Committed to connecting the world

Search for:

Joint ITU/POTRAZ Digital Financial Services Security Clinic

The International Telecommunication Union (ITU) organized a Digital Financial Services Security Clinic jointly with Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) on 30-31 October 2023.

The main objectives of the DFS Security Clinic were to share the findings and recommendations from the FIGI Security Infrastructure and Trust working group for regulators with regards to addressing security challenges for digital finance. 

The event provided insights into security best practices for SIM swaps, mobile payment applications operating on USSD, STK and Android, methodology for testing security of mobile payment applications and addressing infrastructure vulnerabilities such as SS7.

Target audience: The security clinic was intended for IT security professionals, security auditors from the telecom/ICT regulator, Central Bank/Financial Regulator, and DFS providers.

Programme

30 October 2023 (CET)
09:00 - 09:45	Introduction to the ITU DFS security recommendations and activities of the DFS security lab This session will provide a general overview of the ITU DFS security lab resources. Speaker: Vijay Mauree, Programme Coordinator, TSB, ITU
09:45 - 10:45	Managing threats to the DFS ecosystem and securing mobile payment applications This session will focus on the ITU Digital Financial Services (DFS) security recommendations for regulators to adopt as technical regulation to set minimum security baselines for DFS providers and developers and which can also be audited thereafter by the regulator to verify compliance. The session will also discuss the digital finance security assurance framework that digital finance regulators and providers can implement for managing the threats and vulnerabilities to the digital finance ecosystem. Speaker: Vijay Mauree, Programme Coordinator, TSB, ITU Related Reports/Regulatory Guidance: DFS Security Assurance Framework ITU DFS Security Recommendations
10:45 - 11:00	Coffee Break
11:00 - 12:00	Mobile Application security best practices A mobile payment app security guideline will be shared which can be adopted as a technical guideline or regulation to establish minimum security baselines for developers and digital finance providers to adopt security best practices and international security standards. Speaker: Arnold Kibuuka, Project Officer, TSB, ITU Related Reports/Regulatory Guidance: Mobile Application Security Best practices
31 October 2023
09:00 - 09:40	ITU DFS recommendations to address SIM swap fraud and related risks. This session will focus on the guidance and recommendations for regulators and providers to mitigate SIM vulnerabilities like SIM swaps, SIM recycling, and attacks on SIMs like binary over-the-air attacks. The session will also cover how the Central Bank and Telecom regulator could coordinate on addressing security risks to the DFS ecosystem. Speaker: Arnold Kibuuka, Project Officer, TSB, ITU Related Reports/Regulatory Guidance: Security recommendations to protect against DFS SIM risks and SIM swap fraud Model MOU between a Telecommunications Regulator and Central Bank on Digital Financial Services Security
09:40 - 10:10	ITU DFS recommendations to address SS7 vulnerabilities Telecom infrastructure vulnerabilities such as SS7 can be exploited by an intruder to intercept calls and SMSs, bypass billing, steal money from mobile money accounts, or affect mobile network operations.  This session will present the main findings and recommendations of the Security, Infrastructure and Trust Working Group on securing the infrastructure against SS7 vulnerabilities and threats. Speaker: Arnold Kibuuka, Project Officer, TSB, ITU Related Report:   SS7 Vulnerabilities and Mitigation Measures for DFS Transactions
10:15 - 10:45	ITU Digital Financial Services Consumer Competence Framework This session will introduce the ITU digital financial services consumer competence framework which identifies the knowledge, skills and attitudes consumers need to participate actively, safely and have trust in the digital financial services ecosystem. Speaker: Arnold Kibuuka, Project Officer, TSB, ITU Related Reports/Regulatory Guidance: DFS Consumer Competency Framework
10:45 - 11:30	Exploring strategies for implementing the Recommendations This interactive session will focus on the strategies to adopt the security recommendations. The session wlll jointly be run by ITU, POTRAZ and RBZ.