Skip to content

Track events of identity verification using a credit card

Eugie Limpin requested to merge el-identity-verification-cc-event-tracking into master

What does this MR do and why?

This MR resolves: https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/125

It adds frontend Snowplow event tracking for Identity Verification using a credit card.

Tracked events

Event category action property
Successful verification 'IdentityVerification::CreditCard 'success'
Failed verification 'IdentityVerification::CreditCard 'failed_attempt' '<error message>'

Notes:

  1. Reasons for failed verification can be either client-side or server-side validation errors
  2. depends on the type of error (e.g. 'Invalid Card Type', '[BusinessValidationError] Expiration date must be a future date.')

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Setup

  1. Configure your GDK to run Snowplow Micro
  2. Enable arkose_labs_signup_challenge feature. This feature is responsible for interfacing with Arkose Labs to assign a risk_band for new users. 
    $ rails console
> Feature.enable(:arkose_labs_signup_challenge)
> ApplicationSetting.first.update({ arkose_labs_public_api_key: '****', arkose_labs_private_api_key: '****', arkose_labs_namespace: 'client' })
    Credentials are available in GitLab 1Password Engineering Vault
  3. Enable feature flags for identity verification 
    $ rails console
> Feature.enable(:identity_verification)
> Feature.enable(:identity_verification_credit_card)

Validate

  1. Sign up for a new account. After, you should be redirected to the Identity Verification page (http://localhost:3000/users/identity_verification)

    🖼 Screen_Shot_2022-11-03_at_11.16.54_AM

  2. (Optional) If you don't see the credit card verification step, update the new user's risk band data to have 'High' value then refresh the Identity Verification page

    $ rails console
> u = User.last
> risk_band = u.custom_attributes.by_key('arkose_risk_band').first
> risk_band.update(value: 'High')

  3. Enter the following card details to trigger a client-side error:

    Error: card number is invalid

    🖼 Screen_Shot_2022-11-03_at_11.00.10_AM

  4. Navigate to http://localhost:9091/micro/good (the port number may be different depending on your setup) and validate that an event with the following properties was fired:

    category action property
    'IdentityVerification::CreditCard 'failed_attempt' 'Invalid Card Type'

  5. Enter the following card details to trigger a server-side error:

    Error: the expiration date is in the past

    🖼 Screen_Shot_2022-11-03_at_10.58.34_AM

  6. Navigate to http://localhost:9091/micro/good and validate that an event with the following properties was fired:

    category action property
    'IdentityVerification::CreditCard 'failed_attempt' '[BusinessValidationError] Expiration date must be a future date.'

  7. Enter the following card details to trigger successful verification:

    🖼 Screen_Shot_2022-11-03_at_11.02.05_AM

  8. Navigate to http://localhost:9091/micro/good and validate that an event with the following properties was fired:

    category action
    'IdentityVerification::CreditCard 'sucess'

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Eugie Limpin

Merge request reports