11 July, 2022
The International Telecommunication Union organised an online Digital Financial Services Security Clinic jointly with the Tanzania Communications Regulatory Authority (TCRA) from 11 to 12 July 2022 from 10h00 to 13h00 East African Time (EAT).
The main objectives of the DFS Security Clinic are to share the findings and recommendations from the FIGI Security Infrastructure and Trust working group for regulators and DFS providers with regards to addressing security challenges for digital finance.
The event provided insights into security best practices for SIM swaps, mobile payment applications operating on USSD, STK and Android, methodology for testing security of mobile payment applications and addressing infrastructure vulnerabilities such as SS7. The participants of the event:
- Learnt about the different infrastructure and application vulnerabilities within the DFS ecosystem.
- Learnt about the DFS security assurance framework, security governance and how to manage security risks in the DFS ecosystem.
- How to mitigate DFS threats and how to perform continuous assessments on the security of DFS to ensure applicable controls are in place to mitigate threats and vulnerabilities.
- Learnt about the recommendations for regulators on SS7 vulnerabilities, SIM swap fraud and application security best practices.
Target audience: The security clinic is intended for IT security professionals, security auditors and policymakers from the telecom/ICT regulator and Central Bank/Financial Regulator.