[フレーム] [フレーム]

Connecting the world and beyond

WTDC 2025

Digital Financial Services (DFS) Security Clinic – Zimbabwe

Rollup Image

Page Content 10

16 - 17 February

The main objectives of the Security Clinic on DFS security are to share findings and lessons learned from the FIGI Security Infrastructure and Trust working group. The findings will assist the regulators and providers to: i) learn about the different vulnerabilities within the DFS ecosystem, ii) how to mitigate the threats and perform continuous assessments on the security of DFS iii) how to build confidence and trust in the use of digital financial services, provide a framework to manage security risks in the DFS ecosystem.

The sessions will address the following:

DFS security vulnerabilities: Insights into the security vulnerabilities of DFS applications and infrastructure:

USSD, STK and Android platform vulnerabilities and how these can be mitigated.
SS7 vulnerabilities and their mitigation measures.
Security tests that can be undertaken at the DFS Security Lab at ITU.

Implementing the DFS security framework
Performing a DFS security assessment.

Target audience: The DFS security clinic is intended for IT security professionals, IT auditors and policymakers from the telecom/ICT regulator, DFS providers, Mobile Network Operators and Central Bank.

The relevant links to reports containing the security recommendations from FIGI are included. Participants are strongly encouraged to read the reports before the event.

Note: The time indicated below is in Zimbabwe local time – UTC+2

Watch recordings here:

16 February 2022

17 February 2022

Page Content 2

Programme

Page Content 3

Day 1: 16 February 2022

10:00 - 11:00
UTC+02
DFS security vulnerabilities: Infrastructure vulnerabilities and mitigation measures (Mobile Infrastructure vulnerabilities)

Telecom infrastructure vulnerabilities such as SS7 can be exploited by an intruder to intercept calls and SMSs, bypass billing, steal money from mobile money accounts, or affect mobile network operations. This session will present the main findings of the Security, Infrastructure and Trust Working Group on securing the infrastructure against SS7 vulnerabilities and threats.

Faaez Burney & Karel Van Der Lecq, Adaptive Mobile [Presentation]

Related Report: 

SS7 Vulnerabilities and Mitigation Measures for DFS Transactions

11:00 - 11:15
UTC+02
Break

11:15 - 12:15
UTC+02 DFS Security Assurance Framework

This session will discuss the DFS security assurance framework that can be implemented by DFS providers to better manage the risks and mitigate their impact. This session will also introduce the ITU DFS security lab.

"Introduction to ITU DFS security lab": Arnold Kibuuka, Project Officer, TSB, ITU [Presentation]
"DFS Security Assurance Framework": Arnold Kibuuka, Project Officer, TSB, ITU [Presentation]
"DFS Security audit ": Arnold Kibuuka, Project Officer, TSB, ITU [Presentation]

Related Reports:

12:15 - 12:30
UTC+02
Overview of exercise: Implementing the DFS security assurance framework and security audit for DFS

This session will provide instructions on how to perform the exercise related to identifying security controls from the security assurance framework to mitigate threats and vulnerabilities to the DFS ecosystem. The exercise has been shared before the event.

Day 2: 17 February 2022

10:00 - 11:00
UTC+02
DFS security vulnerabilities: USSD, STK and Android platform vulnerabilities

This session will introduce the ITU DFS security lab and highlight the vulnerabilities to USSD and STK and Android based applications. Threats like Man in the middle attacks that could impact digital financial services and the SIM jacker vulnerability in SIM Cards would be discussed. The session will also provide and an overview of the security tests that can be undertaken in the DFS Security Lab at ITU.

"Android, USSD and STK tests": Arnold Kibuuka, Project Officer, TSB, ITU [Presentation]

Related Reports:

11:00 - 11:10
UTC+02
Break

11:10 - 12:30
UTC+02
Implementing the DFS security assurance framework and security audit for DFS

This will be a hands-on session focusing on initiating the process to implement the DFS security assurance framework in Zimbabwe and identify the DFS Mobile Money applications that could be tested in the ITU DFS security lab. The participants should familiarize themselves with the DFS security assurance framework prior to the session. A follow-up session will be held afterwards to assess the implementation. [Presentation]

Page Content 4

Page Content 5

Page Content 17

Page Content 18

Page Content 19

Page Content 20

Related Information

Page Content 11

Organized by: International Telecommunication Union (ITU) & Postal & Telecommunications Regulatory Authority (POTRAZ) & Reserve Bank of Zimbabwe
Sponsored by: MSIT - Republic of Korea
Digital Financial Services (DFS) Security Clinics
DFS Security Lab
Voluntary Contribution
Contact: tsbevents@itu.int

Page Content 12

Page Content 13

Page Content 15

ORGANIZED JOINTLY

Page Content 6

Page Content 7

Page Content 8

Page Content 14

Page Content 16

Connecting the world and beyond

Digital Financial Services (DFS) Security Clinic – Zimbabwe

​​​​​​​​​​​​16 - 17 February​​

Programme

​Day 1: 16 February 2022

​​Day ​2: 17 February 2022

16 - 17 February

Day 1: 16 February 2022

Day 2: 17 February 2022