Committed to connecting the world

ITU Council 2024 Advanced Search

Regional Digital Financial Services Security Clinic for Asia Pacific Region

​​​​​​​​​​​​

The International Telecommunication Union (ITU) in collaboration with FNSV organized a Regional Digital Financial Services Security Clinic for Asia Pacific Region on the 24-25 April 2024 at the Koreana Hotel in Seoul, Republic of Korea. The event was jointly held with FNSV Korea and the Korean Fintech Centre.

People in Africa, Asia, Latin America, and elsewhere are leapfrogging traditional brick-and-mortar banking in favour of mobile payments and other digital financial services. In recent years, regulators and financial sector supervisors have become increasingly aware that financial services aimed to address financial inclusion (FI) challenges around the world are becoming vulnerable to cyber threats, primarily due to the increasing role of digital services (including mobile and other technologies) in the delivery of financial services. As financial services become increasingly digitized, the volume of sensitive digital data grows exponentially and with it, the potential for personal and system impacts of data breaches. As such, the need for safeguards from cybersecurity threats to this data becomes increasingly important.

The event was in line with the ITU Plenipotentiary Resolution 204 and WTSA Resolution 89​ which proposed the use of ICTs to bridge the gap in financial inclusion. 

The objectives of the workshop included: 
  • Providing a comprehensive overview of the security threats to fintech and digital financial inclusion;
  • Identifying technical and organizational security and risk management best practices to mitigate the identified threats which are in the ITU DFS Security Recommendations; 
  • Showcasing the ITU digital financial services (DFS) security lab​ and the practical guidance provided to developing countries for digital financial services security;
  • Exploring the ITU Cyber resilience assessment toolkit so regulators can self-assess the cyber resilience of critical infrastructure for digital financial services; and
  • Providing a platform for cybersecurity experts from the region to share lessons learned in fintech security, cyber resilience and coordination in response to safeguard critical infrastructure and respond to emerging threats in the fintech landscape.

​The DFS Security Clinic was targeted at representatives from telecommunications regulators, national cybersecurity agencies, Central Banks, Financial Service Providers, Banks, ministries, service and IT security solution providers, Strong Authentication vendors, academia, R&D institutions and other organizations working on matters related to fintech security and digital financial inclusion.

Target Audience:
Participation was free of charge and was open to all stakeholders from ITU Member States, Sector Members, Associates and Academic Institutions and to any individual from a country that was a member of ITU who wished to contribute to the work. Participation was free of charge and open to all. No fellowships were granted for the workshop.
​​

Programme

​DAY 1: 24 April 2024​

09:00 - 09:30
Welcome and opening remarks
09:30 - 10:00​Keynote: Fintech Security
10:00 10:30
Group Photo & Coffee Break
10:30 - 11:30
Session 1: Introduction to ITU DFS Security Lab and ITU activities in the region on Digital Finance

This session provided a general overview of the ITU DFS Lab and the assistance that it provides to developing countries to adopt the DFS Security recommendations. The ITU DFS Security Knowledge Sharing Platform was designed to foster collaboration among regulators and other stakeholders in the development and implementation of security guidelines and best practices for Digital Financial Services (DFS). The session also provided an overview of the activities of the ITU on Digital Finance and highlight how the State Bank of Pakistan implemented the ITU DFS security recommendations.

Moderator: Ariff Olan Kholid, Project Manager, FNSValue Malaysia​​​
11:30 - 12:30
Session 2: ​Blockchain Secure Authentication (BSA) and deployment for passwordless authentication for DFS

The objective of this session was to provide an overview of Blockchain Secure Authentication technology and how it could be used for passwordless authentication in mobile payments.
The session also introduced the ITU developer resources for BSA.

Moderator:  Akanksha Sharma, Programme Officer, ITU Area Office for South Asia and Innovation Centre, New Delhi
12:30 13:00

Session 3: ​Introduction to the ITU BSA Application Challenge
13:00 14:00
Lunch 
​14:00 - 15:30
​Session 4: Fintech Security and Digital Financial Inclusion in Asia Pacific Region

This session provided an overview of the Fintech security measures implemented in different countries in the Asia Pacific region.

Moderator: Akanksha Sharma, Programme Officer, ITU Area Office for South Asia and Innovation Centre, New Delhi
  • Rehan Masood, Joint Director Digital Financial Services, State Bank of Pakistan [Presentation​]
  • Heung Youl Youm, Chair of ITU-T SG17/Professor of Soonchunhyang University, Korea (Republic of): Security assurance framework for digital financial services (X.1150) [Presentation]​
  • Sung Kyun Son​, General Manager, Fintech Center Korea: Korea Fintech Industry Trend and major policies ​[Presentation]
  • Ng Lee See​, Risk Specialist, Risk Specialist and Technology Supervision Department, Bank Negara Malaysia: Overview of the digital security measures in Malaysian financial sector [Presentation​]
  • Sonam Tobgay​, Deputy Executive Engineer, InfoComm and Infrastructure Division, Bhutan InfoComm and Media Authority (BICMA​) [Presentation]
15:30 - 15:45
Coffee Break
​15:45 - 17:30
​Session 5: DFS security recommendations

This session highlighted the security best practices and standards to be implemented by DFS regulators and providers as mentioned in the ITU DFS security recommendations​ to secure the applications layer, telecom infrastructure and payment system infrastructure. In particular, the following measures were presented:
The session also delved into mobile device security best practices.

Moderator: Vijay Mauree​, Programme Coordinator, TSB, ITU

​ ​Day 2: 25 April 2024

09:00 - 10:00
Session 1: Managing risk in digital financial services 

DFS providers put in place adequate measures to address the security threats and vulnerabilities and demonstrate compliance against regulatory measures. This session considered the various threats and vulnerabilities that can impact the confidentiality, integrity, and availability of digital financial services from a value chain perspective. The session also highlighted mitigation measures that DFS providers can implement to reduce the impact of these risks and discussed a framework that can be implemented by DFS providers to better manage the risks and show compliance.

Moderator: Radhilufti MadehiChief Operating Officer, FNSValue Malaysia
10:00 - 10:45
Session 2: DFS cyber resilience toolkit tabletop exercice (Part 1)

This session introduced the ITU DFS cyber resilience toolkit for regulators to safeguard critical digital finance infrastructure. This session also included an exercise designed as an interactive tabletop session, where participants were organized into groups, each focusing on a distinct aspect of cyber security: Risk management, governance, testing, training & awareness, protection and incident response.
10:45 - 11:00Coffee Break
​11:00 13:00
Session 3: ​DFS cyber resilience toolkit tabletop exercise (Part 2)

This exercise was designed as an interactive tabletop session, where participants were organized into groups, each focusing on a distinct aspect of cyber security: Risk management, governance, testing, training & awareness, protection and incident response. (Prerequisites for participants and details – see below).

Facilitators: 
13:00 - 14:00
Lunch 
14:00 - 15:00
Session 4: ​DFS cyber resilience toolkit tabletop exercise (Part 3)

Facilitators: 
15:00 - 15:15
Coffee Break
​15:15 - 17:00
​BSA sandbox bootcamp

Moderator: Ariff Olan Kholid​, Project Manager, FNSValue Malaysia​​
​17:00 - 17:15 
Closing of the Security Clinic​

.​​









© ITU All Rights Reserved

Back to top