ITU-T Focus Group Digital Financial Services
                                                      Recommendations







                Title of recommendation                    Third-party providers
                Working Group                              Technology, Innovation and Competition

                Workstream                                 Security
                Audience for recommendation                External providers





                DFS and external service providers should employ strong cryptography practices to assure the confidentiality
                and integrity of data as it enters the provider network and as it is processed and stored within this environment,
                with a goal of end-to-end encryption.

               DFS and external providers should keep systems up to date and monitored against malicious threats from
               outside code. While maintaining a robust perimeter against outside attack is important, providers should
               also ensure strong internal controls are in place to mitigate insider threats. Robust input validation routines
               on external and internal-facing services should be deployed.  Ensuring that data is encrypted as it enters the
               network mitigates external threats to confidentiality, while ensuring that all sensitive consumer data such as
               PINs and passwords are encrypted within the internal network and while at rest mitigates internal threats
               against this data.
               All PSPs should maintain a trustworthy supply chain via third-party providers of technical services. A
               trustworthy supply chain is necessary to assure the integrity of the PSP’s infrastructure and data.


















































                                                                                                       33