Committed to connecting the world

WRC-23

Digital Financial Services (DFS) Security Clinic for Tunisia

​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​22 - 23 0ctober 2021



 The International Telecommunication Union in partnership with ISET’Com  organized a virtual “Digital Financial Services (DFS) Security Clinic” for Tunisia  that took place from  22 to 23 October 2021. The DFS security clinic showcased the ITU DFS security lab and share knowledge with regulators, DFS providers, and Central Banks on mitigating threats and vulnerabilities that can impact on the security of digital financial services.

The main objectives of the DFS Security Clinic wereto share findings and lessons learned from security recommendations from the Financial Inclusion Global Initiative (FIGI) which is a joint collaboration of the ITU, World Bank and Bank for International Settlements and supported by the Gates Foundation. The security recommendations assisted DFS ecosystem stakeholders (regulators, providers & financial service providers) to:

The sessions addressed the following areas of focus: ​

Participants & Target audience:
  The security clinic was intended for those involved in DFS security and policymakers from the telecom/ICT regulator, DFS providers, Central Bank and Students.

Programme



Day 1: Friday  22 October 2021 ​​​​

​09:00 - 09:15
CET
Welcome and Opening Remarks
​09:15 - 10:30
CET
​Panel 1: Digital finance: Cyber threat & experience sharing
​10:30 - 11:00
CET
​ Coffee Break
​11:00 - 12:15
CET
Panel 2: Digital finance security : Resiliency and Fraud Risk Mitigation 
​12:15 - 13:15
CET
​Training Part 1: DFS security vulnerabilities: Infrastructure vulnerabilities and mitigation measures (Mobile Infrastructure vulnerabilities)

Telecom infrastructure vulnerabilities such as SS7 can be exploited by an intruder to intercept calls and SMSs, bypass billing, steal money from mobile money accounts, or affect mobile network operations.  This session presented the main findings of the Security, Infrastructure and Trust Working Group on securing the infrastructure against SS7 vulnerabilities and threats.
13:15 - 14:30
CET
​Lunch Break
14:30 - 16:00
CET​​
​Training Part 2 : DFS security lab: Testing Android application vulnerabilities that affect DFS

This session introduced the ITU DFS security lab and highlight the vulnerabilities in Android based DFS applications. The session also provided, and an overview of the Android app security tests based on the OWASP Mobile Top 10.
​16:00
CET
​ Closing Remarks

Day 2: Saturday, 23 October 2021 ​​ ​​

​09:00 - 10:30
CET
Training part 3: DFS Security Assurance Framework and conducting a DFS security assessment

This session discussed the DFS security assurance framework that can be implemented by DFS providers to better manage the risks and mitigate their impact. The session also covered how a Regulator or DFS provider can assess the compliance to the minimum-security controls using the DFS audit guideline. 
10:30 - 10:45
CET
​Coffee Break
​10:45 - 12:30
CET

Training part 4: DFS security lab: USSD and STK platform vulnerabilities

This session highlighted the vulnerabilities to USSD and STK and Android based applications. Threats like Man in the middle attacks, the SIM jacker vulnerability in SIM Cards  were discussed. The session also provided an overview of the methodology used for performing the USSD and STK security tests at the ITU DFS Security Lab. 
​12:30
CET​​

​Certificate Awarding & Closing

​​