Committed to connecting the world

Girls in ICT

DFS Security Clinic: Addressing Security Risks to Digital Finance Ecosystem


The Internatio​​nal Telecommunication Union (ITU)​​ and the ​Malawi Communications Regulatory Authority (MACRA) jointly organised a Webinar on the DFS Security Clinic for Malawi focusing on Addressing Security Risks to Digital Finance Ecosystem on 11 April 2024. It took place from 08:00 to 17:00 CET.

The main objectives of the Security Clinic on DFS security were to share findings and lessons learned from the FIGI Security Infrastructure and Trust working group. These findings assisted regulators and providers in: 
The security clinics are intended for IT security professionals and policymakers from the telecom/ICT regulator, DFS provider, and Central Bank.

Target Audience
Participation in both the workshop and the Focus Group meeting was open to all interested parties and free of charge. The security clinics were intended for IT security professionals and policymakers from the telecom/ICT regulator, DFS provider, and Central Bank.


​​08:00 - 08:30
​​​​08:30 - 09:00​

Welcome and Opening Remarks Session
​09:00 - 10:15
Introduction to ITU DFS Security Lab and Knowledge Sharing Platform 

This session provided a general overview of the ITU DFS Lab and the assistance that it provides to developing countries to adopt the DFS Security recommendations. This session also introduced the ITU knowledge sharing platform. The ITU DFS Security Knowledge Sharing Platform was designed to foster collaboration among regulators and other stakeholders in the development and implementation of security guidelines and best practices for Digital Financial Services (DFS).
10:15 - 10:30​​​Coffee Break
​10:30 - 11:30
Strong authentication technologies for DFS 

This session focused on the multifaceted challenges in developing and implementing strong authentication mechanisms in DFS, including regulatory compliance, user experience, and technology limitations. A deep dive into new and emerging strong password less authentication technologies such as biometrics to explore how these technologies can be leveraged in various D​FS scenarios.
11:30 - 12:30​ITU DFS security recommendations

This session highlighted the security measures to be implemented by DFS regulators and providers as mentioned in the ITU DFS security recommendations to secure the applications layer, telecom infrastructure and payment system infrastructure. In particular, the following measures were presented:

​12:30 - 13:30
​Lunch Break
​13:30 - 14:45
Application Security vulnerability testing 

As DFS cyber threats continue to evolve, protecting applications from vulnerabilities becomes paramount. This session explored continuous security testing and integrating security within the development lifecycle. Regulators, developers, security analysts, or IT managers, left with a comprehensive understanding of how to implement robust security measures that align with industry standards, ensuring the safety and integrity of DFS applications.

​14:45 - 15:00
Coffee Break 
​15:00 - 16:00
DFS Cyber Resilience Framework 

This session introduced the ITU DFS cyber resilience toolkit for regulators to safeguard critical digital finance infrastructure. This session also included an exercise designed as an interactive tabletop session, where participants were organized into groups, each focusing on a distinct aspect of cyber security: Risk management, governance, testing, training & awareness, protection and incident response.
​16:00 - 17:00
Open discussion: Adopting the ITU DFS security recommendations 

This session provided a forum on the next steps for adoption of the DFS security recommendations in Malawi.