opinion

The Tall Task of Knowing Your Customer

The Tall Task of Knowing Your Customer

When you were growing up, your parents probably did business with merchants who knew them by name as soon as they walked in the door — and if that merchant was a doctor or pharmacist, they maybe knew more about your folks than they wanted to admit. Yet today, it’s a running joke when regulars at places like Starbucks walk out with their names spelled wrong on their cups. Today, it’s almost impossible for companies to know all of their customers personally.

In my hometown, there was a local market called the Quito Market. My mom would shop there just about every day because she liked fresh items for dinner each night. Oh, I wish I was more like my mom! The owner, Gene, knew my mom and all of us by name. He knew me so well he invested in me, sponsoring many of my swimming fundraisers. He didn’t expect anything from us in return, because he knew we’d keep coming back to shop. In a very high-tech way, that’s what Know Your Customer (KYC) is: helping payment processors, the banks we work with and the card brands get to know our customers. By getting to know your customers, you know whom you are working with so you can be confident they are going to abide by the rules.

You need to identify and verify the identity of customers and the beneficial owners of companies, understand the nature and purpose of the businesses to create a risk profile and conduct ongoing monitoring to report suspicious transactions.

For several months we’ve been focused on preparing for the new Mastercard regulations, making sure merchants are all in compliance, but we’ve also been focused on merchant KYC, in the form of a Customer Due Diligence (CDD) update. This month, we dive into what that is and how best to prepare to remain card-compliant.

WHY SHOULD YOU DO KYC UPDATES?

When payment processors go through an annual KYC look-back with merchants, each year the same questions often crop up, like “Why do we have to do this and how come other companies don’t require regular KYC updates?” While it is time-consuming and, some would say, a pain to gather all of this type of documentation like IDs and other paperwork, it is worth it.

Twenty years ago, when I started in this industry, all a merchant needed to do was fill out an online application and hit “agree” as a signature, and they would be approved for processing. There was little to no review process. Boy, have things changed! There are several components to a CDD: You need to identify and verify the identity of customers and the beneficial owners of companies, understand the nature and purpose of the businesses to create a risk profile and conduct ongoing monitoring to report suspicious transactions.

The CDD helps providers know more about their clients, helping them to establish a stronger and more transparent working relationship. In return, it helps protect them against online fraud, fines, reputational risk and poor customer service.

HOW CAN KYC AND CDD HELP PROTECT YOU?

CDD comes from standards set by EU anti-money-laundering directives; FINCEN, an agency of the U.S. Treasury; and intergovernmental organizations like the Financial Action Task Force. Our acquiring partners are also subject to the same regulations and are required to hold CDD on their clients. As a licensed payment institution with the Central Bank of Ireland and UK Financial Conduct Authority, we are regulated to comply with EU law.

CDD validates methods used to monitor, remediate and respond to customer complaints. Processors are required to conduct necessary CDD checks to enter a business relationship and provide payment services to a merchant. Not to mention, processors are regularly audited by their acquiring brands and by the regulatory bodies of Europe and the U.K., to be sure they each have current and complete CDDs on their merchants.

If a processor doesn’t have sufficient KYC files, they could potentially lose accounts with their acquirers, lose their license to process and not be able to handle funds with EU or U.K. banks. Also, not meeting these regulatory guidelines results in large fines for the processor. CDD requirements are also expanding thanks to new requirements from acquirers and card brands. The requirements themselves vary geographically. For example, they are different in the U.S., U.K. and EU. To stay in compliance, we should all adhere to the highest standards. Being compliant today saves headaches tomorrow!

WHAT ARE THE LATEST REQUIREMENTS?

So, what are the latest requirements for merchants? Grab your notepad, because we’ll break down what you need to know.

First, you’ll need all corporate documents. These include a corporate certificate, operating agreements and shareholder documents. You’ll also need drivers’ licenses and/or passports along with a utility bill from all directors and Ultimate Beneficial Owners who own more than 10% of the company. You’ll need the tax ID in the U.S. or VAT ID if in the EU or U.K., and all bank statements in the name of the company, with matching addresses of the company. Card brands require you to show an office lease to validate the merchant’s location. Adult content questionnaires need to be filled out which include age verification and consent moderation policies.

