ITU Financial Inclusion Global Initiative issues reports on biometrics and other tech to build trust
The Financial Inclusion Global Initiative (FIGI) of the International Telecommunication Union (ITU) has launched a series of new reports outlining its position on how to build and maintain trust in digital financial services (DFS), including the use of biometrics.
Mitigating security vulnerabilities in Signalling System 7 (SS7), digital identity and strong authentication, and security assurance frameworks are considered in new FIGI reports, which were presented by the FIGI Working Group on ‘Security, Infrastructure, and Trust’ at the recent FIGI Security Clinic.
The reports ‘Implementation of Secure Authentication Technologies for Digital Financial Services,’ ‘SS7 vulnerabilities and mitigation measures for Digital Financial Services transactions,’ and ‘Digital Financial Services Security Assurance Framework’ are all available for free download from the ITU.
SS7 was built on the assumption that its use would be highly regulated, allowing only trusted telecoms to use it. This is no longer true, and with DFS infrastructure in the developing world largely depending on cellular and mobile money, security features need to be built into legacy networks and stakeholders need to be educated on the ongoing challenge of securing the network and preventing SMS fraud.
On the second count, FIGI is supporting the shift away from the legacy ‘shared-secret’ authentication model typically consisting of a username and password, and toward the use of biometrics, particularly according to the specification developed by the FIDO Alliance.
The ITU officially recognized FIDO’s AUF 1.1 and CTAP specifications as ITU X.1277 and ITU X.1278 a year ago, and expects that recognition to stimulate their global adoption.
“The security risk is not only the concern of the bank or the DFS provider. It also concerns all the other players that are involved in the industry in providing the service … security is only as strong as the weakest link in the chain,” says ITU Digital Financial Inclusion Programme Coordinator Vijay Mauree.
A report on the ‘Security Aspects of Distributed Ledger Technologies’ has also been published as a loving document by FIGI.
FIGI is led by ITU, the World Bank Group, and the Committee on Payments and Market Infrastructures, and supported by the Bill & Melinda Gates Foundation.