iSarif Ecommerce (Pvt) Ltd General Policy Documents

Transaction Security
3D Security
3D security is main part of our Risk management policy. There are three dimensions from where our whole transactional system will be secured and there is no room for threat and vulnerability.3D security mean. 3D security even considers the opportunity behind the potential attacks and Support technical controls with appropriate policies, procedures and training. Our 3D security overcome all of following threats

Physical threats Electronic threats Technical failures Infrastructure failures Human error

A. Proactive Monitoring
1. KYC scams

(Know your customer), Scan merchants for all kind of vulnerabilities of

To ensure that our merchants and customers are legitimate and real we develop KYC policy. In this way risk of fake customers is secured. We identify our merchants or customers by using reliable and independent documents. In this way no merchant or customer misuse our services. We pertain following points for KYC policy.

Acceptation of merchants:- Merchants have to accept our KYC policy and fill
prescribed form for opening account

Identification of merchants:- Merchants are identified and verified through

Phone call Physical location identification Referrals Websites CNIC Passports Licenses SECP registrations Monitoring of merchants:- Merchant accounts and transaction on our site is classified and monitored in term of risk. Any unusual activity is monitored. Any suspicious behavior can be monitored and reviewed properly Its Isarif policy to work with legitimized business to work with, Govt, and registered private entities and KYC policy ensure this. 3. Only legal goods and services can be rendered through system Page 1 of 10

iSarif Ecommerce (Pvt) Ltd General Policy Documents

Warranties, Liabilities and Disclaimers:

1. Customer understands and accepts that it is strictly forbidden to make use of the ISARIF Ecommerce Ltd Service in order to pay for illegal material as well as illegal downloads or any other goods and services infringing intellectual property rights of a third party and/or any illegal purpose or criminal activity of any nature. ISARIF Ecommerce Ltd will report any suspicious account activity to the relevant law enforcement authority. ISARIF Ecommerce Ltd reserves the right to apply at its sole discretion prevention and detection procedures and suspend accounts or refuse the execution of transactions if there are reasonable grounds to suspect that an account is being or may be used for illegal purposes. 2. It is isarif ecommerce ltd Assumption that customer is signing up for a user account only after determining that opening and maintaining such account violates no laws or regulations in their respective country and jurisdiction. Customer warrants that he/she is not violating any law or regulation by his/her use of isarif ecommerce ltd and customer indemnifies isarif ecommerce ltd. For any and all liability that might arise from his/her use of isarif ecommerce ltd service. 3. ISARIF Ecommerce Ltd shall make reasonable efforts to ensure that all transactions are processed in a timely manner. However, ISARIF Ecommerce Ltd. makes no representations regarding the amount of time needed to complete processing, nor shall ISARIF Ecommerce Ltd be liable for any actual or consequential damages arising from any claim of delay. Furthermore ISARIF Ecommerce Ltd. makes no representations or warranties as to continuous, uninterrupted or secure access to the ISARIF Ecommerce Ltd service, which may be affected by factors outside of ISARIF Ecommerce Ltd control, or may be subject to periodic testing, repair, upgrade or maintenance. 4. ISARIF Ecommerce Ltd. shall in no way, and under no circumstances, be liable for any damages or losses, including without limitation, direct, indirect, consequential, special, incidental or punitive damages deemed or alleged to have resulted from or caused by but not limited to the following scenarios: 4.1. Payments made to unintended recipients or payments made in incorrect amounts due to the input of incorrect information by Customer. 4.2. Payment made by a third party who passes all identity and verification checks. 4.3. Any fraud, deception or misrepresentations by Customer, whether or not the Customer is verified in any manner. 4.4. Any fraud, deception or misrepresentations by the recipient. 4.5. Any damages resulting from a recipient's decision not to accept a payment made through ISARIF Ecommerce Ltd. . 4.6. Any errors or omissions in the website content. 4.7. The misuse of the web site content or the inability of any person to use the site. 4.8. Delays, losses, errors, or omissions resulting from failure of any telecommunications or any other data transmission system and the failure of the central computer system or any part thereof. Page 2 of 10

