[フレーム] [フレーム]

Connecting the world and beyond

Digital Financial Services Security Lab

Rollup Image
Page Content 20

​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​SecurityLab.jpg

The Digital Financial Services (DFS) Security Lab hosted at the International Telecommunication Union was established in 2020 as  part of the activities of the Financial Inclusion Global Initiative (FIGI).

The DFS Security Lab supports regulators in emerging economies to build confidence and trust in the use of digital financial services by providing the following services:
  • Collaborate with regulators to adopt the DFS Security recommendations based on international standards and best practices.
  • Conduct security tests on mobile payment applications (iOS, Android, USSD and STK platforms), based on the OWASP Mobile Top 10 Security Risks.
  • Provide techni​cal guidance on managing the DFS ecosystem security risks and mitigation measures.
  • Conduct assessments on cyber resilience among the DFS ecosystem stakeholders on responding to cybersecurity incidents targeting digital finance.
  • Provide a neutral platform to share knowledge on security incidents and vulnerabilities in digital finance.
  • Organize security clinics targeting DFS regulators and providers to stay up to date with new vulnerabilities and mitigation measures.




Knowledge Transfer Programme for Developing Countries

Page Content 3
The Lab has a knowledge transfer programme for regulators to verify the security assurance of mobile payment applications based on Android, iOS, and USSD.​​ Its scope of activities includes:
  • Organize security clinics on the DFS security recommendations
  • Technical guidance on setting up a DFS Security Lab. 
  • Conduct training on the security tests for mobile payment applications based on OWASP Mobile Top 10 Security risks 
  • Deep dives on DFS assurance and security framework

DFS App Security Test

Page Content 4
​The DFS Security Lab provides security testing services specifically for regulators overseeing Digital Financial Services (DFS) applications. The lab tests that DFS apps operating on iOS, Android, STK (SIM Toolkit), or USSD (Unstructured Supplementary Service Data) platforms, comply with the minimum app security best practices.

The DFS Security Lab's objective is to assist regulators in fostering a secure and reliable digital financial services environment. By testing and identifying vulnerabilities and proposing improvements.

Cyberresilience Assesment Toolkit

Page Content 5
​The Cyber Resilience Toolkit aids DFS regulators and stakeholders, especially in emerging economies, to evaluate and enhance the cyber resilience of critical infrastructure in the DFS sector. It supports preparedness against cyber threats, encourages best practices for defense, and helps improve overall cybersecurity posture​

Strong Authentication resources

Page Content 17
​The lab provides resources for developers to test stronger passwor​dless authentication. The lab provides resources for the following strong authentication protocols:

Knowledge Sharing Platform

Page Content 16
The ITU Knowledge Sharing Platform for Digital Finance Security aims to enhance collaboration in developing and implementing security guidelines for Digital Financial Services (DFS). Its objectives include updating the DFS security assurance framework, sharing implementation experiences and challenges across jurisdictions, and facilitating direct peer-to-peer communication on DFS security issues.

Page Content 9
Page Content 10
Page Content 18
Page Content 19
Page Content 11


Page Content 12
Published Recommendation​s and Technical Reports

  • ITU-T Rec ​​​​​X.1150 : Security assurance framework for digital financial services​
  • ITU-T QSTR-SS7-DFS (2019) : SS7 vulnerabilities and mitigation measures for digital financial services transactions
  • ITU-T QSTR-USSD (2021)  : Low resource requirement, quantum resistant, encryption of USSD messages for use in financial services
  • ITU-T Q.3062 (2022) : Signalling procedures and protocols for enabling interconnection between trustable network entities in support of existing and emerging networks
  • ITU-T Q.3063 (2022)  : Signalling procedures of calling line identification authentication​
​​​

Page Content 13

Page Content 6
Page Content 7
Page Content 8

TESTIMONIALS

Page Content 14

[フレーム]
Victor Mziray, Tanzania Communications Regulatory Authority.

[フレーム]
​Magno Condori, Deputy Assistant Superintendent, Information System and Technology Supervision, SBS Peru.

AltStyle によって変換されたページ (->オリジナル) /