DFS Security Lab

The Digital Financial Services Security Lab hosted at the International Telecommunication Union was established by the Security, Infrastructure and Trust working group. The Lab provides resources for conducting security tests for Mobile payment applications as well as developer resources for Fast Identity Online (FIDO) implementation of strong consumer authentication.

Download reports

DFS Security Clinics

DFS Security Lab provides resources and tools for security testing and audits.

The DFS Security Lab will enable DFS regulators to build confidence and trust in the use of digital financial services, assess digital financial service provider security compliance, address digital fraud and enhance adoption of interoperable authentication technologies.

Collaboration with DFS regulators

Provide guidance to DFS regulators in assessing the cybersecurity risk to digital finance infrastructure

DFS security audits

Develop tools for security threat intelligence sharing and audits of DFS applications

Adopting international standards for security

Adopt international standards for securing digital financial services

Organise security clinics

Organize security clinics targeting DFS regulators and providers for staying up to date on new vulnerabilities and mitigation measures.

Cyber preparedness for DFS ecosystem

Conduct assessments on cyber preparedness among the DFS ecosystem stakeholders in responding to cybersecurity incidents targeting digital finance.

Knowledge sharing on security

Knowledge sharing on security incidents and vulnerabilities in digital finance

DFS Security Lab Components

Developer resources for secure authentication using FIDO

Step-by-step guide for deploying FIDO UAF on a DFS application.
FIDO UAF compliant server for testing.
Sample app to show user registration, deregistration, and transaction authentication.

Download Demo App

Security testing for USSD and STK based Digital Financial Services

Simulate man-in-the-middle attacks on STK based DFS applications
Testing susceptibility to binary OTA attacks (SIM jacker, WIB attacks)
Testing remote USSD execution attacks
SIM clone testing

Security testing of Android DFS apps using OWASP Mobile Top 10 Risks

Improper Platform Usage
Insecure Data Storage
Insecure Communication
Insecure Authentication
Insufficient Cryptography
Code Tampering
Reverse engineering

Contact us

If you are interested to learn more about the DFS security and how to use the resources contact us:

First Name*

Last Name*

Email Address*

Confirm Email Address*

Country*

Company / Organization*

Job Title*

Title* MrMsOtherRather not say

Your message*