Committed to connecting the world

Search for:

Digital Financial Services Security Lab

The Digital Financial Services (DFS) Security Lab hosted at the International Telecommunication Union was established in 2020 as part of the activities of the Financial Inclusion Global Initiative (FIGI).

The DFS Security Lab supports regulators in emerging economies to build confidence and trust in the use of digital financial services by providing the following services:

Collaborate with regulators to adopt the DFS Security recommendations based on international standards and best practices.
Conduct security tests on mobile payment applications (iOS, Android, USSD and STK platforms), based on the OWASP Mobile Top 10 Security Risks.
Provide technical guidance on managing the DFS ecosystem security risks and mitigation measures.
Conduct assessments on cyber resilience among the DFS ecosystem stakeholders on responding to cybersecurity incidents targeting digital finance.
Provide a neutral platform to share knowledge on security incidents and vulnerabilities in digital finance.
Organize security clinics targeting DFS regulators and providers to stay up to date with new vulnerabilities and mitigation measures.

Adoption of the DFS Security Recommendations

The lab supports regulators to adopt and implement the DFS security recommendations listed below:

Knowledge Transfer Programme for Developing Countries

The Lab has a knowledge transfer programme for regulators to verify the security assurance of mobile payment applications based on Android, iOS, and USSD. Its scope of activities includes:

Organize security clinics on the DFS security recommendations
Technical guidance on setting up a DFS Security Lab.
Conduct training on the security tests for mobile payment applications based on OWASP Mobile Top 10 Security risks
Deep dives on DFS assurance and security framework

DFS App Security Test

The DFS Security Lab provides security testing services specifically for regulators overseeing Digital Financial Services (DFS) applications. The lab tests that DFS apps operating on iOS, Android, STK (SIM Toolkit), or USSD (Unstructured Supplementary Service Data) platforms, comply with the minimum app security best practices.

The DFS Security Lab's objective is to assist regulators in fostering a secure and reliable digital financial services environment. By testing and identifying vulnerabilities and proposing improvements.

Cyberresilience Assesment Toolkit

The Cyber Resilience Toolkit aids DFS regulators and stakeholders, especially in emerging economies, to evaluate and enhance the cyber resilience of critical infrastructure in the DFS sector. It supports preparedness against cyber threats, encourages best practices for defense, and helps improve overall cybersecurity posture

Cyber Security Resilience Assessment toolkit for DFS Critical Infrastructure

Strong Authentication resources

The lab provides resources for developers to test stronger passwordless authentication. The lab provides resources for the following strong authentication protocols:

Knowledge Sharing Platform

The ITU Knowledge Sharing Platform for Digital Finance Security aims to enhance collaboration in developing and implementing security guidelines for Digital Financial Services (DFS). Its objectives include updating the DFS security assurance framework, sharing implementation experiences and challenges across jurisdictions, and facilitating direct peer-to-peer communication on DFS security issues.

DFS Security Knowledge Sharing Platform