NSA monitored global financial transactions, report says

An NSA database, Tracfin, contained 180 million records in 2011, most of which were credit card transactions

A branch of the NSA has been collecting global financial data, including credit card transactions and data from SWIFT, which runs an international bank messaging system, according to a report Sunday from Der Spiegel.

The German publication provided details about a US National Security Agency branch called "Follow the Money" that inputs financial data into a system called "Tracfin" that it said came from documents leaked by former NSA contractor Edward Snowden.

Tracfin contained 180 million records in 2011, of which some 84 percent of the data was comprised of credit card transactions, Der Spiegel reported. In an email statement Monday, the NSA said the U.S. government acquires economic and financial information related to terrorist financing and terror networks.

"This information is collected through regulatory, law enforcement, diplomatic, and intelligence channels, as well as through undertakings with cooperating foreign allies and partners," the statement said.

According to one presentation, the NSA sought to access Visa transactions for customers in Europe, the Middle East and Africa. In a statement, Visa said it was not aware of unauthorized access to its network.

"Visa takes data security seriously and, in response any attempted intrusion, we would pursue all available remedies to the fullest extent of the law," the company said. "Further, it's Visa's policy to only provide transaction information in response to a subpoena or other valid legal process."

NSA analysts described at an internal conference how they apparently successfully searched through Visa's "complex transaction network for tapping possibilities," the publication reported, citing other documents.

The NSA's Tracfin data also contained information from the Society for Worldwide Interbank Financial Telecommunication, or SWIFT. SWIFT, a cooperative owned by around 8,000 financial institutions, runs a messaging service that enables worldwide financial transactions between banks.

Der Spiegel reported that SWIFT was a target of spying by the NSA's "tailored access operations" division, which collected printer traffic data from numerous banks.

In 2006, an independent panel set up by the European Commission found that SWIFT violated European Union and Belgian data privacy laws by turning over information to U.S. authorities for terrorism investigations.

After the attacks on the U.S. on Sept 11, 2001, SWIFT responded to court orders to hand over messaging information to the U.S. Treasury Department to track financial transactions by suspected terrorists.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.

Tags visasecuritySociety for Worldwide Interbank Financial TelecommunicationU.S. National Security Agency

More about European CommissionNational Security AgencyNSASpiegelVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place