Merchant Monitoring Resource Center Types of Payments Risk What Are High-Risk Verticals? What are BRAM and GBPP fines? What Is Transaction Laundering? Money Laundering vs. Transaction Laundering What is PCI compliance? Why Is Reputational Protection Important in Payments? Monitoring and Risk Mitigation Merchant Underwriting vs. Merchant Monitoring Know Your Customer With These 3 Steps How Merchant Monitoring Can Help You Grow Your Business Is Merchant Monitoring Right for You? Learn About LegitScript Merchant Monitoring Know Your Customer With These 3 Steps Know Your Customer (KYC) checks are a crucial part of the underwriting process and help weed out problematic applicants before they’re approved for a merchant account. These required checks involve the verification of information such as an applicant’s identity, financial activities, and the risk they pose. Keep reading to understand the three common elements involved in a KYC check. What Are KYC Procedures? The goal of KYC is exactly that — to know your customer. The process developed in the early 2000s largely to prevent serious crimes such as money laundering and terrorist funding, but it has been an essential component for assessing all sorts of potential fraud. Federal laws, including the USA Patriot Act and FinCEN’s CDD rule, require financial institutions to conduct these checks on anyone wanting to conduct business, and the practice has largely been adopted by ISOs and payment facilitators. While KYC processes for payments companies vary from one organization to another, there are a few core elements: verifying the applicant’s identity (Customer Identification Procedures), assessing the business’s risk (Due Diligence), and performing ongoing monitoring of a merchant’s activities. 1. Comply with Customer Identification Procedures Customer Identification Procedures (CIP) is a component of KYC intended to verify that customers are who they say they are. Applicants will submit official documentation such as passports, driver’s licenses, business registries, and more so that underwriters can confirm the identity of the applicant. According to the US federal rule on CIP, the bare minimum requirements include: Name Date of birth Address (residential or business, if available; if not, APO or FPO) Identification number, such as a taxpayer ID number, passport number, alien identification card number, or other government-issued identifying number. Payment service providers may, and often should, require more information depending on their risk mitigation strategy and the type of merchant applying. According to the Visa Global Acquirer Risk Standards, payment service providers must also collect a credit background check, business name, and, where applicable, merchant MCC and previous termination status. 2. Perform Customer Due Diligence The second part of KYC is customer due diligence (CDD), which helps determine an applicant’s potential risk. There are various levels of due diligence — simplified, basic, and enhanced — based on the unique factors of each applicant. Merchants operating in high-risk areas are more likely to need enhanced due diligence. What does CDD involve? While there is no set standard, it may involve additional verification of an applicant’s identity, including additional identifying documents, verified geolocation, a live video of the applicant, and third-party verifications. It may also include additional business verification, such as incorporation information, leadership rosters, operational information, transaction/sales data, and more. An underwriter may also check the applicant’s identity and business against third-party lists. While non-exhaustive, below is a list of commonly used resources: Mastercard Alert To Control High-risk Merchants (MATCH) US Department of State sanctions list Specially Designated Nationals and Blocked Person Lists (SDN) Financial Action Task Force Lists (FATF) Transparency Index lists from Transparency International State Sponsors of Terrorism list 3. Conduct Ongoing Monitoring Once applicants have passed underwriting checks and have been onboarded, some payment service providers fail to monitor the merchants over time. This opens up payments companies to substantial risk, as it’s easy for a merchant to change business models or sales tactics once they have been approved. Transaction monitoring can help raise flags when a merchant’s processing becomes unusual. This includes factors such as: Sudden increases in chargebacks Sharp changes in transaction number or volume Uncommon transactions, such as international ones Merchant monitoring is a more proactive review that involves persistently, and regularly monitoring a merchant after onboarding. Using automated tools and sometimes human analysis and machine learning, merchant monitoring solutions look at merchant details, website content, and other data points to continually assess merchant risk. This is important because merchants who appear innocuous can change their tactics once they have obtained their merchant accounts. Initial KYC helps you know your customer at one point in time. Ongoing monitoring helps you know your customer throughout the lifecycle of your partnership.