Page 33 - ITU-T Focus Group Digital Financial Services – Technology, innovation and competition
P. 33
ITU-T Focus Group Digital Financial Services
Technology, Innovation and Competition
3.7 DFS operator services
Role within the ecosystem
The DFS operator is in charge of interfacing the application contents originating in provider networks with the
back-end financial providers and for administering the customer’s information in a secure fashion, and also
allowing for services, such as audits. In order for these operations to be secure, the DFS operator must be
confident that the person accessing the data is who they claim to be. Audit logs must also be enabled to allow
assessment of the contents of data within the network and of commands issued through the DFS application.
Determining customer identity and credentialing is also a role performed by the DFS operator.
Security threats and vulnerabilities
Non-repudiation
There is no notion of non-repudiation in operator networks where information is not transmitted with digital
signatures.
Data confidentiality
There is often little in the way of data protection, particularly data encryption, once information is transmitted
into the provider network. There are many reasons for this, including, primarily, the computational cost and
overhead required to maintain encrypted high-bandwidth connections within the network. There is also often
the assumption that threats to the network primarily arise from outside rather than within.
Data integrity
Data within the operator network is at risk due to the lack of integrity protections employed within these
networks. Such information can be arbitrarily modified by an adversary capable of gaining access to the
network (e.g., through compromise of perimeter defences) or by a malicious insider. Additionally, so-called
“SIM swap” frauds are possible when customers fall prey to attacks which obtain their financial information
through attacks such as phishing emails, and then call the mobile provider posing as a customer needing a
new SIM on account of their phone being lost or damaged.
When PSPs are issuing companion general purpose reloadable cards that are linked to DFS accounts, these
cards become vectors for attack if they possess insufficient authentication mechanisms. Customers can also
lose money if these cards are used without their authorization.
Recommendations for mitigation
R16 – The development of security benchmark assessments and regular testing of defences to protect
against new attacks is vital to assuring the continued confidentiality and integrity of stored data in these
environments: Best practices for data handling within DFS provider systems and networks, such as the
maintenance of audit logs, the use of least privilege, and assuring data confidentiality, are essential to ensuring
the security of data and increasing its resistance to data breach attacks.
R17 – MNOs should ensure that when DFS agents are involved in SIM swap operations, mechanisms are
in place to ensure that the verified, legal owner is being provided with a new customer SIM. Additionally,
systems should be made available by MNOs to ensure that PSPs can determine in real time whether a SIM
has recently been swapped before high value transaction and payments to new beneficiaries are allowed.
R18 – PSPs should ensure that companion general purpose reloadable cards linked to DFS accounts require
the use of EMV chips with cardholder verification methods, such as PINs or biometrics (where practical),
and that all card transactions result in an alert to customers.
19