Page 14 - ITU-T Focus Group Digital Financial Services – Technology, innovation and competition
P. 14
R16 – The development of security benchmark assessments and regular testing of defences to protect against
new attacks is vital to assuring the continued confidentiality and integrity of stored data in these environments.
R17 – MNOs should ensure that when DFS agents are involved in SIM swap operations, mechanisms are in
place to ensure that the verified, legal owner is being provided with a new customer SIM.
R18 – PSPs should ensure that companion general purpose reloadable cards linked to DFS accounts require
the use of EMV chips with cardholder verification methods, such as PINs or biometrics (where practical), and
that all card transactions result in an alert to customers.
R19 – Employ strong cryptography practices to assure confidentiality and integrity of data as it enters the
provider network and as it is processed and stored within this environment.
R20 – Keep systems up to date and monitored against malicious threats from outside code and employ robust
input validation routines on external-facing services.
R21 – Maintain a trustworthy supply chain to assure the integrity of systems supporting DFS used within these
networks.
More information about the recommendations is given within the report. Additionally, a larger set of
recommendations based on securing the information technology systems used within and across stakeholders,
such as DFS providers and external entities, is also provided. The conclusions summarize and encapsulate the
most important of our findings, particularly the need for the safe and secure transmission of data between
users and data providers, the use of hardware-enabled security on mobile devices to assure the security of
information on those platforms, and best practices for handling data within DFS provider systems and networks,
as well as the development of security benchmark assessments and regular testing of defences.
xii