Committed to connecting the world


Digital Financial Services Security Clinic – Nigeria

​​​​​​​​​​​​​​​​​​​​​​​​​​​​​17 - 18 November  2021

 The main objectives of the Security Clinic on DFS security was to share findings and lessons learned from the FIGI Security Infrastructure and Trust working group.  The findings assisted the regulators and providers to: ​
The sessions addressed the following: 
Target audience: The security clinics were intended for IT security professionals and policymakers from the telecom/ICT regulator, DFS provider and Central Bank.
​​ ​ ​
The relevant links to reports containing the security recommendations from FIGI were included. Participants were encouraged to read the reports ahead of the security clinic.​


​​​​Day 1 : 17 November 2021 

10:00 - 10:15
​Opening Remarks
​10:15 - 11:45
DFS Security Assurance Framework and conducting a DFS security assessment

This session introduced the DFS security assurance framework and how it can be implemented by DFS providers to better manage the risks and mitigate their impact. The session  covered​ how a Regulator or DFS provider can assess the compliance to the minimum-security controls using the DFS audit guideline.
Related Report:  
11:45 - 13:00
DFS Security Vulnerabilities: USSD, STK and Android Platform Vulnerabilities

This session will introduce the ITU DFS security lab and highlight the vulnerabilities to USSD and STK and Android based applications. Threats like Man in the middle attacks that could impact digital financial services and the SIM jacker vulnerability in SIM Cards would be discussed. The session will also provide and an overview of the security tests that can be undertaken in the DFS Security Lab at ITU.
​Related Reports:

​​ ​Day 2: 18 November 2021

​10:00 -12:00
DFS security vulnerabilities: Infrastructure vulnerabilities and mitigation measures (Mobile Infrastructure vulnerabilities)

Telecom infrastructure vulnerabilities such as SS7 can be exploited by an intruder to intercept calls and SMSs, bypass billing, steal money from mobile money accounts, or affect mobile network operations.  This session will present the main findings of the Security, Infrastructure and Trust Working Group on securing the infrastructure against SS7 vulnerabilities and threats. 

​Related Reports
​12:00 -13:00
​Implementing the DFS security assurance framework and DFS audit guidelines

This is a hands-on session focusing on initiating the process to implement the DFS security assurance framework in Nigeria and identify the DFS Mobile Money applications that could be tested in the ITU DFS security lab. NCC and CBN team should familiarize themselves with the DFS security assurance framework prior to the session. A follow-up session will be held afterwards to assess the implementation.