Committed to connecting the world

WTSA

Joint ITU-WATRA DFS Security Clinic

​​​​​

The International Telecommunication Union in joint collaboartion with West African Telecommunication  Regulators Assembly (WATRA) is organising an online Digital Financial Services Security Clinic  from 13 to 14 October 2022 from 10h00 to 13h00 GMT.

|The main objectives of the DFS Security Clinic are to share the findings and recommendations from the FIGI Security Infrastructure and Trust working group for regulators and DFS providers with regards to addressing security challenges for digital finance.

The event provided insights into security best practices for SIM swaps, mobile payment applications operating on USSD, STK and Android, methodology for testing security of mobile payment applications and addressing infrastructure vulnerabilities such as SS7.

Target audience: The security clinic is intended for IT security professionals, security auditors and policymakers from the telecom/ICT regulator and Central Bank/Financial Regulator. ​​

Programme

​​


​10:00 - 10:20​Opening and Welcome Remarks
  • WATRA
1​0:20 - 11:50​DFS security vulnerabilities: Infrastructure vulnerabilities and mitigation measures (Mobile Infrastructure vulnerabilities)

Telecom infrastructure vulnerabilities such as SS7 can be exploited by an intruder to intercept calls and SMSs, bypass billing, steal money from mobile money accounts, or affect mobile network operations.  This session will present the main findings of the Security, Infrastructure and Trust Working Group on securing the infrastructure against SS7 vulnerabilities and threats.

Related Report:  
​11:50 - 12:00
​Coffee Break
​12:00 - 13:00
DFS security vulnerabilities: USSD, STK and Android platform vulnerabilities

This session will introduce the ITU DFS security lab and highlight the vulnerabilities to USSD and STK and Android based applications. Threats like Man in the middle attacks that could impact digital financial services and the SIM jacker vulnerability in SIM Cards would be discussed. The session will also provide and an overview of the security tests that can be undertaken in the DFS Security Lab at ITU. 

Speakers​
  • "Introduction to ITU DFS security lab" : Vijay Mauree, Programme Coordinator, TSB, ITU
  • "Android, USSD and STK tests": Arnold Kibuuka, Project Officer, TSB, ITU
Related Reports: 

​ ​Day 2: 14 October 2022 (10:00 – 13:00)​ 

​1​0:00 - 11:15
​DFS Security Assurance Framework 

This session will discuss the DFS security assurance framework that can be implemented by DFS providers to better manage the risks and mitigate their impact.
  • Vijay Mauree, Programme Coordinator, TSB, ITU
Related Report:
11:15 - 11:25Coffee break
​11:25 - 12:00DFS Security Audit Guideline

The session also covered how a Regulator or DFS provider can assess compliance with the minimum-security controls using the DFS audit guideline. 
  • Arnold Kibuuka, Project Officer, TSB, ITU
Related Report:
​12:00 - 13​:00​Implementing the DFS security recommendations and security audits for DFS.

An interactive session focused at initiating the process to implement the DFS security recommendations and identify the DFS Mobile Money applications that could be tested at the ITU DFS security lab.



​​​​.
    ​

​​





© ITU All Rights Reserved

Back to top