Customer Security Program
We are registered in the Directory of CSP assessment providers. Our certified SWIFT consultants use their deep experience in cybersecurity and in-depth knowledge of the SWIFT Customer Security Controls framework to perform a cybersecurity assessment of your SWIFT-related environment and conduct a gap analysis leading to self-attestation of compliance with the SWIFT Customer Security Controls Framework.
SWIFT has implemented the Customer Security Program (CSP) to promote cybersecurity within the SWIFT user community. Customers are responsible for the security of their infrastructure. To help them in this task, the CSP has been developed to help combat security threats and cyber fraud. The CSP is based on a common core of security measures intended to help users secure their local environments and the wider SWIFT community.
Customer Security Controls Framework: SWIFT’s CSCF includes mandatory and recommended security measures that users can implement in their SWIFT environment. Mandatory security measures define a general security basis for the SWIFT community. They should be implemented by all users, including those using desktop services or L2BA providers. The recommended security measures are based on good security practices and SWIFT invites users to adopt them, where appropriate. The list of mandatory and recommended measures is regularly reviewed, in particular due to the constant evolution of cyber-attacks.
Secure Guidelines: The security guidance documents provide the SWIFT community with a set of basic security recommendations for customers using Alliance Web Platform Server-Embedded, Alliance Access / Entry, Alliance Gateway and SWIFTNet Link, as well as all versions of ‘Alliance Messaging Hub (AMH).
Secure Self-assessment Process: Under the CSCF, SWIFT users must assess their level of compliance with the mandatory measures that apply to their type of architecture (A1, A2, A3 or B). These certificates must be submitted and published in the KYC-SA application [(Know Your Customer – Security Attestation)]. This application also allows users to specify whether their certificates are based on independent, internal, or external assessment. You can find more information on the four types of architectures mentioned above in the full text of the CSCF.
What is new in the recently released CSP v2022?
An update of the Control Framework: The CSP v2022 also introduces some changes to the controls to adapt the framework to the evolution of the cyber threat landscape and to progressively improve the overall growth of the control environment.
One advisory control, introduced in CSP v2022, is being promoted to mandatory:
Transaction Business Controls: Ensure outbound transaction activity within the expected bounds of normal business.
In order to comply with this control, ABM Payment Control System is a fraud prevention solution that securely monitors outgoing payment messages in real time, to detect, prevent and validate unreadable or unusual payment message flows from an institution, prior to delivery to SWIFT and based on standard or customized rules.