masaruk Logo

Risks & Mitigations

Major risks and mitigation strategies for the MASARUK platform

1. Purpose

This document identifies the major risks that could affect MASARUK across development, deployment, operations, scalability, data integrity, financial flows, and user experience. Each risk includes a description, impact, likelihood, and mitigation plan.

2. Risk Classification

CategoryExamples
Technical RisksSystem crashes, database corruption, bugs, API failures
Operational RisksMisconfigurations, downtime, insufficient monitoring
Security RisksSQL injection, XSS, unauthorized access
Data RisksData loss, inconsistent records, incorrect status transitions
Financial RisksWrong tax calculations, payment failures, fraud
UX/Functional RisksBroken flows, inconsistent Arabic labels, booking failures
Third-Party RisksPayment gateway downtime, SMS/email failures
Compliance RisksPCI issues, identity handling mistakes

3. Technical Risks

3.1Backend Scaling Issues

Description: High traffic during peak travel seasons may overload Node.js, DB, or queues

Impact: Slow booking flows, payment delays, user drop-offs

Likelihood: Medium

Mitigation:

  • Load testing (k6/JMeter) before release
  • Horizontal scaling (multiple app servers)
  • Redis caching for heavy endpoints
  • Optimize DB indexes

3.2Database Locking / Deadlocks

Description: High concurrency in bookings, payment_transactions, or reports can cause DB lock contention

Impact: Failed bookings, duplicated transactions

Likelihood: Medium

Mitigation:

  • Use transactions properly
  • Add indexes
  • Avoid long-running queries
  • Background job isolation
  • Implement retry logic

3.3API Downtime

Description: Bugs or deployment issues may cause temporary API unavailability

Impact: Unable to book, login, or browse trips

Mitigation:

  • Blue/Green deployment
  • Health checks
  • Auto restarts
  • Rollback strategy defined

4. Operational Risks

4.1Incorrect Environment Configurations

Description: Wrong API keys, payment modes (test/live), or URLs

Impact: Failed payments, inconsistent behavior between DEV/STG/PROD

Mitigation:

  • Environment config checklist
  • Secrets vault
  • CI/CD pipeline enforcing validation

4.2Insufficient Monitoring

Description: Missing alerts for outages or slow performance

Impact: Downtime unnoticed → revenue loss

Mitigation:

  • Sentry + UptimeRobot + server alerts
  • Monitor payment callbacks
  • Alert on queue failures
  • Daily reporting dashboard

4.3Backup Failures

Description: Backups may fail silently

Impact: Complete data loss risk

Mitigation:

  • Automated backup monitoring
  • Quarterly restore testing
  • Multiple backup locations

5. Security Risks

5.1SQL Injection / XSS

Description: Improper input validation

Impact: Data breach, unauthorized access

Mitigation:

  • Parameterized queries
  • Input sanitization
  • Security testing

5.2Unauthorized Access

Description: Weak authentication or RBAC bypass

Impact: Data exposure, fraud

Mitigation:

  • Token-based auth
  • RBAC enforcement
  • Regular audits

5.3Payment Data Exposure

Description: Storing card data improperly

Impact: PCI violation, legal issues

Mitigation:

  • Payment handled by gateway only
  • No card data stored
  • HTTPS everywhere

6. Financial Risks

6.1Incorrect VAT Calculation

Description: 15% vs 20% discrepancy found in screens

Impact: Legal/accounting issues

Mitigation:

  • Confirm VAT rate with product owner
  • Single source of truth for tax rates

6.2Payment Callback Failures

Description: Gateway callback not reaching server

Impact: Orphaned payments, missing bookings

Mitigation:

  • Retry mechanisms
  • Payment status polling
  • Admin reconciliation tools

6.3Duplicate Transactions

Description: User clicks pay multiple times

Impact: Double charges, refund overhead

Mitigation:

  • Idempotency keys
  • Debounce on frontend
  • Transaction deduplication

7. Third-Party Risks

7.1Payment Gateway Downtime

Description: HyperPay/STC Pay unavailable

Impact: Cannot complete bookings

Mitigation:

  • Multiple gateway fallback (if possible)
  • Graceful error messages
  • Retry queue

7.2SMS/Email Provider Failure

Description: OTP or confirmation not delivered

Impact: User cannot verify or receive booking

Mitigation:

  • Provider monitoring
  • Fallback provider
  • Queue retries

7.3Maps API Quota Exceeded

Description: Google Maps rate limit hit

Impact: Trip locations not displayed

Mitigation:

  • Cache map data
  • Monitor API usage
  • Graceful fallback