Get in touch with SWIFT
Report a security issue
How to report a security issue or vulnerability to SWIFT?
At SWIFT, the confidentiality, integrity and availability of our services are our top priorities. Our dedicated specialists work around-the-clock to optimise and secure our systems.
Both SWIFT and its customers must remain constantly vigilant and proactive to counter the threats to our common security.
Despite the effort we invest in security, the threat landscape adapts and evolves daily and there will always be new types of threats to safeguard against.
Have you discovered a vulnerability in our systems? Please help by reporting it to us so that we can improve the security of our systems together.
Report your finding
You can report your findings by sending an e-mail to: firstname.lastname@example.org
We recommend that you secure your email transmission by using the following public PGP key.
In addition, we ask that you:
- Describe your finding as clearly and completely as possible.
- Provide any supporting information, material or attachments to support and validate your finding, to allow us to recreate or reproduce your finding as quickly and efficiently as possible.
- Describe the likely or potential consequences of your finding
- Suggest mitigations or workarounds if possible
- Keep all information and communication regarding your finding confidential, and do not disclose it to anyone outside of SWIFT
- Do not engage in any activities that will adversely affect the confidentiality, integrity, or availability of the systems that relate to your finding
- A team of security experts will investigate your finding(s) and you will receive a confirmation receipt of your email within one working day.
We value your work and thank you in advance for your contribution.
SWIFT security announcements
You can also check the SWIFT Security announcements that are published as part of the SWIFT Customer Security Programme.
We will only use your personal information in respect to the SWIFT Privacy Statement.
To gain the confidence of victims, scammers often pretend to be associated with organisations they know you trust – be it a business, government agency or charity.
It has come to SWIFT’s attention that scammers have recently been using non-existent payment messages to mislead potential victims, inserting them into counterfeit documents to fraudulently claim payments have been made when they have not.
We would like to remind you that SWIFT does not play a role in the authentication process as we do not have access to the information related to financial transactions. When in doubt, to authenticate the legitimacy of such documents, we recommend you to contact your own bank (or the bank specified by BIC or by name in the payment instruction) prior to executing a business transaction.