Page 7 - Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions

P. 7

Contents

12 Mitigation strategies for DFS providers ..................................... 18
12.1 Detecting and mitigating account take over using intercepted OTP SMS .... 18
12.2 Detecting and mitigating social engineering attacks with MT-USSD ........ 19
12.3 Detecting and mitigating interception of MO-USSD transactions ........... 19
12.4 Detecting and mitigating unauthorized SIM card swap .................... 19
12.5 Detecting, preventing and mitigating SIM card recycle ................... 20
12.6 Embedding data within the user’s phone for authentication .............. 20
12.7 Regulatory Activities .................................................. 20
13 Conclusions and recommendations ......................................... 21
13.1 Conclusions ........................................................... 21
13.2 Recommendations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Annex A Technical description of SS7 and diameter .............................22
A.1 The SS7 protocol stack .................................................22
A.2 The diameter protocol stack ............................................22
A.3 EPC protocol stack ....................................................23
A.4 Support of voice services and SMS ......................................24
Annex B Template for a model MOU between a telecommunications regulator
and central bank related to DFS security .............................. 26

Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions • 5

2 3 4 5 6 7 8 9 10 11 12