iSarif Ecommerce (Pvt) Ltd General Policy Documents 4.9. Any results of any acts of Government or authority, any act of God or force majeure. 5. ISARIF Ecommerce Ltd. 's service is limited to providing Customer with a payment facility and does not ensure the quality, safety or legality of the transaction Customer is undertaking. ISARIF Ecommerce Ltd. does not have any responsibility for any goods or services for which Customer pays using the ISARIF Ecommerce Ltd service and will not be liable for any charges, taxes or other duties in relation to such goods or services. 6. Customer agrees to release, indemnify, and hold ISARIF Ecommerce Ltd harmless against any claim brought against ISARIF Ecommerce Ltd. by a third party resulting from Customer's use of ISARIF Ecommerce Ltd payment services in respect of all losses, actions, proceedings, claims, damages, expenses or liabilities whatsoever suffered and howsoever incurred by ISARIF Ecommerce Ltd in consequence of Customers non observance or breach of these terms and conditions.

Anti Money laundering policy

ISARIF IS IN COMPLIANCE WITH LEGAL ARRANGEMENTS
ISARIF introduced all the rules and procedures related to prevention of money laundering. ISARIF has got general policies against money laundering and terrorist financing. The following standards and duties are considered to be minimum requirements for ISARIF Ecommerce Ltd. . 1. Know Your Customer and Due Diligence For each Person and/or Legal entity want to use all the advantages of our system should hold an ISARIF certified account. All persons and legal entities should have "Identity Verified" by ISARIF Ecommerce Ltd 2. Monitoring ISARIF will monitor any unusual or suspicious transactions or activities. 3. Record keeping ISARIF will keep Records of all documents obtained for the purpose of identification and all transaction data as well as other information related to money laundering matters in accordance with the applicable anti-money laundering laws/regulations. All records must be kept for at least 5 years.

Page 3 of 10

iSarif Ecommerce (Pvt) Ltd General Policy Documents

Privacy Policy
You accept this Privacy Policy when you sign up for or use our products, services or any other features, technologies or functionalities offered by us on our website, application or through any other means (collectively the iSarif Services"). If you open an account or use the ISarif Services, we may collect the following types of information: Contact information - your name, address, phone, email, Skype ID and other similar information. Financial information - the full bank account numbers that you link to your ISarif account or give us when you use the ISarif Services. We may also obtain information about you from third parties such as Security and Exchange commission of Pakistan, NADRA etc. Our primary purpose in collecting personal information is to provide you with a secure, smooth, efficient, and customized experience. We may use your personal information to: provide the iSarif Services and customer support you request; process transactions and send notices about your transactions resolve disputes, collect fees, and troubleshoot problems; prevent potentially prohibited or illegal activities, and enforce our User Agreement; customize, measure, and improve the iSarif Services and the content and layout of our website and applications; deliver targeted marketing, service update notices, and promotional offers based on your communication preferences; Compare information for accuracy and verify it with third parties. We don't sell or rent your personal information to third parties for their marketing purposes without your explicit consent. To process your payments, we may share some of your personal information with the person or company that you are paying or that is paying you Regardless, we will not disclose your bank account number to anyone you have paid or who has paid you through ISarif or with the third parties that offer or use the ISarif Services, except with your express permission or if we are required to do so to comply with banking requirements, subpoena or other legal process. We may share your personal information with: Service providers under contract who help with parts of our business operations such as fraud prevention, bill collection, marketing and technology services Companies that we plan to merge with or be acquired by Law enforcement, government officials
Take key points from privacy policy doc and put it here.

