EET for Global KYC – 2025-08-08¶
Date: 2025-08-08
Topic: First exploratory testing session for Global KYC
Duration: 1.5 hours
1. Overview¶
We conducted our first exploratory testing for the Global KYC feature.
This is still a very early version, and it requires Hydra manual approval for final decision-making.
2. Preparation¶
- Discussion: Alex and Li discussed the approach; Alex prepared the test plan showed below.
- Tools:
- Majority-cli (chosen over Postman due to reduced manual work for KYC submissions)
- Hydra (to review and verify results)
- Session Setup:
- 0.5 hours used for introducing EET, the Global KYC feature, and testing methodology.
- Participants:
- In-room: Alex, Magnus, Ozan
- Remote: Shivi, Li
- Approach: Rotated roles between observer, driver, and navigator.
3. Test Process¶
- Tested scenarios:
- Approve ✅
- Deny ❌
- Resubmit 🔄
- Non-existing country (expected fail)
- Observations:
- All functionalities worked as expected.
- Limited exploration beyond planned scenarios in this session.
4. Issues Found¶
- Address/SSN validation missing – Global users can input any address without code-level validation. This is a known issue.
- Global user visibility in Hydra – No clear indicator; must deduce from country field.
- Customer details updating – Updated customer details don't appear in correct Hydra column.
5. Next Steps¶
- Ongoing work:
- Alex continues working on address validation and SSN handling.
- Future testing ideas:
- Duplicate document number handling
- Uploading different document types or contents
- Block/unblock functionality for global users
Global user KYC test plan¶
Creating global users¶
Start by creating a non-US customer pre-KYC.
Going through KYC and ID scan validation¶
1. Start KYC¶
POST /v1/verify/start-kyc
- Get available countries
/v1/countries- Get available document types
/v2/countries/{countryCode}/document-types
2. Start ID scan validation¶
POST /v2/verify/idscan-validation
3. Upload documents¶
Get upload token
GET /v1/verify/customer-document/upload-token
Upload to Azure (include scanDocumentName, attemptId, idScanValidationId as blob index tags)
3. Submit ID scan validation - Country code, document type, source of images (Scan, ManualCamera, ManualGallery or ManualFiles)¶
PATCH /v2/verify/idscan-validation
Wait for firebase to complete gemini extraction¶
{
"kyc": {
"idScanValidation": {
"id": "7fe643c3-7308-4845-8adb-0424cb83bbd9",
"status": "Uninitiated | Completed | Failed"
},
"-OX7hZPfKVCAuFdrZVm5": {
...
}
}
}
5. Get ID scan validation result¶
GET /v2/verify/idscan-validation/{idScanValidationId}/result
Here we can test the validated response if we want to.
- Is gemini correct?
- What happens if Gemini does not finish in time?
- Fallback to microblink data
- Expired document
- Duplicate document number
6. Submit KYC¶
POST /v1/verify/submit-kyc
Address¶
- State is no longer required for global users, region must be provided instead.
- What happens if you provide both State and Region?
- Should not be possible through the app but is possible through the API. - Can region be an empty string?
- Can ZipCode contain no numbers?
- How is address currently validated?
- How should address actually be validated.
SSN¶
- What happens if you submit SSN as a global user?
- Should not be possible through the app but is possible through the API.
Submitting KYC as a global user without going through ID scan validation¶
- What happen if you never go through ID scan validation? Meaning Gemini or AWS rekognition will not run in backend.
- Is currently possible to skip ID scan validation from API but should not be possible through the apps - What happens if ID scan validation does not finish in time for KYC to be submitted (hard to test).
Wait for firebase to update (even though it is almost instant for global users).¶
{
"kyc": {
"idScanValidation": {
...
},
"-OX7hZPfKVCAuFdrZVm5": {
"id": "fe1729c6-3c10-4a87-9619-c55b43f5720a",
"status": "Pending",
"statusReason": "document.not.verified",
"type": "customerDocument"
}
}
}
Manual Review Process for Global KYC users¶
1. Get KYC attempts that require manual review from Hydra¶
POST /v1/kyc/list
{
"filter": {
"kycVendor": "Majority",
"statusId": "Pending",
"stepId": "ManualReview",
"orderByDesc": true,
"orderByField": "Updated",
"userId": null,
"attemptId": null,
"assignedTo": null,
"reviewedBy": null,
"firstName": null,
"lastName": null,
"kycTypeId": null,
"createdDateFrom": null,
"createdDateTo": null,
"updateDateFrom": null,
"updateDateTo": null,
"reviewedAtDateFrom": null,
"reviewedAtDateTo": null
},
"skip": 0,
"take": 50
}
- Understanding how the filters work and what the properties mean.
- For example, when a customer submit KYC we assign them a KYC vendor. For US customers KYC is done through Alloy and their KycVendor is Alloy. For global users KYC is not done through Alloy but done internaly by Majority, thus global user's KYC vendor is Majority. So to filter for global users in the review KYC, you must filter for KYC where the KYC vendor is Majority.
- Filter only for the ones that require manual review.
- Filter"stepId": "ManualReview". Yes but this also require you filter"statusId": "Pending". As the stepId will still be in ManualReview if you are approved.
Monitor DTU usage when filtering for different things¶
Get details of a specific KYC attempt by calling¶
/v1/kyc/aggregate/kyc/user/{userId}/attempt/{attemptId}/details
1. KYC Assignments¶
Someone must be assigned to review a KYC. You can assign a KYC that is not assigned to someone else to yourself by calling:
PUT /v1/kyc/user/{userId}/attempt/{attemptId}/assign
If the KYC is already assigned to someone else, you can unassign the KYC from that person by calling
DELETE /v1/kyc/user/{userId}/attempt/{attemptId}/unassign
2. Review KYC¶
PUT /v1/kyc/user/{userId}/attempt/{attemptId}/review
{
"status": "RetakeImages",
"rejectionReasons": [
"Expired ID-1"
]
}
- What happens if you try and review a KYC that is not assigned to you?
- That is assigned to no-one?
- That is assigned to someone else? - What happens if you try and review a KYC that is not pending manual review?
- What happens if you try and review a KYC for a US customer that should actually be reviewed in Alloy?
- How many times can you ask the user to retake images before being forced to deny their KYC?
- What are the rejection reasons?
- What happens if you provide an invalid rejection reason?
- What is the max number of rejection reasons you can enter?
- What happens if you provide rejection reasons but approve the KYC?
- What happens if you reject or request retake image without providing any rejection reasons?
3. Edit data on the KYC before approving¶
- Edit firstname, lastname
- Edit date of birth
- Edit address (How can you edit address of a customer pre-KYC)
- State is still required to change address so address change is not yet possible for non-US customers... - Edit document number, document type and country of issue.
Using Majority CLI to test Global onboarding¶
Make sure you have the majority-cli installed from be-devtools. Verify its usage with
majority-cli --help
Create global user¶
majority-cli --account-country CO
Optional if you wanna specify colombian msisdn
majority-cli --account-county CO --region CO
Or just
majority-cli -ac CO -r CO
Pass KYC¶
majority-cli --msisdn <msisdn> --pass-kyc
Or if you don't specify the msisdn, a randomone will be generated and a new user will be created, in that case make sure you also specify the account country for that user
majority-cli --account-country CO --pass-kyc
You can change the information submitted during KYC by editing the code in MajorityKyc.py.
You can change the documents submitted by specifying the path to that document you would like to submit here
You can set the verbosity of the Majority CLI with the --verbosity or -v argument. Where the most detailed output is if you do set --verbosity 3.