7 - 8 December 2021
The main objectives of the Security Clinics on DFS security were to share findings and lessons learned from the FIGI Security Infrastructure and Trust working group. The findings assisted the DFS providers and Network operators to:
learn about the different vulnerabilities within the DFS ecosystem
- how to mitigate these threats and perform continuous assessments on the security of DFS
how to build confidence and trust in the use of digital financial services, provide a framework to manage security risks in the DFS ecosystem.
: The security clinics were intended for IT security professionals and policymakers from the telecom/ICT regulator, DFS providers and Central Bank.
The sessions addressed the following areas of focus:
DFS security vulnerabilities: Insights into the security vulnerabilities of DFS applications and infrastructure:
- USSD, STK and Android platform vulnerabilities and how these can be mitigated.
- SS7 vulnerabilities and their mitigation measures.
- Security tests that can be undertaken at the DFS Security Lab at ITU.
Implementing the DFS security framework
- DFS security assessment: Performing a DFS security assessment.
Note: The time indicated below is in Malawi local time – UTC+2