[bisq-network/growth] Due diligence for CapCode payment option in Bisq (#215)

Ivan A. notifications at github.com
Fri Dec 25 23:03:23 CET 2020


## Proposal

Add the option CapCode from https://www.capitual.com solution.

### Why

_Why would Bisq benefit from adding this payment method? Is is popular in a particular region? More convenient? More safe?_

Because this method offers a better privacy than traditional banks in Brazil. People that buy/sell crypto assets have a risk with the traditional banks. They can freeze the traditional account bank with no criteria.

In CapCode option, there is a limit for negotiation: US$ 9,999.00 and with no KYC for this option: https://exchange.capitual.com (see Limits head).

It is an opportunity to bring Brazilian Binance users for Bisq, because the Capitual solution process fiat transactions in Brazilian Real (BRL / R$) for Binance division in Brazil.

### Region

_Who can use this payment method?_

Brazilians, but with a help in the [Telegram group of Bisq Brazil](https://t.me/bisqbrasil) and others members of the market (content creators), it is possible bring more users for Bisq even outside of the Brazilian market.

### Charge back risk

_How easy is it to cancel a payment once it's made? This is the most important characteristic of a payment method._

There are rules in Capitual platform for charge back (situations where traditional account bank are used), in the CapCode option there is no option for charge back, terms of use refers:

```2.8.5. You will not try to reverse any transaction sent to CAPITUAL. You will not chargeback such transactions on your bank nor attempt into double-spending attacks against CAPITUAL or any crypto-currency supported by CAPITUAL.```

```3.4.3. We are not responsible for resolving disputes or dispose any value due to chargeback claims. Use the PLATFORM at your risk.```

### Data requirements

_What information **must** a user provide to a counterparty to accept a payment?_

The buyer creates a CapCode URL and post it in Bisq for the seller, that can Redeem the CapCode.

![image](https://user-images.githubusercontent.com/40754811/103142217-581e5900-46de-11eb-9e72-0c819483a1cc.png)

### Verification

_How can payments be verified? Examples: TLSNotary is typically used for electronic payments, and receipt scans are typically used for money orders._

It is possible check in the status column inside the Capitual user account.

![image](https://user-images.githubusercontent.com/40754811/103142225-91ef5f80-46de-11eb-8006-717be770929d.png)


### Duration

_How long do payments take? Please provide a range, as the advertised best-case scenario rarely accounts for edge cases._

There is a "Timing" column in https://exchange.capitual.com with processes of Capitual. It is real time for Capitual accounts.

### Fees

_Does it cost anything to make a transfer using this payment method? If so, how much?_

There is no fee, check "Fees" column in https://exchange.capitual.com

![image](https://user-images.githubusercontent.com/40754811/103142253-01654f00-46df-11eb-8634-4829956cc99c.png)


### Fraud risk

_How easy or difficult is fraud with this payment method?_

Fraud is possible only if the Capitual user has your identity in the platform compromised.

### More details and my concerns

**Terms of Use review**

https://my.capitual.com/legal#tos

Capitual is in Estonia. So the cover is under this country law.

```1.2.1. Governing Law. You agree that the laws of the Republic of Estonia, without regards to principles of conflicting laws, govern the current agreement between the two parties and must rule any claim or dispute that may result from the business relationship this document covers.``

With the no KYC in CapCodes, there is a point of attention here:

```2. PROVISIONS THE CUSTOMER MAKE TO US```

```You confirm and warrant to us that the following statements are and will remain true while you are a CAPITUAL user:```

```2.1. You are at least 18 years old.```

```2.2. You are able to agree with the current terms.```

There is a risk of KYC if the user have suspicious transactions under Capitual solution, or make any prohibited action like, keep more than 1 account or promote things in this list: https://go.capitu.al/pb

```2.5. You will provide us with your official identity issued by your local government (identity card or drivers license), or a valid passport, and you agree that you will provide new documents as soon as the provided documents become invalid or re-issued.```

```2.5.1. When requested, you will provide additional personal information and additional documents, including, but not limited to, legal name, address, date of birth, bank information, taxpayer identification number, proof-of-address and personal pictures (selfies).```

```2.5.2. You agree to provide us with face identification and tracking data, which will be used to protect YOU and THE PLATFORM.```

```2.5.3. You will also performed, when required, physical actions, through our automated alive-person verification system or through video-call with an authorized agent.```

Attention for URLs:

```2.8.6. You will help in maintaining your CAPITUAL account secure, which involves tasks such as, but not limited to:```

```Avoiding fake pages, by always verifying if the page that claims to be from Capitual is the main domain or a subdomain of "capitual.com", "capitual.net", "capitual.io" or "capitu.al". In order to check if you are in one of these domains, please verify that, in the URL you are in, there is nothing or a slash ("/") followed by the URI path after one of the mentioned domains;```


They share information with law enforcement and partners for KYC.

```5.1. Under sustainable conditions, we do not share classified user's information.```

```5.1.1. We may share your information if we are requested by law enforcement agencies.```

```5.1.1.1. Such disclosure is ruled by our Privacy Policy.```

```5.2. We reserve the right to contact third-parties, including, but not limited to banking institutions, law enforcements, organizations and individuals and share with them details of any transaction, in case of suspicion of illegal behavior.```

```5.2.1. We reserve the right to contact individuals or organizations who may also be involved or be victim of any possible illegal activity that we may find among CAPITUAL users, regardless of the affected parties being or not CAPITUAL users.```

**Privacy Policy Review**

https://my.capitual.com/legal#pp

Metadata for identification. But it is possible create an account and use with the Tor Browser (fake mail works too).

```1.2. Your profile settings require additional data, such as address and full name. This information is used, in conjunction with the data collected related in 1.1, during fraud investigations. This information may also be used during support procedures.```

```1.3. We collect your IP address and we share your IP address, without any information that could relate the IP address to you, with third-party services that provide IP location. Such services provide us with your approximated geolocation coordinates (latitude and longitude) and political divisions (city, state, country, time zone etc.). This data is used to protect your account from unauthorized access.```

```1.4. Every time you access the PLATFORM, we generate a unique identifier based on your environment (the fingerprint). This information is used to recognize your machine and protect your account against unauthorized access. This information may also be used during investigations.```

```1.5. We may also collect your browsing and transacting patterns and log your navigation, in order to improve your experience on the PLATFORM.```

```1.6. We collect and store information provided by your environment (browser or smartphone), which includes, but is not limited to user agent, browser and operating system version, screen resolution, language, time zone, CPU architecture and manufacturer. This information is used to improve your experience on the PLATFORM.```

Data share (metadata)

```4.2. We may share your data with law enforcement agencies, when requested by a court or if we suspect you are involved in illegal activities.```

```4.4. We may share a limited set of your personal data, including, but not limited to your browsing activities, environment (browser, operating system and device) information and IP address with analytic services providers.```

It is possible request your data from Capitual. For Brazilian citizens it is possible request the total data purge (LGPD law, like GDPR).

```5.2. For Brazil residents. According to the Law 12965/14, Article 7th X, you may request the total deletion of the data we have collected about you through email to privacy at capitual.com. In this case, we need of 30 (thirty) days to completely request the removal of the information we have collected about you from the data storage systems of CAPITUAL and partner companies.```

**KYC/AML Policy Review**

https://static.capitual.net/legal/kyc-aml-policy.pdf

My concerns under chapter 3 and for. They are the same for traditional account bank suspicious flag.


Thanks.

@pazza83



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/growth/issues/215
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20201225/5d0da0f4/attachment.htm>


More information about the bisq-github mailing list