Risk Management

Risk Management

Risk Assessment and Mitigations

The following arrangements should be done to mitigate the risk:

Types of Risks

1. Transaction Risk:  Effective control mechanisms and management information systems shall be used to mitigate the transaction risks. The accuracy of the information systems and operating processes shall be monitored and reviewed on regular basis. OTP is sent to the registered mobile number or registered email. Transactions occurred only after One Time Password (OTP) generation and verification of OTP for each transaction.

2. Credit risk: This risk that participants in the transaction will not be paid for an outstanding claim. These participants include the counterparties themselves, the issuer of the settlement medium, and, if any, intermediaries involved in the delivery of goods, services, etc. Credit risk typically arises when one of the participants becomes insolvent.  

3. Liquidity risk: Liquidity risk is the risk that the counterparty that owes funds will not be able to meet its payment obligation on time, thus adversely affecting the expected liquidity position of the recipient of funds at the time the funds are due. The risk arises because of settlement lags, non-synchronous settlement, or default by the issuer of the settlement medium. Moreover, a lag between the time a trade is agreed and settlement takes place creates the risk that the transaction may not take place at the time agreed owing to the failure of one of the parties to perform. The risks of Liquidity and Credit are buffered by our Acquiring bank and Settlement banks.

4. Risk Related to Security of electronic payments:   A board-approved Information Security Policy is in place to address all electronic delivery channels and payment systems. Arrangement of User Address verification service, Validate Card Security Codes, Adherence to PCI Compliance and OTP, the associated risk is mitigated.

5. Risk of data loss/ privacy issue: A boxboard-approved Information Security Policy is in place to address all electronic delivery channels and payment systems. An adequate Disaster Recovery Plan shall mitigate the risk of data loss. The merchant should adhere to PCI Compliance to mitigate the risk of data loss and card data encryption during information transfer. In case of any data loss, the concerned merchant will be responsible.

6. Risk of non-compliance on e-transactions under NRB directives: Ongoing training of staff members regarding changes in procedures and regulations will mitigate the risk of non-compliance.

  • Validate Card Security Codes: The second way to verify a CNP transaction involves the use of Card Security Codes (CSC). CSCs are typically the 3 digital numbers (near the cardholder signature field) present on the back of most Discover, Mastercard, and Visa Cards. Entering the card security code during a transaction allows the system to verify that despite the remote order, the shopper is still in possession of a valid physical card.
  • Adhere to PCI Compliance: Ensuring proper PCI compliance is another way to minimize the volume of fraudulent sales. By conducting customer transactions over secure servers on a PCI-compliant system, the merchant can minimize the risk of customer data being compromised.
  • One Time Password (OTP): Customer will receive a Time Password before performing any transaction. The transaction is succeeded only upon valid OTP entry.