Merchant infrastructure for Bangladesh Security is operational
Security approach

Controls you can explain.

Our security approach centers on protected transmission, limited collection, controlled access and traceable operational events.

Core principles

Protect data in transit

Public website traffic is served over HTTPS with strict transport and browser security headers. Production payment interfaces should use authenticated, encrypted transport throughout.

Minimise collection

The public enquiry form asks only for business contact and project information. It must not be used to submit cardholder data, credentials or identity documents.

Limit access

Access to merchant and operational data should follow job responsibility, strong authentication and reviewable account administration.

Trace important events

Payment operations benefit from consistent references and event histories for authorisation, failure, refund and settlement follow-up.

This page describes design principles, not a claim that a particular certification or regulatory approval has already been granted.

Merchant responsibilities

Merchants remain responsible for securing their accounts, protecting integration credentials, validating webhook authenticity and following the technical and operational instructions agreed during onboarding.

Report a concern

Send suspected vulnerabilities to [email protected]. Include the affected URL, reproducible steps and impact. Do not include live cardholder data.