12 October, 2021
The main objectives of the Security Clinic on DFS security were to share findings and lessons learned from the FIGI Security Infrastructure and Trust working group. The findings will assist the regulators and providers to: i) learn about the different vulnerabilities within the DFS ecosystem, ii) how to mitigate these threats and perform continuous assessments on the security of DFS iii) how to build confidence and trust in the use of digital financial services, provide a framework to manage security risks in the DFS ecosystem. The security clinics were intended for IT security professionals and policymakers from the telecom/ICT regulator, DFS provider and Central Bank.
The sessions focused on the following areas:
- DFS security vulnerabilities: Insights into the security vulnerabilities of DFS applications and infrastructure:
- USSD, STK and Android platform vulnerabilities and how these can be mitigated
- SS7 vulnerabilities and their mitigation measures
- Security tests that can be undertaken at the DFS Security Lab at ITU.
- Implementing the DFS security framework
- Performing a DFS security assessment.
Target audience: This event was for DFS and Telco regulators in Malawi