messages like OTA SMS. Such SMS should only be   iii. Content providers generally send text in the form
               allowed from whitelisted sources.                 of A2P SMS messages. Their traffic should not
            ii.  OTA messages with STK coding from home sub-     contain messages with STK coding
               scribers should be restricted to only be sent to/by   iv. SMS home routing: This is the barring of all out-
               the MNO platform – and not to other subscribers.   going and incoming SMS except those routed
                                                                 through the home network hosts.










































































                                                 Security testing for USSD and STK based Digital Financial Services applications  21