A branch of the NSA has been collecting global financial data, including credit card transactions and data from SWIFT, which runs an international bank messaging system, according to a report Sunday from Der Spiegel.
The German publication provided details about a US National Security Agency branch called "Follow the Money" that inputs financial data into a system called "Tracfin" that it said came from documents leaked by former NSA contractor Edward Snowden.
Tracfin contained 180 million records in 2011, of which some 84 percent of the data was comprised of credit card transactions, Der Spiegel reported. In an email statement Monday, the NSA said the U.S. government acquires economic and financial information related to terrorist financing and terror networks.
"This information is collected through regulatory, law enforcement, diplomatic, and intelligence channels, as well as through undertakings with cooperating foreign allies and partners," the statement said.
According to one presentation, the NSA sought to access Visa transactions for customers in Europe, the Middle East and Africa. In a statement, Visa said it was not aware of unauthorized access to its network.
"Visa takes data security seriously and, in response any attempted intrusion, we would pursue all available remedies to the fullest extent of the law," the company said. "Further, it's Visa's policy to only provide transaction information in response to a subpoena or other valid legal process."
NSA analysts described at an internal conference how they apparently successfully searched through Visa's "complex transaction network for tapping possibilities," the publication reported, citing other documents.
The NSA's Tracfin data also contained information from the Society for Worldwide Interbank Financial Telecommunication, or SWIFT. SWIFT, a cooperative owned by around 8,000 financial institutions, runs a messaging service that enables worldwide financial transactions between banks.
Der Spiegel reported that SWIFT was a target of spying by the NSA's "tailored access operations" division, which collected printer traffic data from numerous banks.
In 2006, an independent panel set up by the European Commission found that SWIFT violated European Union and Belgian data privacy laws by turning over information to U.S. authorities for terrorism investigations.
After the attacks on the U.S. on Sept 11, 2001, SWIFT responded to court orders to hand over messaging information to the U.S. Treasury Department to track financial transactions by suspected terrorists.
Send news tips and comments to email@example.com. Follow me on Twitter: @jeremy_kirk
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.