Committed to connecting the world

Digital Financial Services Security Clinic for Ethiopia

The International Telecommunication Union (ITU), in collaboration with the Ethiopian Communications Authority (ECA) and the United Nations Capital Development Fund (UNCDF) Ethiopia Country Office, was pleased to invite the participants to the Stakeholder Engagement workshop on Digital Financial Services (DFS) that took place on November 5, 2024 from 09:00 am to 4:30 pm EAT at Capital Hotel, Addis Ababa.

The event aligned with the 2022 ITU Plenipotentiary Resolution 204 and WTSA Resolution 89, which advocate for the use of Information and Communication Technologies (ICTs) to promote financial inclusion. It aimed to provide key insights and practical guidance to DFS stakeholders in Ethiopia about the best practices that need to be adopted by regulators and DFS providers to secure the DFS applications and infrastructure.

The main objectives of the DFS Security Clinic were to:

Provide a comprehensive overview of the evolving security threats that affect fintech and digital financial inclusion.
Identify and share the technical and organizational security measures based on the ITU DFS Security Recommendations to mitigate threats.
Provide an overview of the ITU DFS Security Lab and the practical guidance provided to regulators and DFS providers in developing countries for digital financial services security.
Provide a platform for DFS stakeholders to share lessons learned, discuss fintech security, and adoption of the DFS Security Recommendations.

Target audience: The main audience for the DFS Security Clinic included representatives from telecommunications regulators, national cybersecurity agencies, central banks, financial service providers, banks, mobile network operators, fintech companies, IT security solution providers, relevant government ministries, and other stakeholders.

Programme

09:00 - 09:30	Welcome Remarks Emmanuel Manasseh, Regional Director, R.O. for Africa (ITU) H.E Eng. Balcha Reba, Director General of the Ethiopian Communications Authority (ECA) Solomon Damtew, the Director of Payment and Settlement Systems for National Bank of Ethiopia (NBE)
09:30 - 10:30	Introduction to ITU DFS Security Lab and Recommendation This session provided a general overview of the ITU DFS Security Lab and the assistance that it provides to developing countries to adopt the DFS Security recommendations. Related Reports/Regulatory Guidance: DFS Security recommendations Speakers: Namrud Negash, Project Officer, TSB, ITU Arnold Kibuuka, Project Officer, TSB, ITU [Presentation]
10:30 - 10:45	Coffee Break
10:45 - 11:45	ECA (Ethiopian Communication Authority) - Overview of DFS Ecosystem in Ethiopia NBE (National Bank of Ethiopia) - Overview of DFS Ecosystem in Ethiopia [Presentation]
11:45 - 12:30	ITU DFS recommendations to address SIM swap fraud and related risks. This session focused on the guidance and recommendations for regulators and providers to mitigate SIM vulnerabilities like SIM swaps, SIM recycling, and attacks on SIMs like binary over-the-air attacks. The session also covered how the Central Bank and Telecom regulator could coordinate addressing security risks to the DFS ecosystem. Related Reports/Regulatory Guidance: Security recommendations to protect against DFS SIM risks and SIM swap fraud Model MOU between a Telecommunications Regulator and Central Bank on Digital Financial Services Security Speaker: Arnold Kibuuka, Project Officer, TSB, ITU [Presentation]
12:30 - 13:30	Lunch Break
13:30 - 14:30	DFS Security Assurance Framework This session discussed the DFS security assurance framework that can be implemented by DFS providers to better manage the risks and mitigate their impact. Related Reports/Regulatory Guidance: DFS Security Assurance Framework DFS Security Audit Guideline Speaker: Arnold Kibuuka, Project Officer, TSB, ITU [Presentation]
14:30 - 15:30	Mobile Application security best practices A mobile payment app security guideline were shared which can be adopted as a technical guideline or regulation to establish minimum security baselines for developers and digital finance providers to adopt security best practices and international security standards Related Reports/Regulatory Guidance: Mobile Application Security Best Practices Speaker: Namrud Negash, Project Officer, TSB, ITU [Presentation]
15:30 - 15:45	Coffee Break
15:45 - 16:00	ITU DFS recommendations to address SS7 vulnerabilities Telecom infrastructure vulnerabilities such as SS7 can be exploited by an intruder to intercept calls and SMSs, bypass billing, steal money from mobile money accounts, or affect mobile network operations. This session presented the main findings and recommendations of the Security, Infrastructure and Trust Working Group on securing the infrastructure against SS7 vulnerabilities and threats. Related Report: SS7 Vulnerabilities and Mitigation Measures for DFS Transactions Speaker: Arnold Kibuuka, Project Officer, TSB, ITU [Presentation]
16:00- 16:30	ITU Digital Financial Services Consumer Competence Framework This session introduced the ITU digital financial services consumer competence framework which identifies the knowledge, skills and attitudes consumers need to participate actively, safely and have trust in the digital financial services ecosystem. Related Reports/Regulatory Guidance: DFS Consumer Competency Framework Speaker: Namrud Negash, Project Officer, TSB, ITU [Presentation]

Related Information

Organized by: International Telecommunication Union (ITU)
Digital Financial Services (DFS) Security Clinics
Digital Financial Services Security Lab (itu.int)
DFS Security Lab
Voluntary Contribution
Contact: tsbevents@itu.int

Organized by