Committed to connecting the world


Digital Financial Services Security Clinic - Côte d’Ivoire


The International Telecommunication Union organized an online Digital Financial Services Security Clinic jointly with Côte d'Ivoire (ARTCI) ​from 6 to 7 September 2022 from 13h00 to 16h00 UTC.

The main objectives of the DFS Secur​ity Clinic are to share the findings and recommendations from the FIGI Security Infrastructure and Trust working group for regulators and DFS providers with regards to addressing security challenges for digital finance.​

The event provided insights into security best practices for SIM swaps, mobile payment applications operating on USSD, STK and Android, methodology for testing security of mobile payment applications and addressing infrastructure vulnerabilities such as SS7.

Target audience: The security clinic is intended for IT security professionals, security auditors and policymakers from the telecom/ICT regulator and Central Bank/Financial Regulator. ​

Watch recordings here:​​


Day 1: 6 September 2022 (13:00 - 16:00)

​13:00 - 13:20
​Opening Remarks
​13:20 - 14:40
DFS security vulnerabilities: USSD, STK and Android platform vulnerabilities

This session introduced the ITU DFS security lab and highlighted the vulnerabilities to USSD and STK and Android based applications. Threats like Man in the middle attacks that could impact digital financial services and the SIM jacker vulnerability in SIM Cards wiould be discussed. The session also provided and an overview of the security tests that can be undertaken in the DFS Security Lab at ITU. 
Related Reports: 
​14:40 - 14:55
​Coffee Break
​14:55 - 16:00
​DFS Security Assurance Framework 

This session discussed the DFS security assurance framework that can be implemented by DFS providers to better manage the risks and mitigate their impact.
Related Report: 

Day 2: 7 September (13:00 - 16:00)

​13:00 - 14:00
Summary of key guidelines for regulators on DFS security

This session focused on the summary of the key ITU DFS recommendations on DFS security especially in issues of SS7, SIM swaps, SIM recycling and SIM vulnerabilities like SIM jacker that could be used to compromise DFS.
​14:00 - 14:30
DFS Security Audit Guideline

The session also covered how a Regulator or DFS provider can assess compliance with the minimum-security controls using the DFS audit guideline. 
Related Report:
​14:30 - 14:45
Coffee Break

​14:45 - 16:00
Implementing the DFS security recommendations and security audits for DFS

An interactive session focused at initiating the process to implement the DFS security recommendations and identify the DFS Mobile Money applications that could be tested at the ITU DFS security lab.