Committed to connecting the world

Search
AI for Good Global Summit

DFS Security Clinic - CRASA

​​​​​​​​​​​​The International Telecommunication Union (ITU) in joint collaboration with the Communications Regulators' Association of Southern Africa (CRASA) ​is organized a Digital Financial Services Security Clinic from 15 - 16 June 2023

The main objectives of the DFS Security Clinic were to provide insights into the recommendations on digital financial services security​ that can be adopted by regulators and DFS providers. ​

The event provided insights into:
  • Security best practices for SIM swaps and addressing fraud in digital financial services
  • Addressing the threats and vulnerabilities of mobile payment applications operating on USSD, STK and Android
  • Methodology for testing security of mobile payment applications
  • Security controls to be implemented to address infrastructure vulnerabilities such as SS7​
  • Exploring strategies for implementing the Recommendations
  • Provide Techinical assistance in addressing challenges in the implementation the DFS security recommendations.

​Target audience: ​ ​The security clinic was intended for ICT regulators, DFS Providers and Central Banks.

Draft Programme


​​​15 June 2023 SAST/UTC+2

​10:00 - 11:30 

​Managing threats to the DFS ecosystem and securing mobile payment applications 

This session focused on the ITU Digital Financial Services (DFS) security recommendations for regulators to adopt as technical regulation to set minimum security baselines for DFS providers and developers and which can also be audited thereafter by the regulator to verify compliance.  

The session discussed the digital finance security assurance framework that digital finance regulators and providers can implement for managing the threats and vulnerabilities to the digital finance ecosystem.  

Related Reports/Regulatory Guidance: 
​​11:30-11:45
​   Break
​11:45-12:00
​DFS Audit guidelines

This session focused on the security audit guidelines that regulators can use to assess whether the security controls implemented are providing adequate protection to digital financial services systems. 

Related Reports/Regulatory Guidance: ​
12:00 - 12:30



Mobile Application security best practices
A mobile payment app security guideline will be shared which can be adopted as a technical guideline or regulation to establish minimum security baselines for developers and digital finance providers to adopt security best practices and international security standards 

Related Reports/Regulatory Guidance: ​

​​​16 June 2023  SAST/UTC+2

​10:00 - 10:40

​ITU DFS recommendations to address SIM swap fraud and related risks 

This session focused on the guidance and recommendations for regulators and providers to mitigate SIM vulnerabilities like SIM swaps, SIM recycling, and attacks on SIMs like binary over-the-air​​ attacks. The session also covered how the Central Bank and Telecom regulator could coordinate on addressing security risks to the DFS ecosystem. ​

Related Reports/Regulatory Guidance:
10:40- 11:10

​ITU DFS recommendations to address SS7 vulnerabilities

Telecom infrastructure vulnerabilities such as SS7 can be exploited by an intruder to intercept calls and SMSs, bypass billing, steal money from mobile money accounts, or affect mobile network operations.  This session presented the main findings and recommendations of the Security, Infrastructure and Trust Working Group on securing the infrastructure against SS7 vulnerabilities and threats. 

Related Report:   
11:1511:45
​​
ITU Digital Financial Services Consumer Competence Framework

This session introduced the ITU digital financial services consumer competence framework which identifies the knowledge, skills and attitudes consumers need to participate actively, safely and have trust in the digital financial services ecosystem 

Related Reports/Regulatory Guidance: 
11:45-12:30​
Exploring strategies for implementing the Recommendations

This interactive session focused on the strategies CRASA members will take to adopt the security recommendations.​


​​​




© ITU All Rights Reserved

Back to top