Committed to connecting the world

Joint ITU – RURA Digital Financial Services Security Clinic - Rwanda

13 - 14 December 2023

The International Telecommunication Union (ITU) is organizing a Digital Financial Services Security Clinic jointly with RURA on 13 – 14 December 2023.

The main objectives of the DFS Security Clinic are to share the findings and recommendations from the FIGI Security Infrastructure and Trust working group for regulators with regards to addressing security challenges for digital finance.

The event will provide insights into security best practices for SIM swaps, mobile payment applications operating on USSD, STK and Android, methodology for testing security of mobile payment applications and addressing infrastructure vulnerabilities such as SS7.

Target audience: The security clinic is intended for IT security professionals, security auditors from the telecom/ICT regulator, Central Bank/Financial Regulator, and DFS providers.

Note: The time indicated below is in Kigali local time.

Programme

13 December 2023
09:30 - 10:00	Introduction to the ITU DFS security recommendations and activities of the DFS security lab This session will provide a general overview of the ITU DFS security lab resources Vijay Mauree, Programme Coordinator, TSB, ITU (Presentation)
10:00 - 10:45	Managing threats to the DFS ecosystem and securing mobile payment applications This session will focus on the ITU Digital Financial Services (DFS) security recommendations for regulators to adopt as technical regulation to set minimum security baselines for DFS providers and developers and which can also be audited thereafter by the regulator to verify compliance. The session will discuss the digital finance security assurance framework that digital finance regulators and providers can implement for managing the threats and vulnerabilities to the digital finance ecosystem. Vijay Mauree, Programme Coordinator, TSB, ITU (Presentation) Related Reports/Regulatory Guidance: DFS Security Assurance Framework ITU DFS Security Recommendations
10:45 - 11:00	Break
11:00 - 12:00	Mobile Application security best practices A mobile payment app security guideline will be shared which can be adopted as a technical guideline or regulation to establish minimum security baselines for developers and digital finance providers to adopt security best practices and international security standards Arnold Kibuuka, Project Officer, TSB, ITU (Presentation) Related Reports/Regulatory Guidance: Mobile Application Security Best practices
14 December 2023
09:00 - 09:30	ITU DFS recommendations to address SIM swap fraud and related risks This session will focus on the guidance and recommendations for regulators and providers to mitigate SIM vulnerabilities like SIM swaps, SIM recycling, and attacks on SIMs like binary over-the-air attacks. The session will also cover how the Central Bank and Telecom regulator could coordinate on addressing security risks to the DFS ecosystem. Arnold Kibuuka, Project Officer, TSB, ITU (Presentation) Related Reports/Regulatory Guidance: Security recommendations to protect against DFS SIM risks and SIM swap fraud Model MOU between a Telecommunications Regulator and Central Bank on Digital Financial Services Security
09:30 - 10:00	ITU DFS recommendations to address SS7 vulnerabilities Telecom infrastructure vulnerabilities such as SS7 can be exploited by an intruder to intercept calls and SMSs, bypass billing, steal money from mobile money accounts, or affect mobile network operations. This session will present the main findings and recommendations of the Security, Infrastructure and Trust Working Group on securing the infrastructure against SS7 vulnerabilities and threats. Arnold Kibuuka, Project Officer, TSB, ITU (Presentation) Related Report: SS7 Vulnerabilities and Mitigation Measures for DFS Transactions
10:15 - 10:30	ITU Digital Financial Services Consumer Competence Framework This session will introduce the ITU digital financial services consumer competence framework which identifies the knowledge, skills and attitudes consumers need to participate actively, safely and have trust in the digital financial services ecosystem. Arnold Kibuuka, Project Officer, TSB, ITU (Presentation) Related Reports/Regulatory Guidance: DFS Consumer Competency Framework
10:30 - 11:00	DFS Cyber Resilience Framework This session will introduce the ITU DFS cyber resilience toolkit for regulators to safeguard critical digital finance infrastructure. Arnold Kibuuka, Project Officer, TSB (Presentation)
11:00 - 11:30	ITU Knowledge Sharing Platform This session will introduce the ITU knowledge sharing platform and how regulators and providers can use the platform. The ITU DFS Security Knowledge Sharing Platform is designed to foster collaboration among regulators and other stakeholders in the development and implementation of security guidelines and best practices for Digital Financial Services (DFS). Arnold Kibuuka, Project Officer, TSB, ITU (Presentation)
11:30 - 12:00	Exploring strategies for implementing the Recommendations This interactive session will focus on the strategies to adopt the security recommendations. The session will jointly be run by ITU and RURA