Endnotes


            1   https:// globalfindex .worldbank .org/
            2   ITU-T Focus Group Digital Financial Services, Security Aspects of Digital Financial Services, January 2017, https:// www
                .itu .int/ en/ ITU -T/ studygroups/ 2017 -2020/ 09/ Documents/ ITU _FGDFS _SecurityReport .pdf

            3   https:// www .ecb .europa .eu/ paym/ pdf/ cons/ cyberresilience/ Cyber _resilience _oversight _expectations _for _financial
                _market _infrastructures .pdf
            4   Report on big data ML & consumer privacy highlights risks and how consumer financial and telecom data can be
                misused.
            5   See Technical Report on SS7 vulnerabilities and mitigation measures for DFS – Section 12.5 Detecting, preventing and
                mitigating SIM card recycle
            6   See Technical Report on SS7 vulnerabilities and mitigation measures for DFS  – Refer to sections 8 and 9 in the report.
            7   See Technical Report on SS7 vulnerabilities and mitigation measures for DFS – Section 12.1 Detecting and mitigating
                account takeover using intercepted OTP SMS
            8   See Technical Report on SS7 vulnerabilities and mitigation measures for DFS – See Section 10 Mitigation strategies for
                mobile operators

            9   GSM Association, Official Document MM.01 – MM App Security Best Practices, Version 1.0, 28 June 2018.
            10   European Union Agency for Cybersecurity (ENISA), Smartphone Secure Development Guidelines, 10 February 2017.
            11   State Bank of Pakistan, Mobile Payment Applications (App) Security Framework (DRAFT version 1.0), April 2019.
            12   https:// www .cisecurity .org/ controls/ incident -response -and -management/

















































                                                                Digital Financial Services Security Assurance Framework  47