"CyberPlat" CJSC proposed an ambitious project – a domestic equivalent of SWIFT financial data interchange network, designed to protect the Russian banking system from international sanctions.
SWIFT (Society for Worldwide Interbank Financial Telecommunications) is a network, linking more than 9 thousand financial institutions worldwide and designed for financial data interchange (financial messaging) between banks and stock market participants.
Every participant of the system has a unique SWIFT-code, enabling messages to be addressed to him. In order to make funds transfer through SWIFT, it is enough to know SWIFT-code of the bank and IBAN-code of the beneficiary. The major part of traffic in the SWIFT network are payment orders. It is this system which facilitates the bulk of international funds transfer.
"Separation" of Russian banks from SWIFT would be a serious blow to the financial system and would cause serious damage to international trade. And it is not by any means an inconceivable event. Back in 2012, the Iranian banks were shut off from the SWIFT as part of the international sanctions, and until now all foreign economic activity of the country has been attended by banks of the neighboring countries.
Much-talked of amendments to the federal law "On the national payment system" designed to protect Russian banks from sanctions to the extent of international payment systems fail to operate in this case: SWIFT is not a payment system, since it provides neither clearing nor settlements, but merely traffic for financial documents. For this purpose, all data interchange in the system flows through two processing centers, located in the United States and the Netherlands
Russian company "CyberPlat" CJSC, known for its electronic payment system, decided to put forward a domestic substitute for SWIFT, except that it will be a more technologically advanced equivalent, which will run in parallel to the existing SWIFT system. If CyberSWIFT, which is the name for the new system, gains popularity at least in the territory of Russia, domestic banks in the context of sanctions to the extent of SWIFT will be able to effect payments between each other and those foreign banks which link to CyberSWIFT
The main concept behind CyberSWIFT is very simple – to duplicate and gradually replace SWIFT. It is expected that simple and free linking, low transaction fee and more flexible protocols will entice banks and companies to link to the new system on a massive scale, which will allow it to completely replace SWIFT in the long term, thereby saving the Russian banking system from leakage of financial information abroad and, to some extent, break free of political pressure, exercised through SWIFT.
Although immediately after the project was submitted for review at the meeting of the National Payments Council it became known that SWIFT is planning to set up a data processing center in Russia, which to some extent reduces the need for a new system. CyberSWIFT has quite a few advantages to offer by virtue of non-existence of dead matter of outdated technologies.
Technologically CyberSWIFT is distinct from SWIFT as the 2000s from the 1980s. Where SWIFT has hardware while CyberSWIFT has software, and where SWIFT is noted for narrow specialism while CyberSWIFT implements an universal approach. Developers of CyberSWIFT make a focus on multi-hubbing, compatibility, affordability, universality and scalability.
Multi-hubbing means that messaging is not conducted through one or two data processing centers but rather over an optimal route, through local hubs. At present, for example, a message from one Moscow bank to another Moscow bank runs through the SWIFT data center in Netherlands which is backwards way around and insecure. In CyberSWIFT in this case messaging would be done via a Moscow regional hub or even through a bank group hub, if both correspondent banks belong to one and the same group.
Compatibility is ensured through CyberSWIFT connectivity architecture (Separator of Flows software): if, for example, a message recipient is not linked to this system or if it is required to send a type of message which is not supported by CyberSWIFT, it will be sent traditionally via SWIFT, unnoticed by sender (only commission fee will be higher, based on SWIFT fees).
Affordability is ensured by simplicity and cheapness of linking to CyberSWIFT. Unlike SWIFT, you don’t need to install specialist certified terminals and organize dedicated channels. Any PC, with an internet connection will be OK. Message cost is 50% of the cost of similar transaction, transmitted via SWIFT.
Universality of CyberSWIFT means that network can not only be used for sending and receiving interbank payment orders but also for communication between client and bank. This will enable companies, working with a few banks, to use one software product instead of “breeding a zoo” of diverse “bank-client” applications.
Scalability is the last advantage of CyberSWIFT in terms of order but not in terms of importance. Due to rigid architecture of SWIFT, integration of new features into it drags on for years. CyberSWIFT is designed to be able to quickly react to evolving market requirements. ATM card transactions, automatic payments, e-invoicing (paperless invoice sending and receiving by legal entities), direct debit – all this will be supported by CyberSWIFT. There is no complication in adding anything new which may appear on the market.
It goes without saying that security of new system is extremely important. When using generally accessible data channels there are a lot of risks of discrediting one or a few elements of transaction transmission chain. In general, hardware encryption tools and dedicated channels ensure a higher security level. However, one should remember, that existence of “bookmarks” in the equipment and the need for a physical access to data line may reduce to a zero all advantages of this approach. And no certification will ensure a 100% security.
At the same time a software product is far more convenient for an audit for sensitivities, since it can easily be updated where sensitivities are identified, by raising its security level. And, finally, «CyberPlat» CJSC representatives refer to their sound experience on the market. Over 16 years of work and some 10 bln. transactions have been processed and no event of system cracking was identified which instills a certain confidence in the accuracy of the Company’s approach to information security.
Managing director of Optima Infosecurity (Optima group), Nemania Nikitovich does not consider software encryption to be a vulnerable point of the system: «As regards encryption, replacement of hardware encryption into software encryption may not be critical as their efficiency is actually identical, although hardware encryption is faster. I think implementation of the system will be carried out together with enforcement of local requirements to encryption, which, apparently, will be other than requirements currently existing worldwide and applied in any financial transaction. There is no doubt that a quality encryption system shall be created, however the issues of its integration into other systems as well as simplicity and operation speed remain open».
Use of open data channels exposes the system to a new type of hazards – the so called DoS-attacks (Denial of Service). Their essence is in sending specially generated garbage network traffic. Such attacks, launched via Internet enable to paralyze work of any online-service. Their target may also be a CyberSWIFT hub. There is a multitude of DoS-attack methods. Some are based on use of server vulnerabilities; others attack network equipment of provider and the rest completely chock up data channels including trunk channels.
«CyberPlat» claims that their servers are extremely resistant to DoS-attacks as they managed to withstand a recent 10 Gbit/s. attack. However, it is no secret, that сyber criminals have already mastered attacks with a higher capacity (up to 100 Gbit/s.), and indeed it is not sufficient to protect servers alone — «collapse» of network infrastructure will cause the same effect. Such use cases are known, and even in case of active resistance on the part of providers and information security services, an attack may have an effect lasting for many hours and even days. To be less vulnerable to such threats, organizations may link via a dedicated channel – such opportunity is provided by «CyberPlat».
According to Nikitovich, the project has a right to exist. «This is an ambitions task and its implementation will impact the entire payments system in Russia. There are examples of successive resolution of a similar task in the US, where there is a domestic payments system, operating exclusively inside the country. The main problem will be to insure integration of new system into the world of settlement systems», — concludes the expert.