Dear Mr. Gribov, what is CyberFT? How was developed this product, which Russian financial market needs so badly?
CyberFT is a new transfer system for any type of financial information. It was developed exclusively in Russia and it allows banks to optimize transaction expenses and ensures security of customer information. In CyberFT all transactions are carried out in compliance with Russian legislation and are totally protected from the threats of foreign policy.
The latter is especially important due to the toughening of sanction policy by EU and US. It is quite possible that the next step of economic sanctions on Russia will include block of access to SWIFT interbank financial telecommunication system, which is currently the main transaction channel of our financial market. In that case not only data exchange with foreign banks will cease, but also an exchange between domestic banks, which is a direct threat to the national security and sovereignty of Russia.
Up until this year Russian bank community underestimated risks of data exchange containing bank secrets through communication hubs and servers of SWIFT situated in the US, Netherlands and Switzerland. Furthermore, truth be told, market participants don’t even really know the exact location of the servers and how sensitive information transfer works, while SWIFT itself doesn’t disclose that information.
At this point trade and bank secrets may be accessed by unauthorized users: from foreign intelligence agencies to criminals, including terrorists.
Security experts constantly pointed out how vulnerable that scheme is for Russia, and how developed countries impose embargo on outflow of local (domestic) bank information beyond boundaries of the country. And only after Visa disconnected several Russian banks from bank communication system via plastic cards did it become clear how important it is to have an independent domestic interbank payment network.
A federal law 112-FZ, enacted in May, provides a clear definition: “operators of payment services are not entitled to transfer abroad information regarding any money transaction that is carried out within the payment system in the territory of the Russian Federation or grant access to that information from abroad.”
Unlike other systems on the Russian market, software of CyberFT was developed by Russian experts, all CyberFT servers are situated in Russia and license and patent independence is complied with, i.e. the system is meeting the criteria of national security.
Can one say that CyberFT was developed as a part of national security in the financial sector?
One of the key goals of CyberFT is to ensure security of interbank communication in the broadest sense of the word. Today information, especially information containing trade or bank secret, is extremely valuable. Cybercriminal activity keeps growing as total losses of companies and banks from confidential information leaks last year exceeded $25 bln. In this respect the percentage of Russian companies makes up 6%.
Use of CyberFT system significantly reduces risks of theft, loss and sale of important information of banks and that of their clients. Since the equipment and channels of communication are in Russia, it eliminates all threats coming from abroad and significantly reduces risks of information theft.
While developing CyberFT we constantly bore in mind underlying fundamental principles that allow to resist any type of threat and ensure top-level information security for the system users.
Different interaction patterns are discussed in order to provide security of interbank and customer information. Is there a room for variability in this development?
CyberFT solution is designed for multi-providers. This means that CyberFT system can be used by any number of providers of service of encrypted structured authentication data transfer in CyberFT format, which could serve both the whole country (region) and a specific chosen bank group.
Any organization, including Central Bank of the Russian Federation, large bank holding, stock market, payment system or communication service provider, can become a provider with installed CyberFT software and SWIFT (encrypted authentication messages transfer in compliance with ISO15022 and ISO20022) clients.
In other words, any company or even a sole proprietor that is not a legal entity can install at their home servers with CyberFT software and provide the same services as the ones provided by SWIFT. Such an approach gives endless opportunities for forming of payment infrastructure within the Russian Federation and growth of competitiveness on the payment market of our country.
You have described in detail advantages of CyberFT for banks and payment service providers. Can your system be of use for other Russian or foreign companies?
Not only banks can use the system. Large and medium enterprises working with several banks simultaneously are forced to maintain several Client-Bank systems and interact with different data exchange formats and cryptographic libraries. CyberFT lets you organize a Universal Client-Bank. In practice that means all the company has to do is issue a bank transfer order, choose any of the transfer banks in CyberFT, and the payment will be effected to the chosen bank, because CyberFT will take care of message transfer and feedback. Therefore, using their account systems companies will be able to have a direct interaction with banks and use unified technologies of data exchange.
Besides, there is a possibility of processing of a legally important electronic document flow within CyberFT. We are talking about optimization of business-processes involving document exchange with government authorities and other partners e.g. tax reporting, customs declaration, interaction with Intergovernmental Electronic Interaction System, as well as other inter-corporate communication: signing of contracts, provision of reporting documentation, submission of stock exchange requests, etc.
The system can also be integrated into the standard solution “1C: Accounting”, which is used by many companies. Our experts are currently working on it.
By means of CyberFT state organizations can form national infrastructure of financial transactions abroad. In other words, replacement of SWIFT by CyberFT in a specific country will ensure an absolute independence of financial transactions processing.
There is another option: after becoming a CyberFT member any company will be able to set up an encrypted message transfer service on the open market on a commercial basis. Put differently, companies using CyberFT will be able to act as service providers of secure transfer of structured information of any type between identified users.
Tell us, does transition to CyberFT implies a total turndown of SWIFT?
No, CyberFT doesn’t replace SWIFT, but co-exists with it. It is a flexible solution allowing to control information flow. If a certain category of messages is compatible with CyberFT and its recipient is within CyberFT, then the transaction is redirected to the proper address through CyberFT without crossing Russian borders.
If the required category isn’t compatible with CyberFT, or if the payment recipient isn’t connected to the CyberFT system, then transaction is processed by SWIFT using traditional route. i.e. via foreign server.
As new categories are developed or new members are connected to the system the database updates remotely.
Since we’ve started comparing the two systems, could you explain the differences between them?
The fundamental difference between CyberFT and the traditional SWIFT is abandonment of hardware-based encryption. Reliability and convenience of software-based encryption is confirmed by 16 years of successful exploitation of CyberPlat® electronic payment system. Over that time more than ten billion messages were transferred with zero information leaks.
Connection to CyberFT is carried out through the public internet i.e. it’s unnecessary to use services of a specific network provider. All interaction is secured and flows through the open channels which is granted by the financial messaging know-how. Should the loss of connection occur a new internet-channel is then found within a minute and a new connection is established.
HTTPS with electronic signature is used as the main transport mechanism.
Undoubtedly, when necessity arises a dedicated channel may be activated. For instance, they may be used for extra-large payments transferred between exchange markets and largest banks. In that case internet connection will be reserved as a backup channel.
Use of solely software-based encryption and application of any communication channels facilitates connection to CyberFT. Unlike SWIFT, CyberFT joining is free and a transaction fee is half as expensive.
For purposes of interbank information flow CyberFT can set up as many message categories as may be required by market participants. On top of 10 SWIFT categories CyberFT implements transfer of information about payment acceptance, money transfers, ATM transactions and other financial transactions. For example, if there is a high demand, CyberFT may implement the most common system Direct Debit as a separate category, as an addition to the invoice SWIFT category, or as an automatic payment service. CyberFT is a universal flexible system of financial information exchange, which allows to process requests of market players as quickly and efficiently as possible.