Digital Financial Services security



                                                              assurance framework










            1  INTRODUCTION

            Digital  technology  has  spurred  financial  access  to   In addition, DFS providers must also deal with an
            millions of people due to its ease of use through   increasingly complex mobile ecosystem, develop-
            mobile phones, providing customer-centric finan-   ing applications for multiple versions of operating
            cial services that are affordable, scalable and offer   systems each with their specific vulnerabilities and
            convenience.                                       support different types of mobile devices. In this
               According to the World Bank Global Findex data-  fast-evolving dynamic environment, DFS providers
            base  “the share of adults around the world making   face certain challenges concerning knowledge about
                1
            or receiving digital payments increased by 11 per-  the actual security threats and possible security con-
            centage points between 2014 and 2017.  In high-in-  trols to mitigate the risks.
            come economies 51 percent of adults (55 percent of   The DFS Security Assurance Framework aims to
            account owners) reported making at least one finan-  bridge the above knowledge gap and recommends a
            cial transaction in the past year using a mobile phone   structured methodology for managing security risks
            or the internet. In developing economies 19 percent   that the stakeholders of the digital financial services
            of adults (30 percent of account owners) reported   (DFS) ecosystem could implement to:
            making at least one direct payment using a mobile
            money account, a mobile phone, or the Internet”.   •  Enhance customer trust and confidence in digital
               However,  as  providers  harvest  digital  means  to   financial services.
            offer a wider range of financial services with great-  •  Clarify the role and responsibilities for each of the
            er reach, improved efficiency and minimal operating   stakeholders in the ecosystem.
            costs, the rapid growth and uptake of digital financial   •  Identify security vulnerabilities and related threats
            services makes its ecosystem uniquely vulnerable to   within the ecosystem.
            various security threats. The interconnectedness of   •  Establish security controls to provide end to end
            the system entities and reliance/involvement of a    security.
            number of parties in the ecosystem extends the secu-  •  Strengthen  management  practices in respect  to
            rity boundaries beyond the digital financial service   security risk management that is inclusive of all
            (DFS) provider to the customers, network providers,   DFS stakeholders.
            mobile phone manufacturers, and other third-party
            providers in the ecosystem.                        The DFS Security Assurance Framework provides
                                                               an overview of the security threats and vulnerabil-



                                                                Digital Financial Services Security Assurance Framework  9