Page 4 of 10

iSarif Ecommerce (Pvt) Ltd General Policy Documents

B. Technical i) Bank side

1. Transactions on banks server, with complete bank control, in complete compliance of banking security rules. Most Modern online payment system, most secure, least number of errors and no go-between (3rd party) payment clearing servers like visa or master card. This minimize charge back and fraudulent activity.
You can explain old and new payment mechanisms and what was problem with old one and why they became ineffective and what Is new with modern maethod

2. Transactions first authorized then captured after delay of 48 hours, giving enough time to bank to resolve problem if there is. 3. Take security money with respect to ratio of charge back. You can explain how it is being used in different countries and how it has avoided charge backs etc

4. Standard Banking Portal 128 encryption, Secure Socket Layer, and RSA security OTP and E-token system to excess info for support staff and software improvements. Banking software has already built-in this kind modules, sop mechanisms, least required modifications. Security control

4. Double checks by dedicated team to avoid any fraudulent activity

ii) Isarif side

Charge back control
Ensure that you issue an email transaction receipt, or a payment confirmation via Isarif for each transaction and that you deal with any replies properly and promptly. Provide the customer with all contact details Supply as much information as possible when we receive a Request for Information Keep good records of all transactions, including copies of the web site pages the shopper has seen, invoices, refunds processed and delivery details Establish and display a comprehensive refund/returns policy, which customer must confirm they have read and understand before you accept their transaction The refund/returns policy should be proactive in dealing promptly and properly with all customer disputes

Page 5 of 10

iSarif Ecommerce (Pvt) Ltd General Policy Documents Establish and display a comprehensive privacy policy to reassure customer when they provide personal data Offer free telephone customer service as it can help preserve sales and increase the relationship you have with our customer Provide "Email Customer Service" so customer can ask questions online. For customer service by email you are required to have a standard response and time frame for responding to a customer query. Do not dispatch goods by whatever means (including online delivery) to a third party address (that is, an address other than the cardholder's address); this is considered very high risk. Deliver goods/services on a timely basis and advise customer when they can expect delivery. Notify the customer of any delay of delivery. Retain documentary evidence of the delivery, together with a description of the goods/services supplied, for a minimum of 12 months. Never estimate charged amounts, and be sure the customer sees the final total (including tips and other add-ons) before the account is charged. Be sure the transaction information on the receipt is legible. Ship merchandise before processing account transactions. Disclose return and refund policies clearly before a sale, and be prompt about cancelling transactions when customers request it.

Secure technologies for ISARIF server ISARIF server is behind state of the art security firewalls to ensure maximum protection of our customer's details. This guarantees that our information is inaccessible to any third party. ISARIF uses industry-standard VeriSigns 256 SSL (Secure Sockets Layer) Technology, which is used worldwide, for data encryption. ISARIF also follows strict in-house security guidelines for ensuring confidentiality of user information. ISARIF is using banks secure server for payments. Isarif is implementing Fraud Detection Engine that provides an unprecedented level of risk detection that can help us to convert more valid orders automatically and reduces both expenses and potential chargeback losses. The robust risk management tools and fraud filters listed below help control risk effectively: 1) Risk Management Rules and Parameters 2) Negative Files 3) Risk Management Queries, thereby making ecommerce transactions safe and confidential.

Page 6 of 10

iSarif Ecommerce (Pvt) Ltd General Policy Documents Software made by internationally and experienced software companies. Shopping cart by Phpprobid UK based companies and payment software by PCI compliant software makers like Iconfsd. Password security, general internet security and privacy guidelines for users

Customer / merchant end security recommendation

We educate or customer / merchant from these safeties to be practiced while transacting with us. In this way we have much less chances of any mishaps

Antivirus & Firewall Software

Make sure your computer has the most current Antivirus & Firewall software. Antivirus & Firewall software need frequent updates to guard against new viruses. Make sure you download the Antivirus & Firewall updates as soon as you are notified that a download is available. Failure to do so may lead your PC vulnerable to attack.

Emails
Be alert for scam emails. These may appear to come from a trusted business or friend, but actually are designed to trick you into downloading a virus or jumping to a fraudulent website and disclosing sensitive information. Don't reply to any email that requests your personal information. Be very suspicious of any business or person who asks for your password or other highly sensitive information. Open emails only when you know the sender. Be careful about opening an email with an attachment. Even a friend may accidentally send an email with a virus. Be careful before you click on a link that is contained in an email or other message as it may not be trustworthy. Do not send sensitive personal or financial information unless it is SSL encrypted on a secure website as regular emails are not encrypted. Protect your identity theft by using encryption on your Wi-Fi network.

