Page 35 - Digital Financial Services security assurance framework
P. 35
(continued)
Affected entity Risks and vulnerabilities Controls
The risks of account takeover and unau- C54: The mobile operator should safeguard and securely
thorized transactions occur because of store SIM data like IMSI and SIM secret key values (KI values).
the following vulnerabilities: C55: A mobile number recycling process should be in place
- Inadequate controls for user identi- that involves communicating with DFS providers on Mobile
fication and verification before SIM Subscriber Identification Numbers (MSIDN) being churned
MNO swap and SIM recycling (SD: Authen- or recycled. (in this context: number recycling is when the
tication) MNO reallocates a dormant/inactive Mobile Subscriber
Identification Number (MSISDN) to a new customer). When
a SIM is recycled, the mobile operator will report a new IMSI
of the related account phone number. The DFS provider
should block the account until the identity of the new person
holding the SIM card is verified as the account holder.
The risk of unauthorized access to user C56: DFS users should have the ability to perform remote
mobile data occurs because of the fol- wipes on a mobile device and encrypting their data in case
Mobile User lowing vulnerability: the device is lost or stolen.
- Mobile device theft (SD: data confi-
dentiality)
The risk of lost access to accounts or C57: DFS providers should ensure they have procedures
reputational damage occurs because of in place to detect and avert suspicious SIM swaps and SIM
the following vulnerability: recycle by:
- Inadequacies in SIM swap and recy- a) Check if the IMSI associated with the phone number has
5
cling process (SD: data integrity) changed, this is an indication of SIM swap.
DFS Provider b) If there is an indication of a SIM swap, check the IMEI of
the phone holding the SIM. If the IMEI has also changed,
there is a high probability of a SIM swap. In that case, the
DFS provider should block the account until performing
account verification procedures, for example, via a voice
call or an agent.
8�11 Threat: Compromise of DFS Services
The general threat is the ability of an attacker to breach a financial service without being detected. The vulner-
abilities are manifested in different ways at the DFS provider
Affected Entity Risks and vulnerabilities Controls
The risks of service failure and compro-
mise of DFS services and data occurs
because of the following vulnerabilities:
- Unauthorized changes to system con- C58: Protect against tampering and allow only online trans-
figuration and log files and data (SD: actions
DFS provider Data Integrity) a) Protect and monitor DFS application files from tampering
and changes using file integrity monitors, e.g., by calculat-
ing checksums or validating digital signatures.
b) By policy, the DFS provider or merchant should not use
the mobile payment solution to authorize transactions
offline or store transactions for later transmission.
Digital Financial Services Security Assurance Framework 33
