Committed to connecting the world

Search
WTISD

Digital Financial Services Security Clinic - Uganda Communications Commission

​​​​​​​The International Telecommunication Union (ITU) organized a Digital Financial Services Security Clinic jointly with Uganda Communications Commission (UCC) on 11 September 2023.

The main objectives of the DFS Security Clinic were to share the findings and recommendations from the FIGI Security Infrastructure and Trust Working Group for regulators with regards to addressing security challenges for digital finance. 

The event provided insights into security best practices for SIM swaps, mobile payment applications operating on USSD, STK and Android, methodology for testing security of mobile payment applications and addressing infrastructure vulnerabilities such as SS7.

Target Audience: The security clinic was intended for IT security professionals, security auditors from the telecom/ICT regulator, Central Bank/Financial Regulator, and DFS providers

Draft Programme



​09:00 - 10:30Managing threats to the DFS ecosystem and securing mobile payment applications 

This session focused on the ITU Digital Financial Services (DFS) security recommendations for regulators to adopt as technical regulation to set minimum security baselines for DFS providers and developers and which can also be audited thereafter by the regulator to verify compliance.  

The session discussed the digital finance security assurance framework that digital finance regulators and providers can implement for managing the threats and vulnerabilities to the digital finance ecosystem.  

Related Reports/Regulatory Guidance: 
​10:30 - 10:45Coffee ​Break
​10:45 - 11:00DFS Audit Guidelines

This session focused on the security audit guidelines that regulators can use to assess whether the security controls implemented are providing adequate protection to digital financial services systems. 

Related Reports/Regulatory Guidance:  
11:00 - 12:00
Mobile application security best practices

A mobile payment app security guideline will be shared which can be adopted as a technical guideline or regulation to establish minimum security baselines for developers and digital finance providers to adopt security best practices and international security standards 

Related Reports/Regulatory Guidance:  
​12:00 - 13:00Lunch Break
​13:00 - 13:40ITU DFS recommendations to address SIM swap fraud and related risks

This session focused on the guidance and recommendations for regulators and providers to mitigate SIM vulnerabilities like SIM swaps, SIM recycling, and attacks on SIMs like binary over-the-air attacks. The session also covered how the Central Bank and Telecom regulator could coordinate on addressing security risks to the DFS ecosystem.  

Related Reports/Regulatory Guidance:
13:40 - 14:10​ITU DFS recommendations to address SS7 vulnerabilities

Telecom infrastructure vulnerabilities such as SS7 can be exploited by an intruder to intercept calls and SMSs, bypass billing, steal money from mobile money accounts, or affect mobile network operations.  This session presented the main findings and recommendations of the Security, Infrastructure and Trust Working Group on securing the infrastructure against SS7 vulnerabilities and threats. 

Related Report:   
14:15 - 15:45​ITU Digital Financial Services Consumer Competence Framework

This session introduced the ITU digital financial services consumer competence framework which identifies the knowledge, skills and attitudes consumers need to participate actively, safely and have trust in the digital financial services ecosystem. 

Related Reports/Regulatory Guidance: 
​15:45 - 16:30Exploring strategies for implementing the Recommendations

This interactive session focused on the strategies to adopt the security recommendations.
​​

​​​​.
    ​

​​






© ITU All Rights Reserved

Back to top