ITU-T Focus Group Digital Financial Services
                                                      Recommendations







                Title of recommendation       Secure transactions
                Working Group                 Technology, Innovation and Competition

                Workstream                    Security
                Audience for recommendation   DFS Ecosystem stakeholders





                It is clear that the security of all transactions within the DFS ecosystem rests upon the safe and secure trans-
                mission of data between users and service providers. We thus strongly recommend the development and
                implementation of end-to-end security techniques employing standardized and up-to-date cryptographic algo-
                rithms and ciphersuites to ensure data stays confidential and has integrity protection from the time it leaves the
                user’s handset until it is delivered to its destination. The response from the provider to the user should be simi-
                larly protected.


               Mobile devices increasingly contain additional hardware to improve data security; we recommend that DFS
               provides make use of these technologies to assure the security of information on the mobile device platform.

               Best practices for data handling within DFS provider systems and network, such as the maintenance of audit
               logs, the use of least privilege, assuring data confidentiality, and premises security, are essential to ensuring the
               security of data and increasing its resistance to data breach attacks. The development of security benchmark
               assessments and regular testing of defenses to protect against new attacks is vital to assuring the continued
               security of stored data in these environments.

















































                36