Summary

This Recommendation provides security guidelines for digital financial service (DFS) applications based on unstructured supplementary service data (USSD) and subscriber identification module tool kit (STK) that can be implemented by DFS providers and mobile network operators to mitigate security risks associated with USSD and STK for DFS applications. This draft Recommendation covers the following aspects:

·         Security threats and vulnerabilities to DFS services based on USSD and STK.

·         Identification of the areas where security measures may be implemented by providing insights into the risks and vulnerabilities associated with DFS applications.

·         Security practices for Mobile Network Operators and DFS providers.