ITU's 160 anniversary

Committed to connecting the world

Digital Financial Services (DFS) Security Clinic Lesotho

​​​​​​​​​​​​
The International Telecommunication Union (ITU) was pleased to invite the participants to the Digital Financial Services (DFS) Security Clinic Lesotho that took place on 5-6 June 2025 from 10h00 to 12h30 (CEST)​ online via Zoom. The Security Clinic provided in-depth sessions on the ITU DFS Security recommendations and the ITU DFS security lab activities.

The clinic aimed to explain in detail the ITU DFS Security Recommendations, highlighting their relevance and applicability for DFS and Telco regulators and operators in enhancing the security and resilience of their operations. The expected output of the clinic was a draft document for the adoption of the relevant ITU DFS security recommendations by the Lesotho Communications Authority (LCA) and the Central Bank of Lesotho (CBL).

Target audience
The DFS Security Clinic was targeted at representatives from telecommunications regulators, national cybersecurity agencies, Central Banks.

Programme

Day 1, 05 June 2​025 (CEST)

10:00-10:10​Welcome Remarks
10:10-11:10​ ​Introduction to ITU DFS Security Lab and Knowledge Sharing Platform 
This session provided a general overview of the ITU DFS Security  Lab and the assistance that it provided to developing countries to adopt the DFS Security recommendations. This session also introduced the ITU knowledge sharing platform. The ITU DFS Security Knowledge Sharing Platform is designed to foster collaboration among regulators and other stakeholders in the development and implementation of security guidelines and best practices for Digital Financial Services (DFS).

Arnold Kibuuka – Project Officer, ITU​
11:10-11:20
​Coffee Break
11:20-12:30​
​ITU DFS Security Recommendations
This session presented the security measures from the ITU DFS security recommendations to be adopted by DFS regulators and providers to secure the telecom infrastructure and payment system infrastructure. In particular, the following recommendations were presented:
Arnold Kibuuka – Project Officer, ITU​



Day 2, 06​ June 2025 (CEST)​

​​10:00-11:30
​DFS Application Security Best Practices and DFS Application Security Testing  
Following up on the ITU DFS security recommendations on Day 1, this session continued the elaboration of the security control measures to the application layer. As DFS cyber threats continue to evolve, protecting applications from vulnerabilities become paramount. The DFS application security best practices included in the ITU DFS security recommendations could be adopted by regulators to establish a minimum-security baseline for DFS providers to build in security at the design phase. This session explored the security tests that were conducted in the ITU DFS security lab to verify compliance of mobile payment apps against the Security best practices. 
Arnold Kibuuka – Project Officer, ITU​
11:30-11:45
Coffee Break
11:45-12:15
​​DFS Security Assurance Framework and Audit Guideline
This session discussed the DFS security assurance framework that could be implemented by DFS providers to better manage the risks and mitigate their impact.
Related Reports:
12:15-13:00

Open Discussion: Adopting the ITU DFS Security Recommendations  
In this session ITU presented the results of the gap analysis survey on the DFS security recommendations and opened the discussion to LCA and CBL to openly discuss the implementation of the relevant DFS security recommendations. The output of this session was a draft document for the adoption of the relevant recommendations by LCA and CBL.

Facilitators: