17 November, 2021
The main objectives of the Security Clinic on DFS security was to share findings and lessons learned from the FIGI Security Infrastructure and Trust working group. The findings assisted the regulators and providers to:
- learn about the different vulnerabilities within the DFS ecosystem
- how to mitigate these threats and perform continuous assessments on the security of DFS
- how to build confidence and trust in the use of digital financial services, provide a framework to manage security risks in the DFS ecosystem.
The security clinics were intended for IT security professionals and policymakers from the telecom/ICT regulator, DFS provider and Central Bank.
The sessions addressed the following areas of focus:
- DFS security vulnerabilities: Insights into the security vulnerabilities of DFS applications and infrastructure:
- USSD, STK and Android platform vulnerabilities and how these can be mitigated.
- SS7 vulnerabilities and their mitigation measures.
- Security tests that can be undertaken at the DFS Security Lab at ITU.
- Implementing the DFS security framework
- Performing a DFS security assessment.
Target audience: The security clinics were intended for IT security professionals and policymakers from the telecom/ICT regulator, DFS provider and Central Bank.
The relevant links to reports containing the security recommendations from FIGI were included. Participants were encouraged to read the reports ahead of the security clinic.