22 October, 2021
The International Telecommunication Union in partnership with ISET’Com organized a virtual “Digital Financial Services (DFS) Security Clinic” for Tunisia that took place from 22 to 23 October 2021. The DFS security clinic showcased the ITU DFS security lab and share knowledge with regulators, DFS providers, and Central Banks on mitigating threats and vulnerabilities that can impact on the security of digital financial services.
The main objectives of the DFS Security Clinic wereto share findings and lessons learned from security recommendations from the Financial Inclusion Global Initiative (FIGI) which is a joint collaboration of the ITU, World Bank and Bank for International Settlements and supported by the Gates Foundation. The security recommendations assisted DFS ecosystem stakeholders (regulators, providers & financial service providers) to:
- Identify the different vulnerabilities within the DFS ecosystem,
- Implement countermeasures to mitigate these threats and perform continuous assessments on the security of DFS
- Build confidence and trust in the use of digital financial services by implementing a framework to manage security risks in the DFS ecosystem.
The sessions addressed the following areas of focus:
- DFS security vulnerabilities: Insights into the security vulnerabilities of DFS applications and infrastructure:
- USSD, STK and Android platform vulnerabilities and how these can be mitigated.
- SS7 vulnerabilities and their mitigation measures.
- Security tests that can be undertaken at the ITU DFS Security Lab.
- Implementing the DFS security framework
- Performing a DFS security assessment.
Participants & Target audience: The security clinic was intended for those involved in DFS security and policymakers from the telecom/ICT regulator, DFS providers, Central Bank and Students.