24 May, 2022
The International Telecommunication Union in joint collaboration with the Communications Regulators’ Association of Southern Africa (CRASA) organized a Digital Financial Services Security Clinic from 24-25 May 2022 titled “Addressing security risks to digital finance ecosystem”. The event took place from 10h00 to 13h00 UTC+2.
The main objectives of the DFS Security Clinic are to share the findings and recommendations from the FIGI Security Infrastructure and Trust working group for regulators and DFS providers with regards to addressing security challenges for digital finance. The event provided insights into security best practices for SIM swaps, mobile payment applications operating on USSD, STK and Android, methodology for testing security of mobile payment applications and addressing infrastructure vulnerabilities such as SS7.
- Support regulators to implement DFS security recommendations from FIGI
(https://figi.itu.int/working-group-reports/). - Conduct security audits on DFS applications (i.e., USSD, STK and Android DFS applications).
- Provide guidance on managing the DFS ecosystem security risks and mitigation measures.
- Organize security clinics targeting DFS regulators and providers to stay up to date with new vulnerabilities and mitigation measures.
- Conduct assessments on cyber preparedness among the DFS ecosystem stakeholders on responding to cybersecurity incidents targeting digital finance.
- Provide a neutral platform to share knowledge on security incidents and vulnerabilities in digital finance.
Target audience: The security clinic was intended for IT security professionals and policymakers from the telecom, ICT regulator, DFS providers, Central Banks, Mobile Network Operators.
