Committed to connecting the world


ITU-T work programme

[2017-2020] : [SG11] : [Q2/11]

[Declared patent(s)]  - [Associated work]

Work item: TR-SS7-DFS
Status: Under study 
Approval process: Agreement
Type of work item: Technical papers and tutorials
Version: New
Provisional name: -
Equivalent number: -
Timing: 2019-10 (No priority specified)
Liaison: 3GPP
Subject/title: SS7 vulnerabilities and mitigation measures for digital financial services transactions
Summary: The world of digital financial services (DFS) relies heavily on the underlying telecommunications infrastructure to enable users send and receive money. In most developing countries where DFS is popular, most of the end-users do not have reliable and accessible means to connect to Internet and thus rely heavily on the mobile communications infrastructure. The communication channels in which the end-user communicates with the DFS provider are mostly Unstructured Supplementary Service Data (USSD), Short Messaging Service (SMS). USSD and SMS have long been known as "broken" and have many published vulnerabilities, some over 20 years old, which enables attackers to commit fraud and steal funds. ITU and GSMA have long ago published guidelines and advisories to telcos on how to mitigate many of these vulnerabilities; however, the implementation rate of these mitigation measures is extremely low. According to surveys performed by this working group and the European Union Agency for Network and Information Security (ENISA), less than 30% of the telcos in the European Union (EU) and less than 0.5% of telcos in developing countries have implemented these mitigation strategies. This low rate of implementation is attributed to lack of awareness to the existence of these vulnerabilities and the prohibitive cost set on the telcos to implement mitigation measures. The Technical Report aim is to mitigate the use of the SS7 vulnerabilities for financial fraud.
Comment: -
Base text(s):
Assaf Klinger, Editor
ITU-T A.5 reference(s):
Generate A.5 drat TD
[Submit new A.5 reference ]
See guidelines for creating & submitting ITU-T A.5 justifications
First registration in the WP: 2019-06-26 14:11:33
Last update: 2019-06-26 16:18:08