Committed to connecting the world

Search for:

Digital Financial Services Security Clinic - Democratic Republic of Congo

The International Telecommunication Union (ITU) in collaboration with the Democratic Republic of Congo (ARPTC) organized an online Digital Financial Services Security Clinic from 21-22 September 2023.

The main objectives of the DFS Security Clinic was to share the findings and recommendations from the FIGI Security Infrastructure and Trust working group for regulators and DFS providers with regards to addressing security challenges for digital finance.

Target audience: The security clinic was intended for IT security professionals, security auditors and policymakers from the telecom/ICT regulator and Central Bank/Financial Regulator.

Click here for the French version of the programme.

Programme

21 September 2023
09:00 - 09:20	Welcome of Participants
09:20 - 09:25	Arrival of Members of the ARPTC College
09:25 - 09:30	Arrival of the President of the ARPTC
09:30 - 09:35	Word from the ITU
09:35 - 09:40	Welcome and Opening of proceedings (by the President of the ARPTC)
09:40 - 09:45	Group Photo
09:30 - 09:45	Welcome
09:45 - 10:15	Introduction to ITU DFS security Recommendations and Lab: This session will provide a general overview of the ITU DFS security recommendations and how they fit in the lab activities. Vijay Mauree, Programme Coordinator, TSB, ITU [Presentation]
10:15 - 11:15	Application Security best practices As DFS cyber threats continue to evolve, protecting applications from vulnerabilities becomes paramount. This session will explore continuous security testing, and integrating security within the development lifecycle. Regulators, developers, security analysts, or IT manager, will leave with a comprehensive understanding of how to implement robust security measures that align with industry standards, ensuring the safety and integrity of DFS applications. Arnold Kibuuka, Project Officer, TSB, ITU [Presentation]
11:15 - 11:30	Coffee Break
11:30 - 13:00	DFS security vulnerabilities: USSD, STK and Android platform vulnerabilities This session will introduce the ITU DFS security lab and highlight the vulnerabilities to USSD and STK and Android based applications. Threats like Man in the middle attacks that could impact digital financial services and the SIM jacker vulnerability in SIM Cards would be discussed. The session will also provide and an overview of the security tests that can be undertaken in the DFS Security Lab at ITU. Speaker: "Android, USSD and STK tests" : Arnold Kibuuka, Project Officer, TSB, ITU [Presentation] Related Reports: Security testing for USSD and STK based DFS applications EN \| FR Security audit of various DFS applications EN \| FR
13:00 - 14:00	Lunch Break
14:00 - 15:00	DFS security vulnerabilities: Infrastructure vulnerabilities and mitigation measures (Mobile Infrastructure vulnerabilities) Telecom infrastructure vulnerabilities such as SS7 can be exploited by an intruder to intercept calls and SMSs, bypass billing, steal money from mobile money accounts, or affect mobile network operations. This session will present the main findings of the Security, Infrastructure and Trust Working Group on securing the infrastructure against SS7 vulnerabilities and threats. Assaf Klinger, Klinger Consulting [Presentation]
15:00 - 15:30	Exploring strategies for implementing the Recommendations in the DRC Part 1: Summary of ITU DFS security recommendations: Arnold Kibuuka, Project Officer, TSB, ITU [Presentation] This session focused on the summary of the key ITU DFS recommendations. Recommendations for regulators to mitigate SS7 vulnerabilities Security recommendations to protect against DFS SIM risks and SIM swap fraud Mobile application security best practices Template for a Model MOU between a Telecommunications Regulator and Central Bank on Digital Financial Services Security DFS consumer competency framework
15:30 - 16:30	Part 2 : Open discussion: Adopting the ITU DFS security recommendations. This session will open the discussion on securing DFS especially on next steps on adopting the ITU DFS security recommendations. Imaja Itulelo, ARPTC [Presentation]
22 September 2023
09:30 – 10:45	DFS Security Assurance Framework This session will discuss the DFS security assurance framework that can be implemented by DFS providers to better manage the risks and mitigate their impact. Speaker: Vijay Mauree, Programme Coordinator, TSB, ITU [Presentation] Related Report: DFS Security Assurance Framework EN \| FR
10:45– 11:00	Coffee Break
11:00– 12:00	Strong authentication technologies for DFS This session will focus on the multifaceted challenges in developing and implementing strong authentication mechanisms in DFS, including regulatory compliance, user experience, and technology limitations. A deep dive into new and emerging strong password less authentication technologies such as biometrics to explore how these technologies can be leveraged in various DFS scenarios. Nurzulaikha Zulkifli, Snior Systems Engineer, FNS (M) Sdn Bhd [Presentation]
12:00 – 13:00	Lunch Break
13:00 – 14:00	DFS Cyber Resilience Framework This session will introduce the ITU DFS cyber resilience toolkit for regulators to safeguard critical digital finance infrastructure. Arnold Kibuuka, Project Officer, TSB, ITU [Presentation]
14:00 – 15:00	ITU Knowledge Sharing Platform This session will introduce the ITU knowledge sharing platform and how regulators and providers can use the platform. The ITU DFS Security Knowledge Sharing Platform is designed to foster collaboration among regulators and other stakeholders in the development and implementation of security guidelines and best practices for Digital Financial Services (DFS). Arnold Kibuuka, Project Officer, TSB, ITU [Presentation]