The Digital Financial Services (DFS) Security Lab hosted at the International Telecommunication Union was established in 2020 as part of the activities of the Financial Inclusion Global Initiative (FIGI).
The DFS Security Lab supports regulators in emerging economies to build confidence and trust in the use of digital financial services by providing the following services:
-
Collaborate with regulators to adopt the DFS Security recommendations based on international standards and best practices.
- Conduct security tests on mobile payment applications (iOS, Android, USSD and STK platforms), based on the OWASP Mobile Top 10 Security Risks.
- Provide technical guidance on managing the DFS ecosystem security risks and mitigation measures.
- Conduct assessments on cyber resilience among the DFS ecosystem stakeholders on responding to cybersecurity incidents targeting digital finance.
- Provide a neutral
platform to share knowledge on security incidents and vulnerabilities in digital finance.
Organize
security clinics targeting DFS regulators and providers to stay up to date with new vulnerabilities and mitigation measures.
Under the ITU Digital Financial Services (DFS) Security Lab Knowledge Transfer Programme, technical assistance has been provided to multiple Member States and organizations to strengthen national DFS security assurance capabilities. The DFS Security Lab has conducted knowledge transfer sessions for Antigua and Barbuda, Lesotho, Peru, St Lucia, Tanzania, The Gambia, Uganda, the Universal Postal Union (UPU), and Zimbabwe.
In 2026, the DFS Security Lab will continue its support and expand to additional countries, including Burkina Faso, Congo, Ethiopia, Gabon, Ghana, Guinea, Sierra Leone, Somalia, South Sudan, and Togo. The programme focuses on supporting the adoption of ITU DFS security recommendations and strengthening regulatory capacity to validate that mobile payment applications (Android, iOS, and USSD) meet the minimum-security requirements aligned with international standards.
