S/N RISKS AREAS
1. Fraudulent merchants may
be acquired or merchant
may change their line of
business without
notification.
2. Configuration of merchants
with wrong details may
lead to financial loss, delay
in problem resolution,
customer dissatisfaction.
3. Inadequate security
awareness training for web
merchants may lead poor
security implementations
and fraud.
4. Mismanagement of Data
SIM cards used for POS
deployment.
5. POS software may not be 1. Review POS software update history on the internet and
updated with latest security
patches. 2. Review sample POS machines to ensure that they all have the
6. Merchants may not sign
the WEMA merchant
agreement prior to going
live for web merchants or
POS deployment.
AUDIT STEPS
1. Evaluate the process of merchant acquisition for procedural
control adequacies against signing on of terrorists, merchants
dealing in illegal & illicit businesses.
2. Verify that there is periodic merchant monitoring to detect when
merchant changes their line of business.
3. Verify the existence of clauses in the merchant agreement to
mitigate against these.
1. Review procedural and application controls for merchant
registration.
2. Evaluate the physical and logical security for storage of
merchant details
1. Review training frequency, materials and documentations
2. Interview sample merchants to ascertain level of awareness and
effectiveness of the training.
1. Ensure that all data SIM cards are used on POS only by
evaluating the payment schedule against the schedule of SIM
cards used in POS deployments.
2. Review process of handling retrieved SIM cards from faulty or
damage POS machine.
compare with the version running on the POS machines.
latest version of software running on them.
1. Take sample merchants and verify the existence of signed
agreements.
2. Verify that the agreement has been reviewed by Legal unit.
3. Verify that the agreements are signed by authorized personnel
in merchant office.