Page 32 - Digital Financial Services security assurance framework
P. 32
(continued)
Affected entity Risks and vulnerabilities Controls
The following vulnerabilities cause the C30: The DFS provider should employ robust input validation
risk of data inaccuracy and inconsis- routines on external-facing services by checking out-of-range
tency: values and unpermitted characters in fields, and by constrain-
ing and sanitizing input. Input validation should happen at the
earliest possible point and should be done both on the client
and server-side, however, the server should not rely solely on
client-side validation. Additionally, block, log and review all
requests that violate the Web Services Description Language
(WSDL) and schemas.
- Addition of test data into production C31: Use database fingerprinting to detect tampering and
data (SD: data integrity) modification of data after it has been stored. Techniques such
as digital signatures across database columns can be used to
DFS Provider detect user data modification.
C32: Ensure all test data is removed from code before it is
migrated to the production environment.
- Absence of logging, ability to alter C33: DFS systems should use logging mechanisms, including
logs, and insufficient information in capturing the provenance of user actions or logging of critical
logs (SD: non-repudiation) actions into tamper-proof storage, secure DFS system logs
from tampering, editing, deleting, stopping. Use digital signa-
tures attached to actions, particularly those that arrive over a
network connection.
- Inaccurate and unsynchronised C34: Ensure clock accuracy synchronization on all systems
clocks (SD: data integrity) connected to the DFS system. NTP and SNTP are some of the
protocols used to sync accurate time; however, these have to
be deployed securely.
8�8 Threat: Man-in-the-middle and social engineering attacks
We group these two types of attacks because they both involve an adversary actively interposing themselves
into communication or interaction (e.g., between a user and device or MNO, or a communication interposition
between parties).
Affected entity Risks and vulnerabilities Controls
The risk of data exposure and modifi-
cation is due to the following vulnera-
bilities:
- Unverified and unsigned applications C35: Critical focus should be on guiding the customer to
(SD: privacy, data integrity) access and download DFS applications through official appli-
cation release channels to mitigate the risk of running mal-
ware-infected apps.
Mobile User
- Unverified inputs such as unsolicited C36: MNOs and DFS providers should undertake active
SMS messages, in-app advertise- customer awareness campaigns to educate consumers and
ments, or e-mails (SD: data integrity) internal staff about malicious messages, phishing attacks,
and spoofing.
- Insufficiently protected credentials C37: Mask user passwords and PINs, actively educate cus-
(SD: access control) tomers on shoulder surfing and safe PIN/password usage to
avoid shoulder surfing and writing down of passwords.
30 Digital Financial Services Security Assurance Framework
