Page 34 - Digital Financial Services security assurance framework
P. 34
(continued)
Affected entity Risks and vulnerabilities Controls
The risk of service outages and inabil- C46: Deactivate and remove default accounts and creden-
ity to transact is due to the following tials from databases, applications, operating systems, and
vulnerability: other access interfaces that interact with the production
- Untested restoration practices (SD: DFS system.
availability) C47: Review installation, vendor, support accounts, and
access points to DFS systems and infrastructure. All of these
accounts should be deactivated or allocated to appropriate
user profiles.
The risks of data exfiltration and mod- C48: Perform end-to-end tests after any changes to the
DFS Provider ification, compromise of transaction DFS, MNO, SP, and third party systems, include regression
integrity, and interruption of service and capacity tests in the acceptance tests. Also, ensure
are due to the following vulnerability: there is a fall-back/blackout plan.
- Inadequate data controls like failure to C49: Have scheduled, regular backups for DFS systems.
implement atomicity of transactions, Regularly test and securely store backups offline and offsite
allowing them to exist in a partially in an encrypted form.
completed state (SD: data integrity)
C50: Use standard ACID (Atomicity, Consistency, Isolation,
Durability) functionality of the databases to ensure transac-
tion integrity. DFS operations should either succeed com-
pletely or fail completely.
The risk of inability for the user to trans- C50: DFS applications/3rd parties should support the use
act is due to the following vulnerability: of digital signatures, a secure digital signature provides
- Inadequate mechanisms to assure irrefutable evidence of the transaction's origin. Digital sig-
Third-Party Pro- data integrity and over-reliance on natures are only valid as long as the PKI has not been com-
promised and must be tested with plans for assuring agility.
vider external trust anchors (SD: non-repu-
diation) By demonstrating that signing keys are adequately protect-
ed up to the root key, the DFS provider can withstand legal
challenges about the authenticity of a specific user and des-
puted transactions.
8�10 Threat: SIM attacks
The general threat is the ability of an attacker to gain unauthorized access to a DFS user's SIM card. The vulner-
abilities are manifested in different ways at the Mobile network operator, DFS provider, and Mobile user.
Affected entity Risks and vulnerabilities Controls
The risks of account takeover and unau- C51: MNOs should ensure that an identity verification pro-
thorized transactions occur because of cess is in place before SIM swaps is performed.
the following vulnerabilities: C52: The user’s identity should be verified using a combina-
- Inadequate controls for user identi- tion of something they are, something they have, or some-
fication and verification before SIM thing they know. For example, with the presentation of a
swap and SIM recycling (SD: Authen- valid ID, biometric verification, and knowledge about the
MNO tication) DFS account details before a SIM swap/ SIM replacement
is performed.
C53: DFS and Payment Service Providers should be able
to detect real-time whenever a SIM card with DFS services
has swapped or replaced. And perform further verification
before any high-value transaction or account changes are
authorised with new SIM.
32 Digital Financial Services Security Assurance Framework
