Committed to connecting the world

Regional Digital Financial Services Security Clinic for Asia Pacific Region

The International Telecommunication Union (ITU) in collaboration with FNSV organized a Regional Digital Financial Services Security Clinic for Asia Pacific Region on the 24-25 April 2024 at the Koreana Hotel in Seoul, Republic of Korea. The event was jointly held with FNSV Korea and the Korean Fintech Centre.

People in Africa, Asia, Latin America, and elsewhere are leapfrogging traditional brick-and-mortar banking in favour of mobile payments and other digital financial services. In recent years, regulators and financial sector supervisors have become increasingly aware that financial services aimed to address financial inclusion (FI) challenges around the world are becoming vulnerable to cyber threats, primarily due to the increasing role of digital services (including mobile and other technologies) in the delivery of financial services. As financial services become increasingly digitized, the volume of sensitive digital data grows exponentially and with it, the potential for personal and system impacts of data breaches. As such, the need for safeguards from cybersecurity threats to this data becomes increasingly important.

The event was in line with the ITU Plenipotentiary Resolution 204 and WTSA Resolution 89 which proposed the use of ICTs to bridge the gap in financial inclusion.

The objectives of the workshop included:

Providing a comprehensive overview of the security threats to fintech and digital financial inclusion;
Identifying technical and organizational security and risk management best practices to mitigate the identified threats which are in the ITU DFS Security Recommendations;
Showcasing the ITU digital financial services (DFS) security lab and the practical guidance provided to developing countries for digital financial services security;
Exploring the ITU Cyber resilience assessment toolkit so regulators can self-assess the cyber resilience of critical infrastructure for digital financial services; and
Providing a platform for cybersecurity experts from the region to share lessons learned in fintech security, cyber resilience and coordination in response to safeguard critical infrastructure and respond to emerging threats in the fintech landscape.

The DFS Security Clinic was targeted at representatives from telecommunications regulators, national cybersecurity agencies, Central Banks, Financial Service Providers, Banks, ministries, service and IT security solution providers, Strong Authentication vendors, academia, R&D institutions and other organizations working on matters related to fintech security and digital financial inclusion.

Target Audience:
Participation was free of charge and was open to all stakeholders from ITU Member States, Sector Members, Associates and Academic Institutions and to any individual from a country that was a member of ITU who wished to contribute to the work. Participation was free of charge and open to all. No fellowships were granted for the workshop.

