12 April, 2022
The main objectives of the DFS Security Clinic are to share the findings and recommendations from the FIGI Security Infrastructure and Trust working group for regulators and DFS providers with regards to addressing security challenges for digital finance. The event provided insights into security best practices for SIM swaps, mobile payment applications operating on USSD, STK and Android, methodology for testing security of mobile payment applications and addressing infrastructure vulnerabilities such as SS7.
Under the Financial Inclusion Global Initiative program (FIGI), the ITU set up a DFS Security Lab in November 2020 to work in collaboration with DFS regulators on adopting a common methodology to manage security risks and conduct security audit for DFS applications. The objectives of the ITU DFS security lab are as follows:
- Support regulators to implement DFS security recommendations from FIGI.
- Conduct security audits on DFS applications (i.e., USSD, STK and Android DFS applications).
- Provide guidance on managing the DFS ecosystem security risks and mitigation measures.
- Organize security clinics targeting DFS regulators and providers to stay up to date with new vulnerabilities and mitigation measures.
- Conduct assessments on cyber preparedness among the DFS ecosystem stakeholders on responding to cybersecurity incidents targeting digital finance.
- Provide a neutral platform to share knowledge on security incidents and vulnerabilities in digital finance.
Target audience: The security clinic is intended for IT security professionals, security auditors and policymakers from the telecom/ICT regulator and Central Bank/Financial Regulator.