opinion

The Tall Task of Knowing Your Customer

The Tall Task of Knowing Your Customer

When you were growing up, your parents probably did business with merchants who knew them by name as soon as they walked in the door — and if that merchant was a doctor or pharmacist, they maybe knew more about your folks than they wanted to admit. Yet today, it’s a running joke when regulars at places like Starbucks walk out with their names spelled wrong on their cups. Today, it’s almost impossible for companies to know all of their customers personally.

In my hometown, there was a local market called the Quito Market. My mom would shop there just about every day because she liked fresh items for dinner each night. Oh, I wish I was more like my mom! The owner, Gene, knew my mom and all of us by name. He knew me so well he invested in me, sponsoring many of my swimming fundraisers. He didn’t expect anything from us in return, because he knew we’d keep coming back to shop. In a very high-tech way, that’s what Know Your Customer (KYC) is: helping payment processors, the banks we work with and the card brands get to know our customers. By getting to know your customers, you know whom you are working with so you can be confident they are going to abide by the rules.

You need to identify and verify the identity of customers and the beneficial owners of companies, understand the nature and purpose of the businesses to create a risk profile and conduct ongoing monitoring to report suspicious transactions.

For several months we’ve been focused on preparing for the new Mastercard regulations, making sure merchants are all in compliance, but we’ve also been focused on merchant KYC, in the form of a Customer Due Diligence (CDD) update. This month, we dive into what that is and how best to prepare to remain card-compliant.

WHY SHOULD YOU DO KYC UPDATES?

When payment processors go through an annual KYC look-back with merchants, each year the same questions often crop up, like “Why do we have to do this and how come other companies don’t require regular KYC updates?” While it is time-consuming and, some would say, a pain to gather all of this type of documentation like IDs and other paperwork, it is worth it.

Twenty years ago, when I started in this industry, all a merchant needed to do was fill out an online application and hit “agree” as a signature, and they would be approved for processing. There was little to no review process. Boy, have things changed! There are several components to a CDD: You need to identify and verify the identity of customers and the beneficial owners of companies, understand the nature and purpose of the businesses to create a risk profile and conduct ongoing monitoring to report suspicious transactions.

The CDD helps providers know more about their clients, helping them to establish a stronger and more transparent working relationship. In return, it helps protect them against online fraud, fines, reputational risk and poor customer service.

HOW CAN KYC AND CDD HELP PROTECT YOU?

CDD comes from standards set by EU anti-money-laundering directives; FINCEN, an agency of the U.S. Treasury; and intergovernmental organizations like the Financial Action Task Force. Our acquiring partners are also subject to the same regulations and are required to hold CDD on their clients. As a licensed payment institution with the Central Bank of Ireland and UK Financial Conduct Authority, we are regulated to comply with EU law.

CDD validates methods used to monitor, remediate and respond to customer complaints. Processors are required to conduct necessary CDD checks to enter a business relationship and provide payment services to a merchant. Not to mention, processors are regularly audited by their acquiring brands and by the regulatory bodies of Europe and the U.K., to be sure they each have current and complete CDDs on their merchants.

If a processor doesn’t have sufficient KYC files, they could potentially lose accounts with their acquirers, lose their license to process and not be able to handle funds with EU or U.K. banks. Also, not meeting these regulatory guidelines results in large fines for the processor. CDD requirements are also expanding thanks to new requirements from acquirers and card brands. The requirements themselves vary geographically. For example, they are different in the U.S., U.K. and EU. To stay in compliance, we should all adhere to the highest standards. Being compliant today saves headaches tomorrow!

WHAT ARE THE LATEST REQUIREMENTS?

So, what are the latest requirements for merchants? Grab your notepad, because we’ll break down what you need to know.

First, you’ll need all corporate documents. These include a corporate certificate, operating agreements and shareholder documents. You’ll also need drivers’ licenses and/or passports along with a utility bill from all directors and Ultimate Beneficial Owners who own more than 10% of the company. You’ll need the tax ID in the U.S. or VAT ID if in the EU or U.K., and all bank statements in the name of the company, with matching addresses of the company. Card brands require you to show an office lease to validate the merchant’s location. Adult content questionnaires need to be filled out which include age verification and consent moderation policies.

New to the CDD is a Self-Assessment Questionnaire (SAQ) for payment card industry (PCI) compliance. This is being requested by several U.S. and EU banks. This SAQ is designed to show that the merchant knows how to handle sensitive data. You’ll also have to show a diagram of the corporate structure. There are several tools available for creating one, like Organogram Templates for merchants.

The best thing you can do to be prepared is to keep your own CDD files current and easy to access. This means you can quickly gather the utility bills of directors and/or partners, and when your processor’s acquiring partners ask for the files to audit, the request can be turned around in less than two weeks. Lastly, make sure the processing partner you work with, whether it’s directly with an acquirer, through an ISO or with a payment facilitator, is the one asking for this information.

If gathering all these types of KYC or CDD files blows your mind, reach out to a trusted payment processor to help you get organized and streamline what’s needed.

Cathy Beardsley is president and CEO of Segpay, a global leader in merchant services offering a wide range of custom financial solutions including payment facilitator, direct merchant accounts and secure gateway services. Under her direction, Segpay has become one of four companies approved by Visa to operate as a high-risk internet payment services provider. Segpay offers secure turnkey solutions to accept online payments, with a guarantee that funds are always safe and protected with its proprietary Fraud Mitigation System and customer service and support. For any questions or help, contact sales@segpay.com or compliance@segpay.com.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
Show More