Cybercrime as-a-service , Fraud Management & Cybercrime , Incident & Breach Response

Hackers Target 3 Mexican Banks' Real-Time Transfers

Mexico's Central Bank Says No Client Money Lost, But Activates Contingency Plans

Banco de México headquarters in Mexico City. (Photo: Alfonso21 via CC)

Mexico's central bank says "operational incidents" last week appear to have been the work of hackers attempting to mess with banks' real-time payment transfers. While an investigation continues into the incidents, the central bank says it's instructed the three banks to use contingency plans, including alternate connection arrangements, and warned that the banks' payment transfers might slow as a result.

See Also: Live Webinar | Leveraging AI in Next Generation Cybersecurity

On Friday, Banco de México, or Banxico, issued an alert, reporting that there were security incidents at three of the country's banks that participate in the central bank's domestic interbank electronic payments system, known as SPEI.

The central bank says that the SPEI infrastructure was not breached and "continues to operate normally and safely" and that the attempts to defraud the three banks appear to have been unsuccessful.

"To date, the SPEI infrastructure at Banco de México has not been affected, and there are no indications of effects on the resources of the clients of any of the institutions that participate in SPEI," it says.

To be safe, however, the central bank says that it's activated "contingency measures" for the three targeted banks and moved them to alternate connections. It warned that these emergency measures could result in customers of those banks seeing a slowdown in its real-time payment system, which normally clears transactions in just 1.9 seconds.

"It is possible that the clients of the [three banks will] experience slowness in the sending of their transactions, as well as in the receipt of resources from other financial institutions (possibly of a few hours) and delays in the queries of the electronic certificates of payment," it said.

Report: Banco del Bajio Targeted

A full list of affected banks has not been released. But Banco de México instructed Banco del Bajio - aka BanBajio - to connect to SPEI using an alternate network on Friday, Bloomberg reported, saying that a spokesman for Banco del Bajio told it that the bank's payment transfer system experienced no interruption and that no client money was lost.

Mexico's Finance Ministry tells Bloomberg that no government-owned banks appear to have been targeted via these attacks.

On Friday, Grupo Financiero Banorte reported experiencing an "incident" that temporarily left it unable to connect to SPEI. The bank couldn't be immediately reached for comment about whether the incident was connected to the hacking attempt reported by Banco de México.

Durante el día de hoy se presentó una incidencia con un proceso intermedio de nuestro sistema de conexión al servicio SPEI. El servicio se restableció durante la tarde. — GFBanorte México (@GFBanorte_mx) April 27, 2018

Mexico's Real-Time Payment Transfer System

Short for "Sistema De Pagos Electrónicos," the SPEI electronic funds transfer system was launched in 2004 to enable banks to transfer money between private account across an encrypted network.

"This system was developed to facilitate payments between financial institutions, in addition to enabling them to offer safe and efficient retail payment services to the public," the central bank, which maintains the system, says in an overview.

"SPEI's participants can transfer Mexican pesos by own account and on behalf of their accountholders, in near real-time, 24 hours per day, every day of the year," it adds. "SPEI uses an open communication protocol that was specifically designed for SPEI and does not require a specific architecture, programming language or operating system. SPEI's participants have the protocol's full specifications, so they can develop their own system connectivity applications according to their needs."

Foreign exchanges via the system are handled by CLS Bank, a New York-based organization owned by 69 banks that specializes in providing settlement services in 18 currencies to foreign exchange market members.

"Operations held with CLS Bank are managed in SPEI through SWIFT, so Banco de México translates the messages from SWIFT to SPEI protocol and vice versa," according to Banco de México's overview (see Security Investments Consume SWIFT's Profits).

Mexican, Latin American Banks Targeted

This isn't the first time that Mexican banks have been targeted by hackers this year.

On Jan. 9, Bancomext - El Banco Nacional de Comercio Exterior - said that it had suffered a disruption in international payment transfers as a result of an attempted hack attack. The bank reported no losses, saying that a quick response by banks, various authorities as well as Banco de México had blunted the attack.

"Authorities have confirmed that the modus operandi of the alleged hackers is similar to intrusions that have occurred in other institutions in Mexico and Latin America," the bank reported.