Committed to connecting the world

Search
AI for Good Global Summit

Joint ITU-EACO DFS Security Clinic

​​​​The International Telecommunication Union (ITU) in collaboration with the East African Communications Organization (EACO) organized an online Digital Financial Services Security clinic. The event took place from 8-9 February, from 10:00 to 12:30 CET.

The primary objectives of the DFS Security Clinic were to present the recommendations of the FIGI Security Infrastructure and Trust working group to the EACO WG 3 on ICT Applications, Consumer Protection Issues, and Cybersecurity. The event aimed to facilitate the adoption of these recommendations by providing detailed insights into the best practices for security in various areas of digital financial services.

During the event, participants gained valuable insights into security best practices for SIM swaps, mobile payment applications operating on USSD, STK, and Android. The event also covered methodology for testing security of mobile payment applications and addressing infrastructure vulnerabilities such as SS7.​​

Programme


​8 February 2023
09:00 - 10:30 
Managing threats to the DFS ecosystem and securing mobile payment applications​

This session focused on the best practices that Digital Financial Services (DFS) regulators could adopt as technical regulation to set minimum security baselines for DFS providers and developers and which can also be audited thereafter by the regulator to verify compliance.

The session discussed the digital finance security assurance framework that digital finance regulators and providers can implement for managing the threats and vulnerabilities to the digital finance ecosystem.

Part 2 of this session also introduced the ITU digital financial services consumer competence framework which identifies the knowledge, skills and attitudes consumers need to participate actively, safely and have trust in the digital financial services ecosystem

Related Reports/Regulatory Guidance:
11:00 - 12:30DFS Audit guideline and Mobile Application security best practices

This session focused on the security audit guidelines that regulators can use to assess whether the security controls implemented are providing adequate protection to digital financial services systems.

A mobile payment app security guideline was also shared which can be adopted as a technical guideline or regulation to establish minimum security baselines for developers and digital finance providers to adopt security best practices and international security standards

Related Reports/Regulatory Guidance:
​​​9 February 2023
09:30 - 10:30
ITU DFS recommendations to address SIM swap fraud and related risks.

This session focused on the guidance and recommendations for regulators and providers to mitigate SIM vulnerabilities like SIM swaps, SIM recycling, and attacks on SIMs like binary over the air attacks. The session also covered how the Central Bank and Telecom regulator could coordinate on addressing security risks to the DFS ecosystem.

Related Reports/Regulatory Guidance
11:00 - 12:00ITU DFS recommendations to address SS7 vulnerabilities

Telecom infrastructure vulnerabilities such as SS7 can be exploited by an intruder to intercept calls and SMSs, bypass billing, steal money from mobile money accounts, or affect mobile network operations.  This session presented the main findings and recommendations of the Security, Infrastructure and Trust Working Group on securing the infrastructure against SS7 vulnerabilities and threats.

Related Report:  
12:00 - 12:30ITU DFS Security collaboration platform:

This session presented the ITU DFS collaboration platform that policy makers can use to share feedback and continuously improve the DFS recommendations.​
12:30 - 13:00This session presented an opportunity for a discussion with the ITU to allow policymakers to discuss in more detail and gain insights on approaches, regulatory implications, policy considerations.​


​​​​.








© ITU All Rights Reserved

Back to top