💵
ITU DFS Security Assurance Framework
  • Acronyms
  • Executive Summary
  • Introduction
  • ITU-T Recommendation X.805 Overview
  • DFS Provider Business Models
  • Elements of DFS ecosystem
  • Security threats
  • DFS Security Assurance Framework
    • Risk assessment methodology
      • Assessment of DFS security vulnerabilities, threats and mitigation Measures
  • DFS security vulnerabilities, threats and mitigation Measures In order to systematical
    • Account and Session Hijacking
    • Attacks against systems and platforms
    • Code Exploitation Attacks
    • Data Misuse
    • Denial of Service Attacks
    • Insider Attacks
    • Man-in-the-middle and social engineering attacks
    • Compromise of DFS Infrastructure
    • Compromise of DFS Services
    • SIM attacks
    • Unauthorized access to DFS data
    • Malware
    • Rogue Devices
    • Unauthorised Access to Mobile Devices
    • Unintended Disclosure of Personal Information
    • Zero-Day Attacks
    • Attacks against credentials
Powered by GitBook
On this page
  • Affected entity: DFS Provider
  • Affected entity: Third-Party Provider
  1. DFS security vulnerabilities, threats and mitigation Measures In order to systematical

Unintended Disclosure of Personal Information

Threats resulting in user data being inadvertently exposed.

Affected entity: DFS Provider

Risk: The risk of exposure of personally identifiable information occurs because of the following vulnerability

  • Vulnerability: Inadequate oversight and controls in test environments (SD: privacy)

Affected entity: Third-Party Provider

Risk: Exposure of sensitive information occurs because of the following vulnerabilities: |

  • Vulnerability: Exposure of customer-sensitive information in transactions or through APIs (SD: privacy)

  • Vulnerability: Insufficient data protection controls (SD: privacy)

  • Control 17.3: Providers should ensure that customer-sensitive data is removed from environments such as trace logs (for example, cash retrieval voucher codes, bank account numbers, and credentials). Use place holders whenever possible to represent this data in log files.

PreviousUnauthorised Access to Mobile DevicesNextZero-Day Attacks

Last updated 2 years ago