- The Nirav Modi scam is technology vs human ingenuity.
- It's not a cybercrime, but it's certainly a bank heist.
- Bankers and Modi's staff misused the SWIFT system to build a $1.6 billion scam.
Technology is only as strong as the humans using it. That pretty much sums up the Nirav Modi
scam that came to light last week. The parties involved misused the Society for Worldwide Interbank Financial Telecommunications (SWIFT) money transfer system, and their personal positions within
Punjab National Bank to build a $1.6 billion (or more) scam.
At its core, the Nirav Modi scam is a hack, though it can't really be labeled as cybercrime.
Gokulnath Shetty, deputy branch manager at a
PNB branch in South Mumbai, had the passwords required to log into the SWIFT system. That allowed him to effectively game the system in favour of Modi's firms.
But what is SWIFT? And how is a password enough to send $ 1.6 billion down the drain?
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More
When money is transferred overseas, banks inform the same to the country's treasury. The treasury then informs another country's treasury, which in turn tells the bank in that other country to transfer the funds. But, as powerful as the treasury is, it cannot do so without a branch manager's consent. The branch manager in question here is the bank branch that originally got the transfer request. This consent (from the bank's branch manager) is issued through SWIFT messages.
You could call it the world's most powerful messaging system. SWIFT is an inter-bank messaging system that doesn't transfer any money but informs banks around the world that loans or fund transfers have been authorised. SWIFT messages are sent in set formats and hold information relevant to a particular transfer.
In the Nirav Modi scam, the Letters of Understanding (LoU) in question were issued through SWIFT. Unlike the $81 million Bangladesh Bank hack of 2016, there was no malware involved in this case. The malware here were humans, armed with passwords.
A CBI source told
The Wire that - "Modi's staff were logging into the SWIFT system using passwords of PNB officials, including Shetty, in the capacity of verifier/authoriser and enabling the fraudulent SWIFT messages."
What this means is that the accused were issuing and approving the consent of their own accord.
Core Banking System (CBS) But there's a failsafe for that as well. Consent issued via SWIFT are eventually supposed to tie in with a bank's core system. This is the technology allowing various bank branches to inter-operate. The Core Banking System and the SWIFT system are separate systems, requiring manual input for SWIFT messages into the CBS.
This is where PNB's oversight comes into the picture. A LoU issued via the SWIFT system is supposed to be manually entered into the CBS at some point. Somehow, no one did that, and no one asked either. The result? $ 1.6 billion or more in the hands of diamond sellers.
(Image courtesy: PTI)
Next Story
Some Tesla factory workers realized they were laid off when security scanned their badges and sent them back on shuttles, sources say
I tutor the children of some of Dubai's richest people. One of them paid me $3,000 to do his homework.
India not benefiting from democratic dividend; young have a Kohli mentality, says Raghuram Rajan
Indo-Gangetic Plains, home to half the Indian population, to soon become hotspot of extreme climate events: study
7 Vegetables you shouldn’t peel before eating to get the most nutrients
Gut check: 10 High-fiber foods to add to your diet to support digestive balance
10 Foods that can harm Your bone and joint health
6 Lesser-known places to visit near Mussoorie
