Professional Documents
Culture Documents
Contents
Confidential Page | 1
Nepal Electronic Payment Systems
Ltd. Request for Proposal 2017
1. Introduction
Nepal Electronic Payment Systems Ltd (NEPS) is a company promoted by commercial banks of Nepal,
with 15 financial institutions of Nepal as investors currently, who have joined hands together to form a
single platform to fulfill all their electronic payments solutions. NEPS has been incorporated as a public
limited company under company act 2063. NEPS is currently live with 9 financial institutions and
working with more banks to bring it into its hosting solution.
All the banks associated with NEPS want to provide secure online payment solution to its cardholder and
seeking a common solution from NEPS on this regard.
A request for proposal is sought from the interested vendor to provide Access Control Server and
solution for 3D secure online payment to the member banks of NEPS as an outsourced service.
The Proposal by the supplier should contain documentation for substantiation of the eligibility.
2. Eligibility Criteria
2.1 A Service Provider or agent on behalf of the service provider who can operate and outsource 3D
secure solution are eligible to apply.
2.2 The Service Provider must have license from Visa & MasterCard and must be able to get license
from UPI whenever there is a need for NEPS or its member banks to provide ACS and 3-D services
to UPI Cards.
2.3 The Service Provider must demonstrate that its solutions have been implemented and is capable of
providing outsourcing services.
2.4 The Service Provider should be able to demonstrate that its services are PA-DSS and PCI-DSS
compliant.
2.5 The Service Provider should be compliant to technical specification requirement as per section
‘3’and submit documentation to substantiate the same wherever is necessary
Please Note:
Confidential Page | 2
Nepal Electronic Payment Systems
Ltd. Request for Proposal 2017
3. Technical requirement
S. N. Requirements Available- Y
Not Available- N
Customization- C
Solution capabilities
1 Solution must support multi-institutions for all of the services offered by
NEPS to its Member Banks.
2 Solution should support 3-D Secure functionality for VISA and MasterCard
branded cards and also must support UPI cards whenever NEPS or its
member banks are ready for UPI.
3 If required, solutions must be able to interface with NEPS switch for data
upload.
4 The 3-D Secure product must support multiple authentication methods
including password, OTP, mobile tokens, etc.
5 Different authentication method must be supported based on BINs, Card
Products, etc.
6 Once used or expired, a different OTP should be generated and sent for
next transaction
7 Expiration of the OTP should be configurable based on BINs, Card
Products, etc.
8 In case of OTP generation or delivery failure, the solutions must have an
option to "resend OTP".
9 Solution should support dynamic authentication which is user, location
and device context based i.e. based on the profile, transaction history of
the user and incoming transaction parameters – the device from which the
request is coming, the location from which the request is made, user
should be challenged with appropriate authentication level.
10 All configuration parameters should be maintained in the database with
configurable maker-checker functionality for making changes.
11 Capability to maintain comprehensive Audit logs of user access to defined
resources.
12 Should support session time outs, connection time outs, account locking
after number of failed attempts etc.
13 The service provider must agree to maintain the system performance
standard as described by the payment card brand.
14 Inbuilt features for Customized reporting based on configurable
parameters (Like user, time etc.).
15 The solution should be browser and OS independent.
16 IPv6 Readiness: The bidder shall ensure that the entire Two Factor
Authentication Solution including hardware and software are IPV6
compatible and shall ensure the readiness as per the roadmap for IPv6
deployment at no extra cost to NEPS.
