DFS Security Lab

The Digital Financial Services Security Lab hosted at the International Telecommunication Union was established by the Security, Infrastructure and Trust working group. The Lab provides resources for conducting security tests for Mobile payment applications as well as developer resources for Fast Identity Online (FIDO) implementation of strong consumer authentication.

DFS Security Lab provides resources and tools for security testing and audits.  

The DFS Security Lab will enable DFS regulators to build confidence and trust in the use of digital financial services, assess digital financial service provider security compliance, address digital fraud and enhance adoption of interoperable authentication technologies.

Collaboration with DFS regulators

Provide guidance to DFS regulators in assessing the cybersecurity risk to digital finance infrastructure

DFS security audits

Develop tools for security threat intelligence sharing and audits of DFS applications

Adopting international standards for security

Adopt  international standards for securing digital financial services

Organise security clinics

Organize security clinics targeting DFS regulators and providers for staying up to date on new vulnerabilities and mitigation measures.

Cyber preparedness for DFS ecosystem

Conduct assessments on cyber preparedness among the DFS ecosystem stakeholders in responding to cybersecurity incidents targeting digital finance.

Knowledge sharing on security 

Knowledge sharing on security incidents and vulnerabilities in digital finance

DFS Security Lab Components

Developer resources for secure authentication using FIDO
Security testing for USSD and STK based Digital Financial Services
  • Simulate man-in-the-middle attacks on STK based DFS applications
  • Testing susceptibility to binary OTA attacks (SIM jacker, WIB attacks)
  • Testing remote USSD execution attacks
  • SIM clone testing
Security testing of Android DFS apps using OWASP Mobile Top 10 Risks
  • Improper Platform Usage
  • Insecure Data Storage
  • Insecure Communication
  • Insecure Authentication
  • Insufficient Cryptography
  • Code Tampering
  • Reverse engineering

Contact us

If you are interested to learn more about the DFS security and how to use the resources contact us:


    Scroll Up