India's City Union Bank suffered about INR12.8 crore (US$2 million) in fraudulent remittances recently, after a cyber attack reportedly compromised the SWIFT messaging system.
In the incidents, payment instructions were sent to other banks in multiple jurisdictions, later traced to Turkey, China and Dubai. City Union Bank detected the transactions while reconciling accounts and about half the amount lost has been retrieved.
"During our reconciliation process on February 7, it was found out that 3 fraudulent remittances had gone through our SWIFT system to our corespondent banks which were not initiated from our bank's end. We immediately alerted the correspondent banks to recall the funds," said the bank's General Manager V. Ramesh in a recent statement.
He added that the first remittance of $500,000, made to Dubai via Standard Chartered Bank in New York, was blocked and immediately returned. The second remittance of EUR300,000 (US$367,000) was made through Standard Chartered Bank in Frankfurt to a Turkey-based bank and was blocked in the beneficiary’s account in the latter. The third, made through New York, went to a China-based bank for $1 million. City Union Bank is currently working with Indian diplomatic representations in Istanbul and Shanghai and the National Cyber Security Council to recover the amounts in the latter two remittances.
This case comes just days after a INR11,400 crore fraud at Punjab National Bank, where investigations revealed that funds were siphoned off by bank employees who manipulated SWIFT, the dominant electronic messaging system used for overseas funds transfer. The Indian government has since embarked on a multi-agency probe of what is one of the largest financial fraud cases in recent years.
Commenting on the City Union Bank case, Mr V. Ramesh said:
“We wish to inform that it is not similar to the fraud happened in one of the largest Public Sector Bank and there is no evidence of staff involvement…(the) bank’s SWIFT payment system is back to normal after ensuring adequate enhanced security in place."
The SWIFT system, which enables trillions of dollars in transfers every day, has been used for multiple cyber thefts on banks across the globe in recent years years. Following the Punjab case, India’s central bank, the Reserve Bank of India issued an advisory directing banks to link their SWIFT systems with their core banking systems by April 2018 to enhance security and internal controls.