Fraud detection on SWIFT messages without the need to configure rules

The Central Bank in Bangladesh theft

Bank heists used to involve guns, dynamite and a bag for the swag. Not anymore. Today, thieves are getting away with millions using just zeros and ones; they are hacking their way in. Among the biggest and most sophisticated was the successful theft of $81m from the Central Bank of Bangladesh in 2016, using the SWIFT network and local infrastructure.

SWIFT Customer Security Program CSP

In response, SWIFT has drawn up the SWIFT Customer Security Program (CSP). A mandatory set of security controls that must be implemented by all SWIFT members. In order to be compliant, financial institutions must prevent and detect fraud in commercial relationships and continuously share information and collaborate to better prepare for future cyber-attacks.

SWIFT CSP mandatory controls related to the first line of defense cannot cope with the high-profile and high-cost cyber heists. Advanced transaction monitoring related to SWIFT messages is needed to help financial institutions meet SWIFT CSP requirements.

Real-time fraud prevention with flexible action settings

Abnormal or suspicious SWIFT messages are detected in real time; flexible action settings provide alert-only, block, release or reject options.

No configuration needed. It just learns

The solution is learning from the past one year of SWIFT messages. While fraudsters constantly change their behavior to avoid detection, real customers and correspondent banks form habits. By learning these habits and building up customer and correspondent bank profiles we can quickly spot suspicious activity.

Detection of new fraud type using a smarter AI

Powered by machine learning technology, Fraud Detection for SWIFT messages, continuously learns about instruction-party behavior. Due to the focus on anomalies, new cyber fraud threats are detected without the need to reconfigure the system.

Discover how NetGuardians developed a smarter AI technology to overcome overfitting. Through managed learning, we enable our anti-fraud solution to recognize new banking fraud types from just the few existing fraud cases from a bank’s transaction history. We achieve this through a unique combination of 11 unsupervised and supervised machine-learning techniques.

Less payment to block

Machine-learning-based solution learns about instruction-party patterns over time and identifies only high-risk messages such as new counterparties, currencies and unusual payment times. This results in a significant reduction in false positives and fraud investigation time.

“Experience with users of NetGuardians’ software demonstrates that this approach will result in the system typically blocking up to 0.1 percent of total payment volumes, while in retail banking the upper limit can be as low as 0.05 percent of payments.”

Augmented intelligence

  • NG|Screener – Dashboard eBanking

  • NG|CaseManager – Hit details

Human intelligence is complemented by machine-learning technology to effectively flag anomalous SWIFT messages. An informative and integrated case manager provides contextual information about alerts and allows workflows. Forensic tools are intuitive and easy to use for rapid suspect-transaction investigation.


Financial institutions opting to use NetGuardians’ Fraud Prevention for SWIFT become part of a growing community that shares its vast knowledge and experience of fighting fraud.

Transaction monitoring and no-effort detection of anomalous activity on SWIFT messages

NetGuardians’ Fraud Detection for SWIFT messages, enables financial institutions to identify and stop fraudulent transaction messages before they are released to the SWIFT network, in real time. Powered by NetGuardians’ machine learning and augmented intelligence technology, the solution automatically learns from SWIFT MT 101, 103 and 202COV messages and captures unusual message parameters to ultimately suspend and send an alert for suspicious transactions.

Examples of at-risk situations addressed by Fraud Detection for SWIFT messages

Anomalous activity related to:

  • Time-frame (e.g. unusual time of day, unusual frequency)
  • Unusual payment instructions
  • Unusual payment value (e.g. amount bigger than usual)
  • Unusual or new relationships (e.g. new beneficiary payment to a new country unused by FI)

If you are interested in taking those information with you:

You may also be interested in our webinar recording on “How to fulfill the SWIFT Customer Security Program requirement with an out-of-the-box solution”