Page 20 - Digital Financial Services security assurance framework
P. 20
5 SECURITY THREATS
5�1 Threats to DFS using USSD, SMS, IVR, STK and NSDT
The diagram below summarises the threats of DFS
applications based on USSD, SMS, IVR, STK and
NSDT.
Figure 9 - Threats to DFS systems using USSD, SMS, IVR and NSDT
rd
User Mobile Device and SIM Mobile Network Operator DFS Provider 3 Party
card
Mobileobileobile
M M
D D Deviceeviceevice
SIM Card
q Social engineering q Code exploitation q Unauthorized access to q Attacks against
q Unauthorized attack DFS data credentials q Code exploitation
access to mobile q Malware q Attacks against attack
device q Unauthorized access q Compromise of MNO systems and platforms q Denial Of Service
infrastructure
q Unintended to mobile device/SIM q Code exploitation q Insider attacks
Disclosure of q Insider attacks attack
personal q Rogue devices q Malware
information q Unauthorized access q Denial-of-service attacks q Compromise of DFS q Unauthorized access
infrastructure
to DFS Data q Man-in-the-Middle attacks to DFS data
q Denial of Service q Compromise of DFS
Services
attack q Unauthorized disclosure of
personal information q Data misuse
q Malware q Insider attacks
q Account and session hijack q Denial-of-service
attacks
q Code exploitation attack
q Zero day attacks
q Data misuse q Unintended disclosure
of personal
information
5�2 Threats to DFS ecosystem based on apps and digital wallets
Mobile payment applications/wallets enable digital pay only for Samsung devices and Apple devic-
financial services through applications installed on es, whereas Google Pay can be used on all android
the mobile device, the nature of financial applica- devices, mobile payment applications utilizing Quick
tions and channels used will depend on the device Response codes like WeChat Pay and AliPay can be
capabilities, for example Samsung pay and Apple used by all smartphones with a camera.
18 Digital Financial Services Security Assurance Framework