Password
Use strong passwords or PINs for your Internet accounts. Choose passwords that are difficult for others to guess. Use both letters and numbers and a combination of lower case and capital letters if the passwords or PINs are case sensitive. Use a different password for each of your accounts. Ensure that you change your passwords & PINs regularly at least once a month. For maximum security, we would advise you to memorize your PINs or passwords, keep it secret.

Here you can explain about our dedication for keeping up-to-date

Page 7 of 10

iSarif Ecommerce (Pvt) Ltd General Policy Documents

Consumer service compliance

1. Educating consumer about his rights in cooperation with customer-right-protection organization

We are in compliance with The Network for Consumer Protection Consumers Association of Pakistan Consumer Rights Commission of Pakistan (CRCP) Directorate of provincial consumer protection council
Write down about the above said organizations and our plans to work together with them to empower customer

Company policy to spend 20% of revenue to software security software development

Goods delivery confirmation by third party like Courier services to avoid any confusion if goods delivered or not. Insured courier services We are going to integrated with courier service and every delivery is insured and in case of accidental loss immediately it was redelivered to customer so that no issue is created. Money goes in escrow in case of dispute until resolved. When both parties verify

the transaction has been completed per terms set, the money is released. If at any point there is a dispute between the parties in the transaction, the process moves along to dispute 2resolution. The outcome of the dispute resolution process will decide what happens to money in escrow.

Elaborate this

3. 24/7 hotline, ticket system to resolve problems in timely manner, Elaborate this

C. Dispute resolution and Refund Policy

Refund will only be issued after item is returned. Buyer can request the refund and ask for return of products when getting from courier company representative, buyer will only shoulder courier cost and refund will be issued to buyer after goods have been received but if refund and return request is made after few days then warranty and guarantee documents of that Page 8 of 10

iSarif Ecommerce (Pvt) Ltd General Policy Documents product will govern the procedure and cost but buyer will have to pay for any reshipping of goods. Goods must be returned to the place from where they were initially dispatched and same is true for seller name info. Seller must be notified electronically through message board prior to shipping an item and expecting to be reimbursed. However if goods are to be returned right after opening the box when courier representative shows up then products can be returned without noticing the seller. For each item, there will be two options available depending upon the seller. Some sellers may pay for shipping items, while others may require buyer to pay the shipping cost, but it will be clearly known to buyer during shopping process that who pays for shipping. Funds will only be refunded in the funding option that was initially used to make payment for purchase. Buyer pay reshipping fee if products not received due to wrong address or courier guy went to deliver but nobody received. Goods are to be carried by Courier Company, buyer opens it and checks it and if find problem then give back to courier guy. No fine need to pay and refund will be 100% of product price but shipping cost will be deducted. Products are to be sent to seller through pre-approved courier companies only.

Volume of transactions
1. Compact population, city sizes and % of population 2. Demographics of society (age groups using computer) 3. Demographics far away in distances, companies need to render their goods and services at far distances, payment problem 4. Expand horizon of bank and give account holders one more reason to have net-banking account. 5. Scope/ Possible list of clients (govt, private registered entities, smes) expand it as much as possible to tell them that how much scope we have. 6. Lump sum # of transactions per year. Even if we dont meet the target, we will pay for those number of transactions. 7. Two kinds of sellers, Verified sellers (govt and secp registered entities) and others unverified, they will be able to list their item but will not be able to use payment system. It is upto buyer, if buyer trust them then buyer pays directly to their bank account or any other mechanism they want to be paid to. Isarif has nothing to do with them. But this does encourage legal businesses as verified seller will have high trust level among buyers. Page 9 of 10

iSarif Ecommerce (Pvt) Ltd General Policy Documents

Page 10 of 10