Tiêu chuẩn quốc tế

DISCLAIMERAbout this reportExecutive SummaryAcronyms1 Introduction2 ITU-T Recommendation X.805 Overview3 DFS Provider Business Models 3.1 Bank led business model 3.2 MNO led business model 3.3 Model with Mobile Virtual Network Operator 3.4 Hybrid Model4 Elements of DFS ecosystem 4.1 Elements of a DFS ecosystem using USSD; SMS; IVR; STK and NSDT 4.2 Elements of a DFS ecosystem based on applications and digital wallets (e.g Google Pay, Apple pay, WeChat Pay, Samsung Pay).5 Security threats 5.1 Threats to DFS using USSD; SMS; IVR; STK and NSDT 5.2 Threats to DFS ecosystem based on apps and digital wallets6 DFS Security Assurance Framework7 Risk assessment methodology 7.1 Scope 7.2 Establishing a context 7.3 Security Assessment 7.4 Risk Identification 7.5 Risk Analysis 7.6 Risk Evaluation8 Assessment of DFS security vulnerabilities; threats and mitigation Measures 8.1 Threat: Account and Session Hijacking 8.2 Threat: Attacks against credentials 8.3 Threat: Attacks against systems and platforms 8.4 Threat: Code Exploitation Attacks 8.5 Threat: Data Misuse 8.6 Threat: Denial of Service Attacks 8.7 Threat: Insider Attacks 8.8 Threat: Man-in-the-middle and social engineering attacks 8.9 Threat: Compromise of DFS Infrastructure 8.10 Threat: SIM attacks 8.11 Threat: Compromise of DFS Services 8.12 Threat: Unauthorized access to DFS data 8.13 Threat: Malware 8.14 Threat: Zero-Day Attacks 8.15 Threat: Rogue Devices 8.16 Threat: Unauthorised Access to Mobile Devices 8.17 Threat: Unintended Disclosure of Personal Information9 Template for application security best practices 9.1 Device and Application Integrity 9.2 Communication Security and Certificate Handling 9.3 User Authentication 9.4 Secure Data Handling 9.5 Secure Application Development10 DFS Security Incident managementAnnex 1 Detailed DFS ecosystem infrastructure and threatsv