Overview of the Digital Financial Services (DFS) security testing laboratory

How & When was it established?

The Uganda Communications Commission (the Commission), in collaboration with the International Telecommunications Union (ITU), established a Digital Financial Services (DFS) security testing laboratory, which became operational in 2023.

What is the purpose of the Lab?

The DFS security lab aims to provide a common methodology to conduct security audits for mobile DFS apps to address systemic vulnerabilities.

Systemic vulnerabilities include those that can impact the confidentiality, integrity and availability of services. Such vulnerabilities include, but are not limited to:

  • Improper credential usage
  • Insecure authentication/authorization
  • Insecure communication
  • Inadequate data privacy controls
  • Insecure data storage
  • Application misconfigurations

Objectives of the DFS security testing laboratory

The DFS security lab seeks to:

  1. Conduct security assessments on DFS applications across multiple platforms using established and emerging security frameworks. 
  2. Collaborate with key DFS providers, regulators, and industry experts to identify and mitigate security risks, implement robust security frameworks, and adopt common security practices and international standards. 
  3. Promote awareness of DFS security issues and provide practical guidance on effective mitigation strategies. 
  4. Support adoption of global DFS security standards. 

Frequently Asked Questions

Who can access this service?

Owners of mobile applications serving in the digital financial services space are eligible to benefit from this service.

Is this service free?

Yes, this service is free.

What mobile applications are in scope for testing?

Currently, the DFS lab is only conducting security tests for android, iOS and Sim Tool Kit (STK) based applications.

How do I access this service?

Send an email to cert@ucc.co.ug with your application details including the google play store / apple store application links (where applicable) requesting for this service. You may also reach out via + 256 414 339000/ 312 339000 for more inquiries.

DFS Security Resources

Icon

Security recommendations to protect against DFS SIM risks and SIM swap fraud

1 file(s) 119 KB
Download
Icon

Mobile Application Security Best Practices

1 file(s) 140 KB
Download
Icon

Recommendations to Mitigate SS7 Vulnerabilities

1 file(s) 117 KB
Download

Contact Info

The Computer Emergency Response Team

Colville Street, Communications House

P.O. Box 7376
Kampala, Uganda

Tel: + 256 414 339000/ 312 339000
Fax: + 256 414 348832
E-mail: cert@ucc.co.ug

Useful links

Subscribe to our Newsletters

© 2023 . All Rights Reserved by Uganda Communications Commission.