Committed to connecting the world

Digital Financial Services (DFS) Security Clinic Lesotho

The International Telecommunication Union (ITU) is pleased to invite the participants to the Digital Financial Services (DFS) Security Clinic Lesotho that will take place on 5-6 June 2025 from 10h00 to 12h30 (CEST) online via Zoom. The Security Clinic will provide in-depth sessions on the ITU DFS Security recommendations and the ITU DFS security lab activities.

The clinic aims to explain in detail the ITU DFS Security Recommendations, highlighting their relevance and applicability for DFS and Telco regulators and operators in enhancing the security and resilience of their operations. The expected output of the clinic is a draft document for the adoption of the relevant ITU DFS security recommendations by the Lesotho Communications Authority (LCA) and the Central Bank of Lesotho (CBL).

Target audience
The DFS Security Clinic is targeted at representatives from telecommunications regulators, national cybersecurity agencies, Central Banks.

Programme

Day 1, 05 June 2025 (CEST)

10:00-10:10	Welcome Remarks LCA
10:10-11:10	Introduction to ITU DFS Security Lab and Knowledge Sharing Platform This session will provide a general overview of the ITU DFS Security Lab and the assistance that it provides to developing countries to adopt the DFS Security recommendations. This session will also introduce the ITU knowledge sharing platform. The ITU DFS Security Knowledge Sharing Platform is designed to foster collaboration among regulators and other stakeholders in the development and implementation of security guidelines and best practices for Digital Financial Services (DFS).
11:10-11:20	Coffee Break
11:20-12:30	ITU DFS Security Recommendations This session will present the security measures from the ITU DFS security recommendations to be adopted by DFS regulators and providers to secure the telecom infrastructure and payment system infrastructure. In particular, the following recommendations will be presented: Security recommendations to protect against DFS SIM risks and SIM swap fraud Recommendations for regulators to mitigate SS7 vulnerabilities DFS consumer competency framework

Day 2, 06 June 2025 (CEST)

10:00-11:30	DFS Application Security Best Practices and DFS Application Security Testing Following up on the ITU DFS security recommendations on Day 1, this session continues the elaboration of the security control measures to the application layer. As DFS cyber threats continue to evolve, protecting applications from vulnerabilities become paramount. The DFS application security best practices included in the ITU DFS security recommendations can be adopted by regulators to establish a minimum-security baseline for DFS providers to build in security at the design phase. This session will explore the security tests that are conducted in the ITU DFS security lab to verify compliance of mobile payment apps against the Security best practices. Application Security best practices
11:30-11:45	Coffee Break
11:45-12:15	DFS Security Assurance Framework and Audit Guideline This session discussed the DFS security assurance framework that can be implemented by DFS providers to better manage the risks and mitigate their impact. Related Reports: DFS Security Assurance Framework DFS security audit guideline
12:15-13:00	Open Discussion: Adopting the ITU DFS Security Recommendations  In this session ITU will present the results of the gap analysis survey on the DFS security recommendations and open the discussion to LCA and CBL to openly discuss the implementation of the relevant DFS security recommendations. The output of this session is a draft document for the adoption of the relevant recommendations by LCA and CBL.

Related Information

Organized by

Committed to connecting the world

Digital Financial Services (DFS) Security Clinic Lesotho

Programme

Day 1, 05 June 2​025 (CEST)

Day 2, 06​ June 2025 (CEST)​

Day 1, 05 June 2025 (CEST)

Day 2, 06 June 2025 (CEST)