Merchant onboarding is an underwriting review to ensure merchants meet Know Your Customer (KYC) requirements before bringing them onto a platform. Underwriter is obliged to perform KYC procedure to each merchant.
Document verification is the first step in the Due Diligence procedure. The following documents have to be reviewed:
- Required corporate register extracts,
- Copy of the ID of the signatories,
- Copies of Utility bills that may be required,
- Copies of licenses that may be required,
- Copies of processing history if applicable.
1.Company register extracts.
Underwriter require corporate register extract for review, definition a country of registration of the Merchant and avoidance from various blacklists (according to Acceptance Policy paragraph 4. Restricted Countries, PayR does not provide account opening, payment services or any other products to the entities, which are registered in the tax-haven jurisdictions). Data from register extracts must be compared with the data from public registers of relevant countries. Register extract should be not older than six months.
2.Verification of Identity documents.
Underwriter defines UBO of the company – natural person who ultimately owns or controls more than 25% of the shares or voting rights of the contracting party. The UBO should be identified, before starting business relationship or carrying out a transaction. The identification should be conducted nor only once, but on an ongoing basis due to possible changes in control or ownership. Place and date of birth, nationality and address may also be documented. Identification documents are required to be notarized or apostilled. Utility bills serve to provide credibility of the fact that the merchant is really located at the specified address, is required to be not older than three months. Utility bills of executives of a company may be requested every three months after acceptance.
According to PEP- and Sanction list and Customers Acceptance Policy, PayR should not enter into a business relationship or execute any transactions for Politically Exposed Person. PEPs represent a higher risk for potential involvement in money laundering, bribery and corruption.
Underwriter defines field of activity of the merchant. First of all, type of business should be defined to the relevant risk level. According to Customer Acceptance Policy, paragraph 3.5 (Restricted activities) underwriter should ensure that field of activity of the merchant is not listed in prohibited activities. Otherwise, cooperation can not be possible. After aforementioned actions underwriter proceeds to the license review (license number and issuer may be compared with public license register).
The data provided by the merchant should be verified again using a search engine. A suspicion of fraudulent activities of the online merchant may arise due to various results, when verifying with a search engine. The following items are used:
- Company name,
- Name of the executive,
A cause of suspicion arises when one or more of the following search results were returned:
- Negative entries in forums, blogs or online newspapers about the executive director,
- Negative entries in forums, blogs or online newspapers about the company,
- Negative entries in forums, blogs or online newspapers about the URL,
- Negative entries in forums, blogs or online newspapers about the products sold,
- Negative entries in forums, blogs or online newspapers about the communication with customers (in particular the response to complaints).
If the Underwriter finds large number of negative reports, he/she should examine this more closely. However, the same also applies if a large number of positive entries are found. An excessive number of positive entries gives rise to the suspicion that they may have been fabricated to give the merchant a positive image.
The website must display the company name and address as actual text and nor as an image. This can be checked by marking the entire page (hot key: Control + A). If the company name and address are marked in a block and not in individual text elements, this is a reason for suspicion.
If a different company is shown on the website, then this indicates possible third-party processing. The potential existence of such a circumstance needs to be clarified with the merchant.
Using the portal whois.com it is possible to determine the owner of a domain. The user is provided with various data, after entering the domain into the search field. The data relevant for the investigation risk analysis is the owner, the administrator, the technical person and the date of registration.
Depending on the risk level may be requested additional Due Diligence (processing history, chargeback rates, GEO location of clients etc.)