Securing the Digital Financial Ecosystem Abroad

Establishing a two-lens methodology that helps keep people’s money safe throughout the mobile digital financial services ecosystem

Mobile digital financial services (mDFS) play a critical role in economies in developing countries. From paying for goods to receiving government benefits or compensation for work, in these areas of the world, cell phones and mobile apps are an essential component of the financial transaction system. MITRE Engenuity’s now-completed pilot program addressed the critical need for cybersecurity risk mitigation across the ecosystem. 

Innovation in Action

Across the globe, many financial services are accessed using mobile phones, including: 

  • point-of-sale purchases 
  • sending money to friends or family 
  • insurance and savings 
  • digital wallet usage 
  • app-based transactions (e.g., ride share, food delivery, bill paying) 

As more people adopt “mobile money,” the risk of compromised transactions increases.  The scope of mDFS is incredibly complex, involving a multitude of factors – socioeconomic, cultural, and technical – and many stakeholders, including wireless companies, banks, app developers, agent networks, governments, and more. Therefore, protecting mDFS becomes a multi-faceted challenge. To address the varied approaches of participants in the fintech ecosystem, MITRE Engenuity’s team set out to create a decision tool (cyber risk model) to help direct industry and government toward solutions-oriented investments.

Diving into these factors and exploring where risk could be assessed and how guidance could be provided to mitigate those risks 

Mobile money ecosystems infographic.
The many sectors existing within the mDFS ecosystem

What We Did

Our project was designed to offer guidance for those looking to fortify their mDFS ecosystem and provide safer, more reliable storage and transfer of money. This was done by exploring questions such as: 

  • What level of access to the internet do people in an area have?  
  • What kinds of technologies are prominent among service providers in the country’s mobile money ecosystem? 
  • Do citizens have access to smart phones? 
  • What kind of policies are currently incentivizing or impeding access to mobile money? 
  • Does the country have a national identity system that facilitates secure banking?  
  • Is a nation experiencing political or societal struggles that may affect citizens’ access to mDFS? 
  • What stakeholders in the country influence mobile money access—banks, government, network operators, start-ups? 
  • Are any licensing requirements in place that address security? 

By addressing these questions and others, our cyber risk model can produce recommendations on resource investments tailored to the specific risks most likely to affect secure access to mobile digital financial systems. In identifying these recommendations, our interactive digital cyber risk model tool uses a two-lens (technical and policy/governance) approach to estimate the impact of—and offer mitigants for—eight different kinds of threats to mobile digital financial systems.

3d glasses with the words understanding technology and non-technical lenses.
The two-lens approach

By identifying key aspects of their ecosystem, users of the model can discover recommendations tailored to their country’s unique technology and policy environment that will reduce risk, improve access, and increase trust.  

Impact

Secure access to money is essential for individuals to achieve political stability, gender equity, and economic advancement. Where traditional banking services are not available to many people, or have other barriers to use, mobile digital financial services can dramatically improve this access. Particularly in developing countries, people are increasingly using mobile devices to receive, transfer, and save money—but they are not always aware of the risks associated with these technologies. Recognizing the importance of mDFS, and the wide range of potential vulnerabilities associated with it, many stakeholders are looking for ways to improve access while reducing risk. Our Cyber Risk Model prototype is a decision tool that accounts for hundreds of factors within a highly complex ecosystem to evaluate risks to people, hardware, and software—and offer solutions.

More Information 

Executive summary: MITRE Engenuity mDFS Model Visualization Executive Summary.pdf (hubspotusercontent-na1.net) 

Full report: For Pub Engenuity mDFS Risk Model Development Report_ME0044_Final 05102023 (hubspotusercontent-na1.net) 

This project was made possible through a grant from the Bill and Melinda Gates Foundation