Programme

DAY 1: 24 April 2024

09:00 - 09:30	Welcome and opening remarks Seizo Onoe, Director TSB, ITU (Remote) Byun Young Han, Chairman of Fintech Center Korea
09:30 - 10:00	Keynote: Fintech Security Heung Youl Youm, Chair of ITU-T SG17/Professor of Soonchunhyang University, Korea (Republic of) [Presentation]
10:00 - 10:30	Group Photo & Coffee Break
10:30 - 11:30	Session 1: Introduction to ITU DFS Security Lab and ITU activities in the region on Digital Finance This session provided a general overview of the ITU DFS Lab and the assistance that it provides to developing countries to adopt the DFS Security recommendations. The ITU DFS Security Knowledge Sharing Platform was designed to foster collaboration among regulators and other stakeholders in the development and implementation of security guidelines and best practices for Digital Financial Services (DFS). The session also provided an overview of the activities of the ITU on Digital Finance and highlight how the State Bank of Pakistan implemented the ITU DFS security recommendations. Moderator: Ariff Olan Kholid, Project Manager, FNSValue Malaysia Vijay Mauree, Programme Coordinator, TSB, ITU [Presentation] Akanksha Sharma, Programme Officer, ITU Area Office for South Asia and Innovation Centre, New Delhi Rehan Masood, Joint Director Digital Financial Services, State Bank of Pakistan [Presentation]
11:30 - 12:30	Session 2: Blockchain Secure Authentication (BSA) and deployment for passwordless authentication for DFS The objective of this session was to provide an overview of Blockchain Secure Authentication technology and how it could be used for passwordless authentication in mobile payments. The session also introduced the ITU developer resources for BSA. Moderator: Akanksha Sharma, Programme Officer, ITU Area Office for South Asia and Innovation Centre, New Delhi Wan Ameer Ruzman Wan Salaidin, Manager, Engineering Services, FNSValue Malaysia [Presentation] Ariff Olan Kholid, Project Manager, FNSValue Malaysia [Presentation] Arnold Kibuuka, Project Officer, TSB, ITU
12:30 - 13:00	Session 3: Introduction to the ITU BSA Application Challenge Vijay Mauree, Programme Coordinator, TSB, ITU [Presentation] Ariff Olan Kholid, Senior Marketing Executive of FNS(M) [Presentation]
13:00 - 14:00	Lunch
14:00 - 15:30	Session 4: Fintech Security and Digital Financial Inclusion in Asia Pacific Region This session provided an overview of the Fintech security measures implemented in different countries in the Asia Pacific region. Moderator: Akanksha Sharma, Programme Officer, ITU Area Office for South Asia and Innovation Centre, New Delhi Rehan Masood, Joint Director Digital Financial Services, State Bank of Pakistan [Presentation] Heung Youl Youm, Chair of ITU-T SG17/Professor of Soonchunhyang University, Korea (Republic of): Security assurance framework for digital financial services (X.1150) [Presentation] Sung Kyun Son, General Manager, Fintech Center Korea: Korea Fintech Industry Trend and major policies [Presentation] Ng Lee See, Risk Specialist, Risk Specialist and Technology Supervision Department, Bank Negara Malaysia: Overview of the digital security measures in Malaysian financial sector [Presentation] Sonam Tobgay, Deputy Executive Engineer, InfoComm and Infrastructure Division, Bhutan InfoComm and Media Authority (BICMA) [Presentation]
15:30 - 15:45	Coffee Break
15:45 - 17:30	Session 5: DFS security recommendations This session highlighted the security best practices and standards to be implemented by DFS regulators and providers as mentioned in the ITU DFS security recommendations to secure the applications layer, telecom infrastructure and payment system infrastructure. In particular, the following measures were presented: Security recommendations to protect against DFS SIM risks and SIM swap fraud Template for a Model MOU between a Telecommunications Regulator and Central Bank on Digital Financial Services Security Recommendations for regulators to mitigate SS7 vulnerabilities DFS consumer competency framework Application Security best practices The session also delved into mobile device security best practices. Moderator: Vijay Mauree, Programme Coordinator, TSB, ITU Arnold Kibuuka, Project Officer, TSB, ITU [Presentation] Kevin Butler, Director, Florida Institute for Cybersecurity (FICS) Research [Presentation]
Day 2: 25 April 2024
09:00 - 10:00	Session 1: Managing risk in digital financial services DFS providers put in place adequate measures to address the security threats and vulnerabilities and demonstrate compliance against regulatory measures. This session considered the various threats and vulnerabilities that can impact the confidentiality, integrity, and availability of digital financial services from a value chain perspective. The session also highlighted mitigation measures that DFS providers can implement to reduce the impact of these risks and discussed a framework that can be implemented by DFS providers to better manage the risks and show compliance. Moderator: Radhilufti Madehi, Chief Operating Officer, FNSValue Malaysia Vijay Mauree, Programme Coordinator, TSB, ITU [Presentation] Rehan Masood, Joint Director Digital Financial Services, State Bank of Pakistan [Presentation] Heung Youl Youm, Chair of ITU-T SG17/Professor of Soonchunhyang University, Korea (Republic of): ROK's legal aspects for digital authentication supporting fintech services [Presentation]
10:00 - 10:45	Session 2: DFS cyber resilience toolkit tabletop exercice (Part 1) This session introduced the ITU DFS cyber resilience toolkit for regulators to safeguard critical digital finance infrastructure. This session also included an exercise designed as an interactive tabletop session, where participants were organized into groups, each focusing on a distinct aspect of cyber security: Risk management, governance, testing, training & awareness, protection and incident response. Arnold Kibuuka, Project Officer, TSB, ITU [Presentation]
10:45 - 11:00	Coffee Break
11:00 - 13:00	Session 3: DFS cyber resilience toolkit tabletop exercise (Part 2) This exercise was designed as an interactive tabletop session, where participants were organized into groups, each focusing on a distinct aspect of cyber security: Risk management, governance, testing, training & awareness, protection and incident response. (Prerequisites for participants and details – see below). Facilitators: Vijay Mauree, Programme Coordinator, TSB, ITU Arnold Kibuuka, Project Officer, TSB, ITU
13:00 - 14:00	Lunch
14:00 - 15:00	Session 4: DFS cyber resilience toolkit tabletop exercise (Part 3) Facilitators: Vijay Mauree, Programme Coordinator, TSB, ITU Arnold Kibuuka, Project Officer, TSB, ITU
15:00 - 15:15	Coffee Break
15:15 - 17:00	BSA sandbox bootcamp Moderator: Ariff Olan Kholid, Project Manager, FNSValue Malaysia Wan Ameer Ruzman Wan Salaidin, Manager, Engineering Services, FNSValue Malaysia [Presentation] Mohd Wafiuddin Ali, Senior Systems Engineer, FNSValue Malaysia [Presentation] Munawwarah Johari, Systems Engineer, FNSValue Malaysia [Presentation]
17:00 - 17:15	Closing of the Security Clinic Seung Ju Jeon, CEO, FNSValue & FNS(M) SDN BHD Vijay Mauree, Programme Coordinator, TSB, ITU

Committed to connecting the world

Regional Digital Financial Services Security Clinic for Asia Pacific Region

Programme

​DAY 1: 24 April 2024​

​ ​Day 2: 25 April 2024

DAY 1: 24 April 2024

Day 2: 25 April 2024