While the Central government is leaving no stone unturned to turn the nation into a cashless economy, an alarming revelation has put a question mark on the security of digital transactions.
According to an Economic Times report, the systems of three government-owned banks – two headquartered in Mumbai and one in Kolkata – were recently hacked to create fake trade documents that may have been used to raise finance abroad or facilitate dealings in banned items.
The victim banks discovered that their SWIFT systems – the global financial messaging service banks use to move millions of dollars and documents across borders every day – have been compromised to create fake documents. However, the banks are still unaware about the origin of the attack and the intention of the hackers.
According to the report, soon after the RBI was reported about the breach, it directed several banks to cross-check all trade documents issued over the past one year.
“The nature of the attack is unfamiliar to Indian banks. While there is no monetary loss and ransom demand as yet, there are fears that the banks’ systems have been misused. There was fraudulent duplication of trade documents like letters of credit (LC) and guarantees,” Economic Times quoted a person familiar with the breaches.
“These the hackers may have encashed or are planning to encash with some offshore banks. It’s also possible that hackers did not present the fake LCs to raise funds but to carry out trade of prohibited or illegal commodities,” he added.
An LC, serving as a guarantee, is a letter that one writes to another (particularly in another country) to ensure payment to the supplier of goods when certain conditions are met. Besides messages for fund transfers, the SWIFT system is also used to communicate trade documents.
As per RBI’s instruction, banks now have to match the documents shared through SWIFT with the actual documents in their case or core banking system to find out whether systems have been misused.
“It’s possible that some banks may not be aware that an outsider has crawled into the system. Since there is no immediate loss of money, a bank may take a long time to sense that its SWIFT system has been hacked and misused,” said a cyber security personnel.