That would be easily implementable in a bank's SWIFT gpi software as that system gains traction. Probably doesn't add any value in the current system as the recipient as no way to confirm the challenge-response scheme was actually completed as would be implied (beyond, perhaps, coordination between sending and receiving institutions outside SWIFT proper). Although I could be simply not sufficiently creative enough.
The bigger point I should have made is that most send fraud doesn't actually occur on SWIFT and is conducted using falsified documents to give the impression of a correct send, typically to get funds released before the fraud is revealed. It relies much more on social engineering than any kind of actual systems hacking skill.
The bigger point I should have made is that most send fraud doesn't actually occur on SWIFT and is conducted using falsified documents to give the impression of a correct send, typically to get funds released before the fraud is revealed. It relies much more on social engineering than any kind of actual systems hacking skill.