Skip to content
Customer registry supporting Know Your Customer (KYC), Customer Identification Program (CIP), and OFAC checks
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
client client: regenerate, upgrade openapi-generator to 4.0.3 Jul 15, 2019
cmd/server cmd/server: only read VAULT_SERVER_TOKEN not VAULT_TOKEN and fixup re… Jun 19, 2019
testdata cmd/server: test document (file) upload and retrieval route May 28, 2019
.codecov.yml
.gitignore cmd/server: test document (file) upload and retrieval route May 28, 2019
.travis.yml build: setup TravisCI releases after project rename May 16, 2019
CHANGELOG.md
Dockerfile cmd/server: add initial HTTP server and Docker image May 9, 2019
LICENSE Initial commit May 9, 2019
README.md docs: update docs.moov.io links after design refresh Jul 1, 2019
go.mod build: update github.com/prometheus/client_golang to v1.0.0 Jun 19, 2019
go.sum build: update github.com/prometheus/client_golang to v1.0.0 Jun 19, 2019
makefile client: regenerate, upgrade openapi-generator to 4.0.3 Jul 15, 2019
openapi-generator client: setup code generation May 13, 2019
openapi.yaml cmd/server: misc notes and small TODO items Jun 11, 2019
renovate.json cmd/server: add initial HTTP server and Docker image May 9, 2019
version.go bump version for dev Jun 21, 2019

README.md

moov-io/customers

GoDoc Build Status Coverage Status Go Report Card Apache 2 licensed

The Customers project focuses on solving authentic identification of humans who are legally able to hold and transfer currency within the US. Primarily this project solves Know Your Customer (KYC), Customer Identification Program (CIP), Office of Foreign Asset Control (OFAC) checks and verification workflows to comply with US federal law and ensure authentic transfers. Also, Customers has an objective to be a service for detailed due diligence on individuals and companies for Financial Institutions and services in a modernized and extensible way.

Docs: docs.moov.io | api docs

Project Status

Moov Customers is under active development, so please star the project if you are interested in its progress. We are developing an extensible HTTP API for interactions along with an OpenAPI specification file for generating clients for integration projects.

Deployment

You can download our docker image moov/customers from Docker Hub or use this repository. No configuration is required to serve on :8087 and metrics at :9097/metrics in Prometheus format.

Configuration

The following environmental variables can be set to configure behavior in Accounts.

Environmental Variable Description Default
OFAC_ENDPOINT HTTP address for OFAC interaction, defaults to Kubernetes inside clusters and local dev otherwise. Kubernetes DNS
OFAC_MATCH_THRESHOLD Percent match against OFAC data that's required for paygate to block a transaction. 0.90
SQLITE_DB_PATH Local filepath location for the paygate SQLite database. customers.db

Document Storage

The following environment variables control which backend service is initialized for Document persistence. These all follow a similar "blob storage" API provided by a library that Google build and maintains.

  • BUCKET_NAME: The name of the bucket to use. Must be created outside of Customers if using a cloud provider. Make sure proper access and encryption controls are setup on this bucket to prevent exposure or unauthorized access. Example: ./storage/ (For file type backends)
  • CLOUD_PROVIDER: Provider name which determines which of the following environmental variables are used to initialize Customer's persistence.
AWS S3 Storage

For more information see the Go Cloud Development Kit docs for s3blob. Use CLOUD_PROVIDER=aws to read the following environmental variables:

  • AWS_REGION: Amazon region name of where the bucket exists.
  • AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY: Standard AWS access credentials used by applications.
Google Cloud Storage

For more information see the Go Cloud Development Kit docs for gcsblob. Google's auth uses the standard service account authorization when deploying services. Use CLOUD_PROVIDER=gcp to read the following environmental variables:

  • GOOGLE_APPLICATION_CREDENTIALS: A filepath to the GCP service account json file.
Local filesystem Storage

For more information see the Go Cloud Development Kit docs for fileblob. This is the default if no other provider is specified. Use CLOUD_PROVIDER=file to read the following environmental variables:

  • FILEBLOB_BASE_URL: A filepath for storage on local disk. (Default: ./storage/)
  • FILEBLOB_HMAC_SECRET: HMAC secret value used to sign URLs. You MUST change this for production usage! (Default: secret)

Social Security Number (SSN) Storage

  • CLOUD_PROVIDER: Provider name which determines which of the following environmental variables are used to initialize Customer's persistence.
Local storage
  • SECRETS_LOCAL_BASE64_KEY: A base64 encoded key used to encrypt and decrypt secrets in memory. This value needs to look like base64key://value where value is a 32 byte random key.
Google Cloud Storage
  • SECRETS_GCP_KEY_RESOURCE_ID: A Google Cloud resource ID used to interact with their Key Management Service (KMS). This value has the form projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY and their documentation has more details.
Vault storage
  • VAULT_SERVER_TOKEN: A Vault generated value used to authenticate. See the Hashicorp Vault documentation for more details.
  • VAULT_SERVER_URL: A URL for accessing the vault instance. In production environments this should be an HTTPS (TLS) secured connection.

Customer Approval

Currently approval of Customers is represented by the status field of a Customer and can have the following values: Deceased, Rejected, None (Default), ReviewRequired, KYC, OFAC, and CIP. These values can only be changed via the "admin" endpoints exposed in Customers. Admin endpoints are served from Customer's admin port (9097). Approvals (updates to a Customer status) can only be done manually, but we are aiming for automated approval. In order for a Customer to be approved into OFAC or higher there must be an OFAC search performed without positive matches and CIP requires a valid Social Security Number (SSN).

Getting Help

channel info
Project Documentation Our project documentation available online.
Google Group moov-users The Moov users Google group is for contributors other people contributing to the Moov project. You can join them without a google account by sending an email to moov-users+subscribe@googlegroups.com. After receiving the join-request message, you can simply reply to that to confirm the subscription.
Twitter @moov_io You can follow Moov.IO's Twitter feed to get updates on our project(s). You can also tweet us questions or just share blogs or stories.
GitHub Issue If you are able to reproduce an problem please open a GitHub Issue under the specific project that caused the error.
moov-io slack Join our slack channel (#customers) to have an interactive discussion about the development of the project. Request an invite to the slack channel

Contributing

Yes please! Please review our Contributing guide and Code of Conduct to get started!

Note: This project uses Go Modules, which requires Go 1.11 or higher, but we ship the vendor directory in our repository.

License

Apache License 2.0 See LICENSE for details.

You can’t perform that action at this time.