9 February, 2022
The main objectives of the Security Clinic on DFS security were to share findings and lessons learned from the FIGI Security Infrastructure and Trust working group. The findings assisted the regulators and providers to: i) learn about the different vulnerabilities within the DFS ecosystem, ii) how to mitigate the threats and perform continuous assessments on the security of DFS iii) how to build confidence and trust in the use of digital financial services, provide a framework to manage security risks in the DFS ecosystem.
The sessions addressed the following:
- DFS security vulnerabilities: Insights into the security vulnerabilities of DFS applications and infrastructure:
- USSD, STK and Android platform vulnerabilities and how these can be mitigated.
- SS7 vulnerabilities and their mitigation measures.
- Security tests that can be undertaken at the DFS Security Lab at ITU.
- Implementing the DFS security framework
- DFS security assessment: Performing a DFS security assessment.
Target audience: The DFS security clinic was intended for IT security professionals, IT auditors and policymakers from the telecom/ICT regulator, DFS providers, Mobile Network Operators and Central Bank.
The relevant links to reports containing the security recommendations from FIGI are included. Participants were strongly encouraged to read the reports before the event.