Confidential Page | 3
Nepal Electronic Payment Systems
Ltd. Request for Proposal 2017
Confidential Page | 4
Nepal Electronic Payment Systems
Ltd. Request for Proposal 2017
Compliance
30 The Service Provider should comply with industry standards of security
such as, but not limited to, Payment Card Industry Data Security Standard
(PCI DSS) without any additional cost to the NEPS
31 The solution should be in compliance with Central Bank of
Nepal/Government of Nepal/other payments system authority guidelines
32 NEPS may conducts IS audit periodically and vulnerability found during the
audit should be removed by solution provider promptly without any
additional cost
33 Solution provider should submit a proof of audit certifications of PCI/ISO
27001/SAS 70 Audits stating that the solution/product/infrastructure
proposed for additional authentication/ validation based on information
not visible on the cards for all on-line card not present transactions has
gone through audit. Also the solution has undergone third party
penetration testing / ethical hacking tests
34 If the vendor Data Center has ever been compromised. the vendor to
provide the details about the compromise along with subsequent
certificates from Networks & PCI-DSS
35 OEM PCI certification should not have been revoked within last two years
36 The cardholder data should be stored securely in the database. State how
is this achieved and is it compliant with PCIDSS
37 Bidder should have a comprehensive Information Security plan, which
should also cover physical access to bidders/OEM’s systems at the data
center. The solution provider must submit its operation manual on security
and access to the system.
Uptime
38 Bidder should have uptime of 99.5%
Support
39 System installation, configuration and customization
40 Solution provider has to provide necessary support for Testing and provide
training & documentations but not limited to system user manual, data
dictionary etc.
41 Solution provider should provide implementation and on-going support
42 The selected solution provider must constitute a Project Management
Team within two weeks of placement of order for Implementation of
Access Control Server (ACS) and Registration Server for customer
enrolment and authentication
43 To deploy the application as well as servers required for implementing the
solution on real time basis at Bidder’s secure Processing Centre.
44 To provide all integration and implementation support for connectivity and
data transfers between the NEPS and the Solution provider service center
45 Solution provider must implement on-going software maintenance
updates including card network mandated updates and changes.
Confidential Page | 5
Nepal Electronic Payment Systems
Ltd. Request for Proposal 2017
4. Price Quotations
Confidential Page | 6
Nepal Electronic Payment Systems
Ltd. Request for Proposal 2017
6. General Conditions
6.1 NEPS reserves the rights to accept or reject or negotiate on any quotation(s) or any quoted price
in full or in part without assigning any reason whatsoever.
6.2 The offers containing unauthenticated erasures or alterations will not be considered. Therefore,
there should be no unauthenticated hand written material, corrections or alterations in the
offer. If such unauthenticated erasures or alterations are present these should be initialed by
the person or persons authorized for signing the bid. Any deviation may lead to the
rejection of the bid.
6.3 The Bidder shall bear all costs associated with the preparation and submission of its bid and
NEPS will in no case be responsible or liable for these costs, regardless of the conduct or
outcome of the bidding process.
6.4 The bid prepared by the Bidder, all correspondence and documents relating to the bid
exchanged by the Bidder and the NEPS shall be written in English.
6.5 Bids must be received by the NEPS at the address specified not later than the time and date
specified.
6.6 In the event of the specified date for the submission of Bids being declared a holiday for the
NEPS, the bids will be received up to the appointed time on the next working day.
6.7 The NEPS may, at its discretion, extend the deadline for submission of Bids by amending the
bidding document, in which case all rights and obligations of the NEPS and Bidders previously
subject to the deadline will thereafter be subject to the deadline as extended.
6.8 Any bid received by the NEPS after the deadline for submission of bids prescribed by the
NEPS, in Invitation for Bid, will be rejected and returned unopened to the Bidder.
6.9 Bidder should observe the highest standard of ethics during the process of bidding, and
execution of the contract.
6.10 Dispute or differences, if any, arising between NEPS and the bidder from misconstruing the
meaning and operation of Bid process will be resolved amicably.
7. Submission of Offer:
The interested bidder should submit the proposal on or before the bid submission date duly sealed in
the attention of:
Bid submission last entry date: March 5th, 2017 by 4:00 pm.
The envelope should be clearly marked as “Response to RFP for online 3D secure transaction”.
Confidential Page | 7
Nepal Electronic Payment Systems
Ltd. Request for Proposal 2017
The bids should be typed or written in indelible ink and shall be signed by the person with authorization
to submit the bid along with the company stamp on every page of the bid. Any amendments, erasures,
overwriting will be validated by putting the initials.
Any bid received after the deadline of the submission of the bids will be rejected by NEPS.
