Knowing your customer begins when a user account is created. It’s important for businesses to have effective customer verification processes to help fight money laundering, funding for terrorism, corruption and other illegal activities. A 2009 report by the United Nations Office on Drugs and Crime (UNODC) estimated that criminal proceeds amounted to 3.6 percent of global GDP ($1.6 trillion) being laundered. On top of that, corporate losses from fraudulent online transactions are expected to reach $25 billion this year.

In addition to the fiscal impacts, the USA PATRIOT Act that went into law in 2001 imposed certain required steps on financial institutions to manage an effective Customer Identification Program. This mandate expanded the requirements of all financial institutions and information sharing between the government and financial institutions.

With more businesses offering an online payment option to their customers, the Dwolla Compliance team put together this guide to help with the understanding of what a Customer Identification Program is, how CIP impacts KYC processes and to share a few best practices for understanding risk mitigation with online payments.

If you’re building your own CIP/KYC program, please note that we cannot advise businesses on how to build their specific CIP/KYC framework, but can share best practices and requirements for understanding risk mitigation.

It’s important to remember when integrating any payment API that collecting and monitoring the right information is essential to mitigating risk.

Managing a customer verification framework ensures appropriate due diligence is performed when verifying the identities of individuals seeking to open an account to conduct financial transactions on your platform.

Dwolla itself requires platforms to collect specific information from onboarding customers for Dwolla’s own verification purposes.

For an individual customer needing verification and validation, the following information is needed:

  • Name
  • Date of Birth
  • Email Address
  • Physical Address
  • Identification or Social Security Number

If a business entity needs to undergo verification, the business will need to provide:

  • Business Name
  • Business EIN
  • Physical Business Address
  • Controller and/or Authorized Representative Information
    • Name
    • Email Address
    • Date of Birth
    • Identification or Social Security Number

Depending on the use case, some customers may not need to go through full verification. For example, if the customer is onboarded to only receiving funds, they will have different verification requirements compared to a customer who is attempting to initiate a transaction.

Dwolla Customer Types

Dwolla carries out CIP verification of its clients and has its own KYC frameworks in place; both are specific to Dwolla and are done to meet Dwolla’s own obligations. As a business, you can implement your own risk-based approach, which may include building your own CIP verification as an additional way of mitigating risk—something the Dwolla team fully supports.

Best practice for risk mitigation calls for at least one user to be verified within a transaction between two parties. Verification can be done in a variety of ways, for example:

  • A fully verified business (e.g. veterinarian’s office) sending payments from a business bank account to a user’s bank account (e.g. an employee).
    • Dwolla requires the sending business to undergo full identity verification and you may want to complete your own CIP procedures as well.
  • A rental platform facilitating payments from tenant to landlord.
    • Dwolla requires the receiving landlord to undergo full identity verification.
  • An investment platform facilitating payments for investment projects.
    • Dwolla requires both the sending and receiving parties to undergo full identity verification.

Dwolla’s Customer Onboarding Requirements

Simply carrying out one-time CIP verification is not enough to protect your ecosystem. Risks such as transaction fraud, identity theft, spamming and account takeover can happen even with air-tight CIP verification processes. Having a program in place to continuously monitor your customers and their activity on an ongoing basis will help maintain a healthy business ecosystem.

Such best practices for ongoing fraud monitoring include:

  • Active oversight of the business platform
    • Monitor for any material changes in activity
      • Transactions (Amounts, Volumes)
      • Account level information changes
        • Address, Phone, Email
  • Monitor ACH return rates
  • Refresh due diligence on customer information
  • Monitor login footprints to protect your users from risks like account takeovers

When it comes to managing risk, taking ownership in your processes is key to meeting any obligations you have—whether you’re a startup, small business or enterprise-level company.

Watch Dwolla’s Fraud Webinar

A solid customer verification program must include procedures to handle various edge cases—scenarios that may occasionally occur. What happens if a customer does not have an identity document or if a document type is of a different language?

For a solution to these edge cases, partnering with Dwolla for payments means having access to the Dwolla Partner Ecosystem—a network of service providers that offer specific solutions to our clients. Among these providers are companies offering verification solutions for businesses and individuals.

Explore the Partnership Ecosystem

Whether that’s for identity verification or a new business account, our partners provide dedicated software services to help businesses like yours mitigate risk.

Learn more about the risks and considerations with ACH Payments in our recent webinar.

Dwolla
The Programmable Payments Infrastructure