DFS Security Clinic – Addressing security risks to digital finance ecosystem

Go back to programme

30 March, 2022

The International Telecommunication Union organized an online Digital Financial Services Security Clinic jointly with the East African Communications Organization (EACO) from 30 – 31 March 2022 titled: “Addressing security risks to digital finance ecosystem”.

The main objectives of the DFS Security Clinic are to share the findings and recommendations from the FIGI Security Infrastructure and Trust working group for regulators and DFS providers with regards to addressing security challenges for digital finance. The event provided insights into security best practices for SIM swaps, mobile payment applications operating on USSD, STK and Android, methodology for testing security of mobile payment applications and addressing infrastructure vulnerabilities such as SS7.

Under the Financial Inclusion Global Initiative program (FIGI), the ITU set up a DFS Security Lab in November 2020 to work in collaboration with DFS regulators on adopting a common methodology to manage security risks and conduct security audit for DFS applications. The objectives of the ITU DFS security lab are as follows:

  • Support regulators to implement DFS security recommendations from FIGI.
  • Conduct security audits on DFS applications (i.e., USSD, STK and Android DFS applications).
  • Provide guidance on managing the DFS ecosystem security risks and mitigation measures.
  • Organize security clinics targeting DFS regulators and providers to stay up to date with new vulnerabilities and mitigation measures.
  • Conduct assessments on cyber preparedness among the DFS ecosystem stakeholders on responding to cybersecurity incidents targeting digital finance.
  • Provide a neutral platform to share knowledge on security incidents and vulnerabilities in digital finance.

Key guidelines and recommendations for regulators on DFS security:

The intended audience for the DFS Security Clinic were IT security professionals and policymakers from the telecom/ICT regulators, DFS providers, Central Banks and Mobile Network Operators.

Note: The time indicated below was in East Africa Time​ – UTC+3​​

Event Details
Scroll Up