Committed to connecting the world

Search for:

Digital Financial Services Security Clinic - Democratic Republic of Congo

The International Telecommunication Union organised an online Digital Financial Services Security Clinic jointly with the Democratic Republic of Congo (ARPTC) from 26 to 27 July 2022 from 10h00 to 12h30 GMT +1.

The main objectives of the DFS Security Clinic are to share the findings and recommendations from the FIGI Security Infrastructure and Trust working group for regulators and DFS providers with regards to addressing security challenges for digital finance.

Target audience: The security clinic is intended for IT security professionals, security auditors and policymakers from the telecom/ICT regulator and Central Bank/Financial Regulator.

Watch recordings here:

26 July 2022

27 July 2022

Programme

Day 1: 26 July 2022 (10:00 - 12:30)
10:00 - 11:15 (GMT +1)	DFS Security Assurance Framework This session discussed the DFS security assurance framework that can be implemented by DFS providers to better manage the risks and mitigate their impact. Vijay Mauree, Programme Coordinator, TSB, ITU [Presentation] Related Report: DFS Security Assurance Framework EN \| FR
11:15 - 11:25 (GMT +1)	Coffee Break
11:25 - 12:30 (GMT +1)	DFS security vulnerabilities: USSD, STK and Android platform vulnerabilities This session introduced the ITU DFS security lab and highlighted the vulnerabilities to USSD and STK and Android based applications. Threats like Man in the middle attacks that could impact digital financial services and the SIM jacker vulnerability in SIM Cards were discussed. The session also provided and an overview of the security tests that can be undertaken in the DFS Security Lab at ITU. "Introduction to ITU DFS security lab" Vijay Mauree, Programme Coordinator, TSB, ITU [Presentation] "Android, USSD and STK tests" Arnold Kibuuka, Project Officer, TSB, ITU [Presentation] Related Reports: Security testing for USSD and STK based DFS applications EN \| FR Security audit of various DFS applications EN \| FR
Day 2: 27 July 2022 (10:00 - 12:30)
10:00 - 11:00 (GMT +1)	Summary of key guidelines for regulators on DFS security This session focused on the summary of the key ITU DFS recommendations on DFS security especially in issues of SS7, SIM swaps, SIM recycling and SIM vulnerabilities like SIM jacker that could be used to compromise DFS. Arnold Kibuuka, Project Officer, TSB, ITU [Presentation]
11:00 - 11:20 (GMT +1)	DFS security audit guideline The session also covered how a Regulator or DFS provider can assess compliance with the minimum-security controls using the DFS audit guideline. Arnold Kibuuka, Project Officer, TSB, ITU [Presentation] Related Report: DFS security audit guideline EN \| FR
11:20 - 11:30 (GMT +1)	Coffee Break
11:30 - 12:30 (GMT +1)	Implementing the DFS security recommendations and security audits for DFS An interactive session focused at initiating the process to implement the DFS security recommendations and identify the DFS Mobile Money applications that could be tested at the ITU DFS security lab. This session included an exercise. [Presentation]

Related Information

Organized by: International Telecommunication Union (ITU)
Sponsored by: MSIT - Republic of Korea
Digital Financial Services (DFS) Security Clinics
DFS Security Lab
Voluntary Contribution
Contact: tsbevents@itu.int

Organized Jointly:

Committed to connecting the world

Digital Financial Services Security Clinic - Democratic Republic of Congo

Programme

Day 1: 26 July 2022 (10:00 - 12:30)

Day 2: 27 July 2022​​​ (10:00 - 12:30)

Day 2: 27 July 2022 (10:00 - 12:30)