Welcome to NEXA Cards, the only crypto payments solution your business will ever need.
Sign InConnected Details:
INTERNAL RISK ASSESSMENT
NexaCards.com operates at the intersection of fintech and crypto, handling sensitive KYC data, customer funds, and global transactions. This Internal Risk Assessment outlines the major risks we face and the proactive strategies we deploy to mitigate them.
1. Data Security Risks
Risk: Unauthorized access to customer or KYC data.
Impact: Legal penalties, data breaches, trust loss.
Controls:
- AES-256 encryption for all data at rest
- TLS encryption for all data in transit
- Row-Level Security (RLS) for strict access control
- Supabase Security Advisor + real-time alerts
- Annual third-party penetration tests
2. Operational Risks
Risk: Downtime, API disruption, system failure.
Impact: Interrupted service, failed transactions.
Controls:
- High-availability cloud infrastructure
- 99.9% uptime SLAs with fallback support
- Real-time performance monitoring and alerting
- Documented incident response plan (IRP)
3. Regulatory & Compliance Risks
Risk: KYC/AML non-compliance or data regulation violations.
Impact: Fines, bans, regulatory scrutiny.
Controls:
- Fully integrated KYC/AML onboarding with manual review flags
- SOC 2 Type 2 & HIPAA compliant infrastructure
- Ongoing legal review across global jurisdictions
4. Financial Risks
Risk: Crypto volatility affecting card top-ups or balances.
Impact: Conversion loss, user complaints.
Controls:
- Pre-conversion lock-in on card funding
- Rate buffers to reduce slippage impact
- Liquidity reserves in stablecoin pairs
5. Reputation Risk
Risk: Public perception damage due to a breach or outage.
Impact: User churn, negative press.
Controls:
- 24/7 incident monitoring & response
- Crisis communication playbook in place
- Dedicated social moderation and escalation team
6. Risk Scoring Summary
| Risk Type | Likelihood | Impact | Risk Level | Confidence in Mitigation |
|---|---|---|---|---|
| Data Breach | Medium | High | High | Strong |
| Service Outage | Low | High | Medium | Strong |
| Compliance Failure | Medium | High | High | Moderate |
| Crypto Volatility | Medium | Medium | Medium | Strong |
| Reputation Risk | Low | High | Medium | Moderate |
7. Ongoing Improvements
- Quarterly internal audits of access logs & KYC systems
- Annual third-party penetration testing
- Mandatory security training for dev & support teams
- Automated checklist tracking for SOC/HIPAA readiness
8. Contact
For escalations or questions regarding this Risk Assessment:
📧 [email protected]
📞 +1(877)-770-0550