New to the CDD is a Self-Assessment Questionnaire (SAQ) for payment card industry (PCI) compliance. This is being requested by several U.S. and EU banks. This SAQ is designed to show that the merchant knows how to handle sensitive data. You’ll also have to show a diagram of the corporate structure. There are several tools available for creating one, like Organogram Templates for merchants.

The best thing you can do to be prepared is to keep your own CDD files current and easy to access. This means you can quickly gather the utility bills of directors and/or partners, and when your processor’s acquiring partners ask for the files to audit, the request can be turned around in less than two weeks. Lastly, make sure the processing partner you work with, whether it’s directly with an acquirer, through an ISO or with a payment facilitator, is the one asking for this information.

If gathering all these types of KYC or CDD files blows your mind, reach out to a trusted payment processor to help you get organized and streamline what’s needed.

Cathy Beardsley is president and CEO of Segpay, a global leader in merchant services offering a wide range of custom financial solutions including payment facilitator, direct merchant accounts and secure gateway services. Under her direction, Segpay has become one of four companies approved by Visa to operate as a high-risk internet payment services provider. Segpay offers secure turnkey solutions to accept online payments, with a guarantee that funds are always safe and protected with its proprietary Fraud Mitigation System and customer service and support. For any questions or help, contact sales@segpay.com or compliance@segpay.com.

Related:  

Copyright © 2026 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

profile

Ricci Levy on Standing Up for the Right to Be Heard

When Ricci Levy speaks about human rights, she does not use detached, academic language. She speaks with urgency, emotion and the kind of passion that immediately makes it clear just how deeply personal this work is for her.

Women In Adult ·
opinion

Lessons From Decades of Building the Adult Internet

After my first year of college, I needed a job. So I did what people did back then: I opened the newspaper and started scanning the classifieds. One listing stood out: “Image Librarian.” I had no idea what that meant, but I applied, and got the job.

Tanguy ·
opinion

How to Build a Cross-Border Payment Strategy

Pull up your analytics and you’ll likely find that international traffic is already on your site. Some of those visitors convert, but a lot more bounced at checkout — and a meaningful chunk tried to pay but were declined.

Joe Fredricks ·
opinion

The KPIs That Keep Payment Processing Humming While You're Away

I always look forward to the summer as my kids are home and I can plan little trips with them to reconnect and have some fun. If you’re like me, however, you probably never go on vacation without your laptop, so you can check in or lurk in the background to make sure all systems remain go.

Cathy Beardsley ·
opinion

What Utah's SB 73 Means for Compliance Requirements

Utah has once again positioned itself at the center of the national battle over online age verification and adult-content regulation.

Corey D. Silverstein ·
profile

Clips4Sale's Christy on Backing Creators and Fueling Growth

Understanding the industry from within goes beyond data. For Christy, Manager of Creator Experience at Clips4Sale, that insight is shaped by front-line conversations and years spent listening not just to trends, but to people.

Women In Adult ·
opinion

Breaking Down AI-Powered Moderation and Platform Safety

Adult platforms, including content sites, cam services and dating apps, consistently face a range of high-risk challenges. These include verifying consent, particularly for user-uploaded content, addressing nonconsensual material such as leaks and so-called revenge porn, and ensuring effective age verification and protection for minors. At the same time, platforms must manage content moderation at scale while addressing payment fraud, scams, harassment and user abuse.

Christoph Hermes ·
opinion

How to Optimize Subscription Billing for Compliance and Stability

The Federal Trade Commission’s “click to cancel” rule is coming back around. Last year, a federal appeals court vacated the FTC’s Negative Option Rule, aimed at addressing deceptive or unfair practices and making it easier for consumers to cancel online subscriptions.

Jonathan Corona ·
opinion

Key Strategies for Streamlining Payment Processing Approval

Why is it taking so long to get my account approved? It's frustrating for everyone involved, but it's all part of the process. Over the past year, timelines have stretched to 60 days or more for merchants to complete onboarding, from internal compliance review to banking partner approval and final card brand registration.

Cathy Beardsley ·
opinion

What to Know About Alabama's Regulatory Push on Adult Content

Over the past two years, Alabama has quietly but aggressively transformed itself into one of the most restrictive and unfriendly jurisdictions for the adult entertainment industry. Through the enactment of House Bill 164 and related enforcement mechanisms, the state has layered taxation, compliance burdens and content restrictions in a way that goes far beyond traditional regulation.

Corey D. Silverstein ·
Show More