NEPS reserves the right to reject the bids for not confirming to above.
8. Bid Guarantee
The interested bidder should submit a Bid Guarantee of NPR 400,000 in the form of Cash or Bank
Guarantee from Class ‘A’ financial Institution of Nepal in favor of Nepal Electronic Payment Systems
Limited valid for six months.
Nepal Electronic Payment Systems will return the Cash/Bank Guarantee to the unsuccessful bidder/s
within 30 days from the opening of the BID. The successful bidder may have to provide performance
bond valid for one year or renew the bid guarantee for additional one year, within three weeks of the
receipt of purchase order. NEPS can invoke the bid guarantee or performance bond any time the bidder
fails to act in accordance of the purchase order or the contract.
All the Bids will be scrutinized for to check if they are complete or if the bids have any
errors/discrepancies and whether the items are quoted as per requirements. NEPS will further check if
the bidder is eligible in terms of eligibility criteria set in the RFP. NEPS may at its own discretion, waive
minor deviations/irregularities in a bid which shall be conclusive and binding to all the bidders.
NEPS reserves the right to accept or reject any or all offers and/or cancel the bidding process without
assigning any reason thereof without incurring liability to the affected bidder. Any decision of NEPS shall
be final, conclusive and binding to the bidders. NEPS also shall have no obligation on its part to inform
the bidders the ground for the action. NEPS will further have no obligation to acquire any or all of the
items proposed and no contractual obligation whatsoever shall arise from the RFP process unless and
until a formal contract is signed and executed by duly authorized officials of NEPS and the bidder.
NEPS will have its own internal evaluation process which will not be disclosed to the bidders to
technically and commercially evaluate all the eligible bids. During technical evaluation, if it is found that
the bidder has not indicated any component/module or item which is required for the implementation
Confidential Page | 8
Nepal Electronic Payment Systems
Ltd. Request for Proposal 2017
of the solution, the same has to be provided by the successful bidder without any additional cost to
NEPS.
NEPS will, at its sole discretion, ask some or all of the bidders for the clarification of their proposals to
assist in comparison, evaluation and scrutiny of the bids. The request for clarification will be in writing
and will have to be responded by the bidder.
NEPS can and will negotiate, with the 3 short listed bidders who have scored the highest in technical and
commercial evaluation, on the pricing and/or additional requirements. NEPS may further request site
visit of the bidder’s installation for technical evaluation which shall have to be arranged.
On the completion of selection process, NEPS will enter into agreement with selected bidder. The
agreement will be based on the bidder’s offer document with all its enclosures and modification arising
out of clarification/negotiations. NEPS reserves the right to stipulate any other documents deemed fit to
be enclosed as part of the final contract.
NEPS reserves the right to assign the contract to any of the bidder/bidders without assigning any
reasons thereof. Any decision of NEPS in this regard will be final and binding to all the parties. NEPS will
incur no liability/ contractual obligation with any or all of the bidders affected by the decision.
Note
(1) If there is a discrepancy between the unit price and the total price which is obtained by multiplying
the unit price and quantity, the unit price shall prevail, and the total price will be corrected.
(2) If there is a discrepancy between words and figures, the amount in words will prevail.
(3) All the price should be quoted in Nepalese Currency and shall be inclusive of Taxes/Duties such as
VAT, Local Development Tax, Custom Duties, and Security Tax etc. applicable in Nepal.
(4) This Price Schedule shall be duly filled, signed along with date and stamped with official seal. Bid with
Price Schedule not duly filled and without signature, date and official stamp shall be rejected and
not be considered for evaluation.
Confidential Page | 9
Nepal Electronic Payment Systems
Ltd. Request for Proposal 2017
12.1 The selected bidder fails to make delivery as per the terms and condition on the BID.
12.2 The selected bidder commits a breach of any of the terms or condition of the bid.
12.3 The bidder goes into liquidation, voluntary or otherwise.
12.4 The selected bidder fails to complete the assignment within stipulated time frame and the
extension if granted.
Confidential Page | 10