SWIFT changes security mechanism for FileAct
In the SWIFT Network FileAct transfers are secured by a Secure Hash Algorithm (SHA), utilizing one of two standards:
- The older standard SHA-1 using 160 bits
- The newer standard SHA-2 using 256 bits (SHA-256).
The hash value is calculated when a file is sent and is included in the file header. The receiving site should always verify the hash value to ensure that the received file is valid and uncorrupted. The generation of the hash value is typically performed by the SWIFT Network Layer (SNL) while verification is the responsibility of the SWIFT interface application.
The default hash algorithm used to date by SWIFT is SHA-1. On December 12 2012 SWIFT confirmed that this setting will be changed on January 19 2013 to SHA-256. This change should not cause any issue for SWIFT customers using interfaces certified for SWIFTNet 7 as these must be able to handle both types of digest.
However, there seem to be uncertified interface applications around which potentially may fail to process hash values conforming to the SHA-256 standard and as a result will not be able to use the FileAct service anymore. SWIFT advises: ” If you are not yet using a qualified interface then you should at least check that your application can also handle reception of a SHA-256 computed digest. We therefore strongly encourage usage of our test sparring partner facility on the production network.”
BOX for SWIFTNet is fully qualified for SWIFTNet 7 and can handle both types of digest. So for Intercope BOX customers the change in the SWIFT network will be transparent.