[25th May 2022] Communication Regulators’ Association of Southern Africa (CRASA) in collaboration with the International Telecommunications Union (ITU) conducted a two-day workshop from the 24th to 25th May 2022 titled “Addressing Security Risks to Digital Finance Ecosystem” as part of the initiative to enhance capacity of CRASA Members in order to address security challenges to digital finance.
The workshop explored security vulnerabilities when accessing and using digital financial services using mobile device with a focus on Unstructured supplementary Service Data (USSD), SIM Application Toolkit (STK)and Android based applications. The workshop further discussed SIM and Signalling system 7 (SS7) infrastructure vulnerabilities, introduced the ITU DFS SecurityLab and shared the findings and recommendations from the Financial Inclusion Global Initiative (FIGI) Security Infrastructure and Trust working group recommendations and best practices as mitigation strategies to minimize security risks associated with DFS.
On opening the Workshop, the CRASA Executive Secretary,Mrs. Bridget Linzie said that the on-going COVID-19 pandemic had triggered unprecedented dependency on the Information and Communications Technologies, adding that people had opted to use digital financial services in compliance to social distancing and lockdown requirements.
She noted that “while the DFS has created space for development of sustainable financial products that can cater to low-income and vulnerable groups by removing barriers such as lack of identification, formal income, and geographical distance; the rapid spread of digital financial services has also increased the risks of fraud and abuse. The newly emerged digital products and delivery channels have increased the consumer risk exposure for inexpert and vulnerable DFS users”. She concluded by highlighting the need for regulators to engage all critical stakeholders such as the financial regulator (Central Bank), mobile network operators and other DFS providers in identification and management of risks.
In his remarks, Mr. Bilel Jamoussi, Chief of Study Groups Department of the Telecommunication Standardization Bureau at the ITU noted that the ITU Security Lab supports regulators and industry players in ensuring that digital financial services are reliable, secure, and trustworthy. He explained that “FIGI establishment came at a time when developing countries were pioneering the introduction of new digital financial services to reach the unbanked. FIGI brought everyone together to make the most of this unprecedented opportunity to increase financial inclusion.”
The workshop was concluded with the deliberation by CRASA to review the key recommendations for regulators that were proposed by ITU which include the recommendations for regulators to mitigate SS7 vulnerabilities, security recommendations to protect against DFS SIM risks and SIM swap fraud, mobile application security best practices, DFS consumer competency framework and a template for a model Memorandum of Understanding(MOU) between ICT Regulators and Financial Regulators as part of a collaborative regulation agenda to coordinate and collaborate in addressing security risks related to the use of Digital Financial Services using mobile networks and the application ecosystem.
For more information, kindly visit https://www.itu.int/en/ITU-T/webinars/dfs/sc/20220524/Pages/default.aspx
CRASA is a Southern Africa consultative technical body with 13 ICT and Postal Regulators as members (Angola, Botswana, Democratic Republic of Congo, Eswatini, Lesotho, Malawi, Mauritius, Mozambique, Namibia,South Africa, Tanzania, Zambia and Zimbabwe) focusing among several other things, on development of model regulations and harmonization of the ICT andPostal regulatory frameworks in order to improve the communications sector’s business environment and investment climate in SADC.
The International Telecommunication Union (ITU) is the United Nations specialized agency for information and communication technologies (ICTs) that was founded in 1865 to facilitate international connectivity in communications networks, allocate global radio spectrum and satellite orbits, develop the technical standards that ensure networks and technologies seamlessly interconnect, and strive to improve access to ICTs to underserved communities worldwide. ITU is committed to connecting all the world's people –wherever they live and whatever their means by protecting and supporting everyone's right to communicate.