| Data Management | |
|---|---|
| User Data and PCI compliance | Ensure end-user safety and secured personal data where applicable e.g., KYC personal data is stored and managed appropriately. |
| Regulatory | |
| Sanctions | Must remain compliant with specific countries and/or states jurisdictions where ramp services are restricted. Should have a description of rules on UI governing the services offered in each region |
| Licensing | CICO doesn't have the appropriate license and is flagged by regulators |
| Fraud and AML | |
| Risk Controls | Proper Controls in place to combat fraud and operational risks both internally and externally of the organization e.g, mass credit card chargebacks, wash trading |
| Security | |
| IT Security | Penetration Testing e.g., attacks on server side, front end, encryption of user data, cookie settings |
| Customer Support | |
|---|---|
| User Assistance | 24-48 Hour SLA for Customer Service Support, Accessible Support Channels (Email, Discord, Telegram, etc.) |
| Communication and Documentation | |
| Documentation & FAQ | The primary website for the CICO provider has at least 2 communication support channels (Email, Discord, Telegram, etc.); documentation section accurately reflects the Celo assets currently available for residents in the country or state where the provider is licensed to operate and offers crypto payment services. Provider’s primary website has a webpage that lists their Terms & Conditions (Valora T&C as an example). |
| UX Standards | Pass | Who is testing? |
|---|---|---|
| Exchange Rate | < 2% | Valora team |
| Total fees (+ exchange rate) | < 5% | Valora team |
| Quoted fees/rates honored | 100% | CTW testing |
| Payment completion time | Customers should be able to receive their fiat payment or crypto payment within 48 hours - At least 80% of qualifying on-ramp transactions - At least 95% of qualifying off-ramp transactions * Qualifying transactions are orders that are successfully completed post KYC from customers and have received approval of payment (e.g., bank approval for on-ramping) We will also exclude: Insufficient funds, incorrect account details, KYC or AML rejection… | CTW testing |
| Standards | Pass | Who is testing? |
|---|---|---|
| API uptime | > 95% | Valora team |
| Success Rates | >95% of Transfers Completed Successfully. Not counting users denied a transfer due to expected reasons (such as insufficient funds, incorrect account details, KYC or AML rejection, or max cash in/out amounts exceeded) Also not counting users who drop off organically | Valora team |
| Latency | p75 response time < 1s | Valora team |
| Unexpected Errors | <1% of 404 or 500 errors across each endpoint (server problems - shouldn’t happen) | Valora team |
| Test Environment | Functioning test-net environment (Alfajores) |
| Endpoints | Pass | Who is testing? |
|---|---|---|
| Clock sync | - GET /clock Returns current server time to client formatted as an ISO 8601 DateTime string | Valora team |
| Authentication | - POST /auth/login responsible for verifying signed messages sent by clients, creating and authenticating a user's session, and returning session cookies. Note that the Sign-In With Ethereum standard, and FiatConnect, support authorization for externally owned accounts (EOAs) and contract-owned accounts; The POST /auth/login endpoint MUST honor login requests for EOAs, and MAY support smart contract-owned accounts as well | Valora team |
| Quote | - POST /quote/in retrieve quotes used for transfers in to crypto from fiat currencies. In addition to returning quote information, it also returns the permissable types of KYC that a user must have on file to initiate the corresponding transfer, as well as the fiat account types that are allowed to be used for the transfer. - POST /quote/out retrieves quotes used for transfers out from crypto to fiat currencies. | Valora team |
| Transfer | - GET /transfer/:transferId/status auto vs manual transfer process may vary per CICO - POST /transfer/in initiates a new transfer in from fiat to crypto. - POST /transfer/out initiates a new transfer out from crypto to fiat. | Valora team |
| kycSchema | - POST /kyc/:kycSchema allows a client to provide KYC data of a particular schema to the server for verification. - GET /kyc/:kycSchema/status used to query the status of an ongoing, completed, or expired KYC verification for a particular KYC schema type. Note that these statuses MUST also be made available via webhook, if configured by the client. - DELETE /kyc/:kycSchema deletes a KYC record for a particular KYC schema. | Valora team |
| Accounts | - POST /accounts stores a new fiat account on file with the server. - GET /accounts returns a list of all fiat accounts on file for a user. - DELETE /accounts/:fiatAccountId deletes a user's fiat account from the server. | Valora team |