Committed to connecting the world

Digital Financial Services Security Clinic - EACO

The International Telecommunication Union organized an online Digital Financial Services Security Clinic jointly with the East African Communications Organization (EACO) on 6 July 2022 from 10h00 to 12h15 East African Time (EAT).

The main objectives of the DFS Security Clinic are to share the findings and recommendations from the FIGI Security Infrastructure and Trust working group for regulators and DFS providers with regards to addressing security challenges for digital finance.

Target Audience: The DFS Security Clinic was intended for IT security professionals and policymakers from the telecom/ICT regulators, DFS providers, Central Banks and Mobile Network Operators.

Watch recording here

Programme

10:00 - 10:45 (EAT)	Managing threats to the DFS ecosystem and securing mobile payment applications This session focused on the best practices that Digital Financial Services (DFS) regulators could adopt as technical regulation to set minimum security baselines for DFS providers and developers and which can also be audited thereafter by the regulator to verify compliance. Vijay Mauree, Programme Coordinator, TSB, ITU [Presentation] Related Reports/Regulatory Guidance: Mobile Application Security Best practices DFS Security Assurance Framework DFS Security Audit Guidelines DFS Consumer Competency Framework
10:45 - 11:10 (EAT)	Mitigating SS7 vulnerabilities This session focused on the recommendations to be adopted by DFS regulators and mobile network operators to mitigate SS7 vulnerabilities. Arnold Kibuuka, Project Officer, TSB, ITU [Presentation] Related Reports/Regulatory Guidance: Recommendations for regulators to mitigate SS7 vulnerabilities
11:10 - 11:50 (EAT)	Addressing SIM swap fraud and related risks This session focused on the guidance and recommendations for regulators and providers to mitigate SIM vulnerabilities like SIM swaps, SIM recycling, and attacks on SIMs like binary over the air attacks. The session also covered how the Central Bank and Telecom regulator could coordinate on addressing security risks to the DFS ecosystem. Vijay Mauree, Programme Coordinator, TSB, ITU Arnold Kibuuka, Project Officer, TSB, ITU Related Reports/Regulatory Guidance: Security recommendations to protect against DFS SIM risks and SIM swap fraud Model MOU between a Telecommunications Regulator and Central Bank on Digital Financial Services Security
11:50 - 12:15 (EAT)	Next steps: adoption of security recommendations from FIGI by EACO This session was led by EACO and was a discussion on the next steps for EACO to adopt the recommendations that have been shared by ITU during the previous sessions and collaboration with ITU on implementing these recommendations going forward.

Related Information

Organized by: International Telecommunication Union (ITU) & East African Communications Organization (EACO)
Sponsored by: MSIT - Republic of Korea
Digital Financial Services (DFS) Security Clinics
DFS Security Lab
Voluntary Contribution
Contact: tsbevents@itu.int

Organized Jointly by

Committed to connecting the world

Digital Financial Services Security Clinic - EACO

​​​​​​​​​​

Programme