The International Telecommunication Union (ITU) was pleased to invite participants to the live webinar "Episode 4: Securing the USSD and STK Infrastructure for Mobile Payments" which took place on
28 May 2025 from
15:00 – 16:00 CEST via Zoom. This webinar was the fourth in our series on digital financial service security, organized as part of the
ITU DFS Security Lab activities.
Building on discussions about SS7 and mobile payment app security in
previous episodes, this session focused on the security of Unstructured Supplementary Service Data (USSD) and SIM Toolkit (STK), critical technologies for mobile financial services, particularly in diverse markets. A key highlight was the newly established
Recommendation ITU-T X.1456: Security guidelines for digital financial service (DFS) applications based on unstructured supplementary service data (USSD) and subscriber identification module tool kit (STK), exploring the recommendations for securing mobile payments.
USSD is a key access method for digital finance in regions with limited smartphone access. It allows users to manage finances via simple menu-based interactions on basic phones, making it vital for financial inclusion. Despite the simplicity, USSD and STK face unique security challenges. Addressing these is essential for protecting users and ensuring the integrity of the mobile payment ecosystem.
This webinar covered:
-
Key vulnerabilities and attack vectors targeting USSD and STK and the evolving threat landscape for these technologies.
- Mitigation strategies and best practices aligned
with ITU-T X.1456.
- Emerging technologies for USSD encryption.
Target Audience
This webinar was intended for IT professionals in telecommunications, financial services and fintech sectors, policymakers and regulatory bodies involved in digital financial services.
Panelists:
Moderator
Project Officer
ITU-T
| | 
Manager of Information Security Directorate of ICT & Research
|
We invite all participants to join the ITU DFS security knowledge-sharing platforms on Slack and GitBook before the webinar. See instructions below:
Instructions for joining the ITU DFS security knowledge sharing platform:
The Knowledge Sharing Platform consists of two main components: a GitBook workspace and a Slack channel. The GitBook workspace is a collaborative platform for sharing and refining ITU DFS security recommendations, while the Slack channel facilitates real-time communication and idea discussions among the collaborators.
Links to the GitBook workspace and Slack channel
- Step 1: Send a request to join the platform by emailing your name, institution and job title to: dfssecuritylab@itu.int
- Step 2: After approval, you will receive an invitation to join GitBook, "Accept Invitation" in the email
- Step 3: Sign up for a GitBook account or sign in with an existing account
- Step 4: Access the link in the email to access the DFS Security Guidelines GitBook
- Step 5: After your email approval, you will receive an invitation to join the ITUDFSsecurity workspace, Click "Join Now" in the email
- Step 6: Sign up for a slack account or sign in with an existing account
- Step 7: Join the itudfssecurity Slack workspace for collaboration and discussions
