Together with our customers INTERCOPE is closely following and actively participating in SWIFT initiatives such as the global payments innovation (gpi) initiative and the Customer Security Programme (CSP). As a provider of certified CBTs INTERCOPE automatically is part of these initiatives.
Global payment innovation Initiative (gpi Initiative)
The gpi initiative “is designed to significantly improve the customer experience in correspondent banking by increasing the speed, transparency and end-to-end tracking of cross-border payments. In addition, the gpi initiative will deliver another major innovation with the provision of end-to-end payments tracking. “.
(see : https://www.swift.com/insights/press-releases/swift-successfully-completes-first-phase-of-global-payments-innovation-initiative-pilot).
One important part of the SWIFT gpi initiative is a Tracker database provided by SWIFT, Financial Institutions that send gpi payments will be able to log in to the Tracker to instantly check the status of their sent and received payments. To enable this function, INTERCOPE already implemented the relevant changes:
There are 2 new fields in the user header of MT 199 and MT 103
- Service Type Identifier 111
- End To End Transaction Reference 121
The content of these fields can be provided by external applications or via GUI with a unique, automatically provided ID.
Further enhancements will be implemented based on the evolution of the gpi initiative and customers requirements.
Customer Security Programme (CSP)
In response to the growing risk of cyberattaks SWIFT launched the Customer Security Programme (CSP) which aims to improve security related information sharing within the community, to enhance SWIFT-related tools and to provide audit frameworks and certification processes for best security practices.
INTERCOPE has continuously enhanced the Web security of BOX based on penetration tests in cooperation with major customers.
Dual Factor Authentication enhancements have been developed based on a Time-based One-time Password Algorithm (TOTP):
- To logon to the system the user does not only have to provide password but in addition a Token generated by BOX for each logon session. The token is sent to an authorized smart phone where it is displayed by an application such as Google Authenticator.
- The second option is currently under development, using RSA RADIUS server.
Further enhancements will be implemented based on the evolution of the CPS and the BOX Community requirements.