questions?SuperZAP me at admin@theprohack.com
- 20. Thank You! Rishabh Dangwal Consultant, KPMG Cyber Security www.theprohack.com | Twitter : @prohack | admin@theprohack.com