ITU-T Focus Group Digital Financial Services
                                              Technology, Innovation and Competition



               Figure 3: DFS security architecture




































               2.3    X.805 Security dimensions and Y.2740 security levels

               Recommendation [ITU-T Y.2740] “Security requirements for mobile remote financial transactions in next
               generation networks” [8], describes 4 security levels for mobile financial systems defined by the set of security
               dimension implementations, as defined in [ITU-T X.805]. While security level 1 (the lowest) is ensured by the
               standard features of mobile communication networks, security level 4 (the highest) must have the strongest
               implementations of the security dimensions, such as multi-factor authentication, encryption, and a hardware
               secure element of some form. Nevertheless, the requirements for some security dimensions are unified for
               all security levels, as illustrated in Table 1. To maintain assurances at these security levels, the DFS ecosystem
               will need to ensure that information managed in accordance with a given level maintains that level throughout
               its lifetime. For example, all authentication operations involving system services must be multi-factor in order
               to adhere with security level 3.

































                                                                                                        5