Securing Mobile Payment Applications – Part 1

The International Telecommunication Union (ITU) was pleased to invite you to the Live Webinar "Securing Mobile Payment Applications," that took place on 26 March 2025 from 14:00 - 15:00 CET via Zoom.​ the discussion focused on the best practices in mobile application security based on the OWASP Mobile Top 10 Security Risks.

The rapid growth of digital financial services (DFS) has made mobile payment applications a prime target for cyber-attacks. DFS mobile applications, operating across diverse platforms, face unique security challenges, including insecure authentication, data leakage, and malware attacks. Addressing these potential risks is critical to maintaining user trust and ensuring the overall security of the DFS ecosystem.

This webinar, Part 1 on Securing Mobile Payment Applications, focuses on technical guidance and minimum-security best practices for Android-based DFS applications. Participants will learn about a template of application security best practices derived from ITU-T standard X.1150: Security assurance framework for digital financial services​, and designed for adaptation by Digital Financial Services regulators in their app security policies. This template also provides valuable guidance for DFS providers in their development processes. The session outlined minimum mobile application security best practices and offer technical guidance to enhance the resilience of mobile payment applications and protect users from emerging threats.

Building upon this foundational knowledge, Part 1 introduced the ITU DFS security lab methodology, based on OWASP 2024, specifically for validating Android-based DFS mobile application compliance with established minimum-security best practices for DFS applications. This methodology encompasses lab testing and mitigation strategies to ensure robust security. Key industry standards and best practices were highlighted throughout the session, providing a comprehensive overview of the security tests for Android DFS applications.

To facilitate collaborative discussions with regulators, DFS providers and telco providers, and contribute to the ongoing development of DFS security best practices before and after the webinar, participants are encouraged to join the ITU DFS security knowledge-sharing platforms on Slack and GitBook.

Attendees gained insights into:​

This webinar was intended for professionals in telecommunications, financial services, fintech, cybersecurity, and regulatory bodies who are directly involved in or impacted by DFS security.

Watch the recording here​​

Panelists: