Security

At Centi Ltd, we are committed to promoting financial inclusion, empowerment, and security. Centi serves as an easy-to-use gateway to Web3 technology, offering a versatile alternative to traditional banking and credit cards, making digital payments accessible and secure for everyone.

As we expand access to these innovative tools, we remain dedicated to protecting the integrity of the Web3 ecosystem. Think of Web3 as a vibrant garden of innovation and collaboration – Centi is one of the gatekeepers. While we aim to invite everyone in, our priority is to protect this space from potential misuse.

Due to attempts to exploit our products, we have introduced identity checks for adding funds via credit cards. This measure is to prevent abuse and maintain security, not to compromise user privacy. Cash and bank exchanges will continue without identification requirements, maintaining a balance between security and convenience.

Our goal remains to offer a safe, secure, and user-friendly platform that empowers everyone to participate in the digital economy. These additional checks will help maintain the integrity of our platform and the Web3 ecosystem while providing an easy gateway to digital cash payments.
Centi follows the most recent security practices and protocols to ensure the safety of your assets. Our security checks and upgrades are regular, ensuring that the platform remains secure in the face of evolving threats.

Centi maintains encrypted copies of your wallet, which remain secure even if our database is accessed or stolen. To access these encrypted copies and make payments, user login credentials are required. Our database is maintained by a reputable external service provider who complies with relevant ISO norms and data protection standards.

However, it’s important to note that digital cash, much like physical cash, isn’t insured unless you have your own insurance policy covering it. A number of insurers do not include digital cash in their standard policies due to the perceived risk. We recommend reading our our exchange terms when purchasing digital cash from us, and our token terms when dealing with Centi Franc.

One of the risks with cash is potential buyer’s remorse, and you should be aware that we cannot reverse transactions. This also means that unauthorized debits or credits, as with cards, are not possible. We encourage our users to ensure they truly want a product or service before making payments with our merchants. While merchants can issue refunds, we are unable to assist with this process like traditional card payments.

Much like in all security scenarios, one of the biggest potential threats lies at the social level and often cannot be fully addressed technically:

We recommend keeping your 12-word mnemonic secure and backed up. This mnemonic should be kept private and never shared online or anywhere else. Be vigilant in your online communications, ensuring you are interacting with the person you believe you are. When making any payment, especially with money involved, beware of fraudulent individuals looking to exploit others. Stay vigilant!

When transferring money through the Centi App, take care to confirm the recipient’s PayMail address. Our QR codes on the receive tab provide a secure way to share your own address.

To secure your Centi account, follow these best practices:

  • Enable Two-Factor Authentication (2FA): This adds an extra layer of security by requiring a second form of verification in addition to your password.
  • Use a Strong Password: Create a password that is complex and unique to your Centi account.
  • Regularly Update Security Settings: Periodically review and update your security settings in the app to ensure they remain effective.

The mnemonic is a human readable version of your digital cash wallet. In technical terms, it represents the seed entropy from which all future private and public keys can be derived. If you keep this mnemonic safe then you can access your money at all times even independently from Centi App.

Warning of Phishing and Scams

It has come to our attention that internet fraudsters sometimes lead users to believe they are engaging with popular platforms, especially second-hand marketplaces. Through phishing emails, these fraudsters gain victims’ confidence, convincing them to “verify” accounts or provide credit card details for receiving payments. These fraudulent pages mimic popular brands, tricking victims into entering their card details.

To combat this, we enforce 3D Secure Technology on all credit card transactions to prevent unauthorized charges. You will never be charged by Centi Ltd without 3D Secure verification. Please only confirm 3DS payments if you are certain about the payment and recipient.

Centi Ltd is not associated with any second-hand trading platforms and will never invoice your card except for our exchange services (Centi Exchange Terms). We are not involved in verification procedures for other platforms, and you will never receive money by providing your credit card details to Centi Ltd.

Be cautious of unsolicited communications asking for your personal information. To avoid phishing and scams:

  • Verify the Sender’s Identity: Ensure that the sender is legitimate before providing any information.
  • Avoid Clicking on Suspicious Links: Do not click on links or download attachments from unknown or suspicious sources.
  • Check Website Legitimacy: Use tools provided by such as iBarry to verify the trust score and legitimacy of websites.

Contact Centi support immediately at support@centi.ch using the email address you registered with, if you notice any suspicious activity on your account.
Describe your issue as precisely as possible to help us provide a prompt and accurate response. Typically, we aim to respond within 12 hours.

If you have fallen victim to fraud, we want to ensure there is no confusion about how security measures work with credit card transactions, both online and offline:

  1. Online Transactions: When you make a purchase online, a Transaction Authorization Number (TAN), also known as 3D Secure, is used. This is a one-time code sent via SMS by your bank to authorize the transaction. It serves as digital verification of your identity, ensuring that you are the one approving the purchase.
  2. Offline Transactions: When you make a purchase in person, such as at a store or a restaurant, you use a PIN number associated with your credit card to authorize the transaction. It’s important to understand the implications of sharing these security details. Whether it’s a TAN for an online purchase or a PIN for an offline purchase, sharing them can allow others to make purchases on your credit card.
Implications of Sharing Security Details: Sharing your TAN or PIN can allow others to make unauthorized purchases on your credit card. For all transactions, Centi enforces 3D Secure confirmation to prevent unauthorized charges. If you share your credit card details or 3D Secure code with someone, they could use it to make transactions on our platform.

Scenario Explanation: If you were at a restaurant and decided to give your credit card and PIN to someone you didn’t know, and they used it to pay for their meal, the restaurant wouldn’t be responsible for the unauthorized charge. Similarly, if someone else uses your TAN (3D Secure code) that you shared with them to make an online purchase, platforms like Centi cannot be held responsible for this misuse.

We at Centi adhere to the highest security standards, and our responsibilities begin and end with transactions authorized through these secure systems. Non-Reversible Transactions: Due to the nature of digital currencies, once a digital currency transaction is finalized and transferred to a wallet, it cannot be reversed. As stated in our terms of service, we cannot refund such transactions.
Introduction

Centi App is a user interface service provided under our terms. In these terms, you agreed to keep your wallet safe and secure at all times and take responsibility for doing so. In this article, we describe the advantages of this setup and how you can learn more about the digital cash you are using with the Centi App.

Centi’s main payment features utilize the BIP270 or Direct Payment Protocol Standard which enables payments in Centi Franc, BSV and other tokens. This standard again is made to interact with a public protocol (web3) which is the Bitcoinˢᵛ blockchain. This means that the control over your digital cash such as CCHF or BSV is with you all the time. This is good for you and Centi, as you can choose different user interfaces shall you need to and we do not need to hold money on your behalf to generate a great payment experience. Therefore you may be interested to learn how you can use different user interfaces to your wallet and/or extract private keys from it. The private key enables you to take your money anywhere you like at any time.

Disclaimer: Some below-described methods are not a product or service of Centi Ltd or part of its terms of service and the procedures are provided for educational purposes only. Usage of this information is at your own risk!

If you have a 12-word mnemonic phrase written down during your Centi App signup, you can recover your CCHF, BSV and private keys by following the steps outlined below. We’ll explain the basics of Bitcoin and how Centi digital cash builds on this standard, the process of deriving private keys from mnemonic phrases using a specific derivation path, and extracting BSV using Electrumˢᵛ wallet. We’ll also provide information on other wallets supporting the STAS-20 standard, which Centi Franc (CCHF) is built on.

What is Bitcoin and how Centi digital cash builds on this standard to have you control your funds

Bitcoin is a distributed digital currency that enables peer-to-peer transactions without the need for financial intermediaries to transact digitally. It uses blockchain technology to maintain a public ledger of all transactions. Centi digital cash builds on the Bitcoin standard, allowing users to have complete control over their funds through the use of their wallet.

For more information on Centi Franc and Bitcoinˢᵛ, please visit the following links: How to derive private keys from mnemonics using the derivation path

To derive private keys from the 12-word mnemonic phrase from your Centi App, you’ll need to use the specific derivation path “m/44’/0’/0’/0/”. This process generates the private keys associated with the first 20 addresses of your wallet (this may be extended in the future).

For more information on deriving private keys from mnemonics, refer to this comprehensive guide and BIP39 Mnemonic Code Converter.

Extracting BSV using Electrumˢᵛ wallet and creating an Account using the mnemonic and the path

To extract BSV from a wallet using the Electrumˢᵛ user interface, you’ll need to create a wallet, then an account using “import from text” and entering your mnemonic phrase and the specified derivation path. Follow the step-by-step instructions in the Electrumˢᵛ guide.

Other wallets supporting the STAS-20 standard

There are other wallets that support the STAS-20 standard, which Centi Franc (CCHF) is built on. A popular alternatives is Relysia.

Recovering STAS-20 Tokens from Private Key

Example for recovering 100 of Centi Franc (10’000 CCHF tokens) with tokenID ed6fcd9f56efd619ded8322564e32d4b23be658a-CCHF you are trying to recover (n Centi Franc are n*100 CCHF tokens).
  1. Open a text editor like Notepad.
  2. Have your BSV private key ready. Please note that that particular key might not be secure any more after these steps and should not be reused after this procedure.
  3. Copy this to your text editor:

  4. {“dataArray”: [{“to”: “yourpaymail“,”amount”: 10000,”notes”: “recovery”,”tokenId”: “ed6fcd9f56efd619ded8322564e32d4b23be658a-CCHF”,”sn”: 0}]}

  5. Make necessary changes to the text in the editor, such as changing the amount from 10000 to your desired number, replacing TokenID with the TokenID of the token you want to recover, changing notes, and most importantly your paymail address of a compatible service, such as Centi App.
  6. Navigate to this page in your web browser: https://api.relysia.com/docs/static/index.html
  7. Find the endpoint /v1/drop, click on it such that it expands and then press [Try it Out] (see attachment)
  8. Copy your adjusted text block and replace the text block in the window. Please make sure you copy it with all the brackets and replace the entire text again.
  9. Enter your private key in the respective field
  10. Enter this code in the field for secret key: J@NcRfUjXn2r5u8x!A%D*G-KaPdSgVkY
  11. Leave the serviceID field empty
  12. Press [Execute]
  13. In the output field below you should get a response with the code 200 if everything was done correctly. It will also provide you with the transactionID.
  14. Find the recovered tokens in your compatible application.
By following the resources and steps provided in this entry, you have learned about  Bitcoinˢᵛ and related open standards and are now able to recover your BSV, CCHF and private keys from your 12-word mnemonic phrase with ease.

This means you have now learned how to access your funds independently of Centi App shall you ever want or need to!
Arrow-up