Global Courant 2023-04-14 10:00:00
Around the world, many financial services are provided through mobile phones. From point-of-sale purchases to sending money to friends or family, digital wallets and using apps for paid services such as ride-hailing, food delivery and bill payment, our world is intrinsically connected to mobile digital financial services (mDFS). The potential to provide efficient, seamless and easy access to money for citizens of rapidly changing countries is high, as is the potential for fraud. Governments must prepare for and defend against fraudulent actors. This means investing in stronger infrastructure and introducing safer production requirements as current ones become obsolete with the transition to 5G in many industries. For example, many regions rely on unstable networks and have limited access to the Internet.
Limited resources can hinder progress. The ever-expanding array of attacker strategies aimed at stealing or compromising financial and personal data, combined with ongoing challenges in creating a foundation providing access to both broadband internet and banking-related services results in significant variations in the ability of both individuals and businesses to securely access mDFS.
In our quest to provide technology for the public good, we are with you MITER ingenuity rise to the challenge and have developed an analytical risk model that uses information from a country’s current systems to recommend investments in resources that most efficiently reduce the risk of attacks.
The model offers a flexible but consistent approach. First, it identifies the most relevant cybersecurity threats and obstacles to secure access at a given sector. After this analysis, it then recommends the policies and technical approaches most appropriate for expanding and improving secure mDFS access.
Technical + Policy
This model simultaneously leverages a “unique blend of deep technical subject matter experts from multiple disciplines,” said Cynthia Wright, model researcher and MITER Principal Cybersecurity Engineer. She notes that it is based on one fashion model which identifies possible attack methods against financial services companies and the insights are drawn from sectors such as “international cyber capacity building, cybersecurity engineering, systems engineering and cyberthreat intelligence”.
Building on MITER’s deep cyberthreat modeling expertise and its International framework for cyber capacity buildingthe MITER Engineering mDFS risk management model (RMM) uses a “dual lens” approach that combines both technical and policy/governance risk factors and mitigating factors to create a comprehensive and multi-dimensional view of the challenges threatening the mDFS ecosystems.
The mDFS RMM has evolved from this vast array of expert knowledge and resources and is one of the most comprehensive models ever developed for the cellphone room. Users identify recommendations tailored to their country’s unique technology and policy environment that reduce risk, improve access, and increase confidence.
The validation results are in
Cynthia shared that too, as part of our support for the mobile money cybersecurity initiative for the Bill & Melinda Gates FoundationMITER Engenuity conducted a study to test the effectiveness of the RMM by applying it to different countries with very different technology and policy/governance ecosystems, e.g. levels of financial inclusion and access to internet connectivity: Bangladesh, Kenya, Nigeria, Rwanda and go.
Overall, the study validated the RMM as it was able to identify for each country a combination of technical and policy approaches that would improve access and security beyond technical approaches alone. In the next step of validation, individuals and organizations who are well acquainted with the countries will examine the model’s policy/governance recommendations and determine their relevance to helping the countries improve their mDFS ecosystems. (The technical security recommendations are simple and well validated in other models.)
Open model output
To complement the model that generates the recommendations, MITER Engenuity has developed a dynamic software platform that automates the methods used by the model. This allows users who are not cyber experts to select relevant characteristics in the chosen community and use them to assess which risks are most prominent. The platform also generates both technical and policy/administrative recommendations that can be used to implement risk mitigation strategies, such as enabling security mechanisms such as PINs, passwords and biometrics.
This platform is ready for pilot testing for a particular purpose and application in one of the following use cases:
Donor countries or aid organizations: Use the RMM to identify which of the prominent risk factors in a particular country or region best match aid goals and resources, as a tool to focus resource efforts. Identify technology or governance approaches appropriate for a specific country to aid in developing achievable targets and outreach initiatives. National governments: Use the RMM to optimize limited resources by reducing the risk landscape. Identify where policy/governance approaches can mitigate risk, even in a diverse tech ecosystem. Identify incentives or barriers that may affect mDFS access and security, such as specific policies regarding licensing, fees, taxes, etc. Identify less obvious factors that contribute to mDFS adoption and security, such as gender policies, educational curricula, the presence of a national digital identification program, or the availability and security of agent networks, which are subject to change through policy. Technology (including Fintech) Companies and regulatory entities: Identify approaches such as specific technology features and standards that can allow for large-scale improvements in ecosystem security. Identify national or regional trade and collaboration approaches that may help or hinder the adoption of mDFS technologies, applications, etc.
Give it a chance
We think it’s time for widespread use and feedback from the countries that promote and benefit from this work!
MITER Engenuity wants to define and implement more features, engage with content creators or moderators, and support ongoing development. But it needs input from real world users. Open the tool and perform a risk assessment.
The MITER team is happy to accept questions on any of the topics covered in this article or feature requests at (email protected) and to read about the cyber risk model management tool.
