• Who We Are
        • Learn more about MITRE Engenuity’s journey as a hub for transformative innovation.

        • How We Engage
        • We forge innovative partnerships to generate whole-of-nation solutions to complex technological problems.

        • Contact Us
        • Connect with a member of the MITRE Engenuity team and ensure your inquiry gets to the right people.

        • Cybersecurity
        • We are relentlessly advancing the art of threat-informed defense, anchored by a belief that we can improve our defenses with a systemic application of a deep understanding of adversary tradecraft and technology.

        • ATT&CK Evaluations
        • We offer objective analysis of cyber products and features – see our latest results.

        • Center for Threat-Informed Defense
        • Read more about the cutting-edge research and development being done with input from our participant organizations, featuring some of the top security operations centers.

        • Developing tomorrow's cyber workforce today.
        • News & Insights
        • We are leading the leading edge of innovation. Explore the latest news, insights, R&D, and special projects from our advanced tech experts and partners.

        • Subscribe to Our Newsletters
        • Our tech foundation is addressing the complex problems that face our nation today. Find out how you can join our efforts as we spur innovation for public good.


Securing the Digital Financial Ecosystem Abroad

Establishing a two-lens methodology that helps keep people’s money safe throughout the mobile digital financial services ecosystem

Mobile digital financial services (mDFS) play a critical role in economies in developing countries. From paying for goods to receiving government benefits or compensation for work, in these areas of the world, cell phones and mobile apps are an essential component of the financial transaction system. MITRE Engenuity’s now-completed pilot program addressed the critical need for cybersecurity risk mitigation across the ecosystem. 

Innovation in Action

Across the globe, many financial services are accessed using mobile phones, including: 

  • point-of-sale purchases 
  • sending money to friends or family 
  • insurance and savings 
  • digital wallet usage 
  • app-based transactions (e.g., ride share, food delivery, bill paying) 

As more people adopt “mobile money,” the risk of compromised transactions increases.  The scope of mDFS is incredibly complex, involving a multitude of factors – socioeconomic, cultural, and technical – and many stakeholders, including wireless companies, banks, app developers, agent networks, governments, and more. Therefore, protecting mDFS becomes a multi-faceted challenge. To address the varied approaches of participants in the fintech ecosystem, MITRE Engenuity’s team set out to create a decision tool (cyber risk model) to help direct industry and government toward solutions-oriented investments.

Diving into these factors and exploring where risk could be assessed and how guidance could be provided to mitigate those risks 

Mobile money ecosystems infographic.
The many sectors existing within the mDFS ecosystem

What We Did

Our project was designed to offer guidance for those looking to fortify their mDFS ecosystem and provide safer, more reliable storage and transfer of money. This was done by exploring questions such as: 

  • What level of access to the internet do people in an area have?  
  • What kinds of technologies are prominent among service providers in the country’s mobile money ecosystem? 
  • Do citizens have access to smart phones? 
  • What kind of policies are currently incentivizing or impeding access to mobile money? 
  • Does the country have a national identity system that facilitates secure banking?  
  • Is a nation experiencing political or societal struggles that may affect citizens’ access to mDFS? 
  • What stakeholders in the country influence mobile money access—banks, government, network operators, start-ups? 
  • Are any licensing requirements in place that address security? 

By addressing these questions and others, our cyber risk model can produce recommendations on resource investments tailored to the specific risks most likely to affect secure access to mobile digital financial systems. In identifying these recommendations, our interactive digital cyber risk model tool uses a two-lens (technical and policy/governance) approach to estimate the impact of—and offer mitigants for—eight different kinds of threats to mobile digital financial systems.

3d glasses with the words understanding technology and non-technical lenses.
The two-lens approach

By identifying key aspects of their ecosystem, users of the model can discover recommendations tailored to their country’s unique technology and policy environment that will reduce risk, improve access, and increase trust.  


Secure access to money is essential for individuals to achieve political stability, gender equity, and economic advancement. Where traditional banking services are not available to many people, or have other barriers to use, mobile digital financial services can dramatically improve this access. Particularly in developing countries, people are increasingly using mobile devices to receive, transfer, and save money—but they are not always aware of the risks associated with these technologies. Recognizing the importance of mDFS, and the wide range of potential vulnerabilities associated with it, many stakeholders are looking for ways to improve access while reducing risk. Our Cyber Risk Model prototype is a decision tool that accounts for hundreds of factors within a highly complex ecosystem to evaluate risks to people, hardware, and software—and offer solutions.

More Information 

Executive summary: MITRE Engenuity mDFS Model Visualization Executive Summary.pdf (hubspotusercontent-na1.net) 

Full report: For Pub Engenuity mDFS Risk Model Development Report_ME0044_Final 05102023 (hubspotusercontent-na1.net) 

This project was made possible through a grant from the Bill and Melinda Gates Foundation