Introduction
This policy is based on Reserve Bank of India’s ‘Guidelines on Regulation of Payment Aggregators and Payment Gateways’ dated March 17, 2020 and bearing reference no. RBI/2020-21/117 CO.DPSS.POLC.No.S33/02-14-008/2020-2021 and amendments issued to the same thereafter, ‘Regulation of Payment Aggregator – Cross Border (PA – Cross Border)’ dated October 31, 2023 and bearing reference no. RBI/2023-23/80CO.DPSS.POLC.No.S-786/02-14-008/2023-24 and amendments issued to the same thereafter, RBI regulation titled ‘Master Direction on Know Your Customer (KYC), 2016 (‘KYC Master Directions) and amendments issued to the same thereafter.The guidelines are issued under Section 18 read with Section 10(2) of the Payment and Settlement Systems Act, 2007.The policy must be read in conjunction with the Company’s Know Your Customer/ Anti-Money Laundering/ Combating Financing of Terrorism Policy (KYC/AML/CFT Policy), as updated from time to time.
Once received, merchant application package should be reviewed, after completing underwriting process it is decided if PAYMENTZ will start boarding the Merchant.
In order to be accepted, business model and web site(s) of a merchant have to be compliant with the laws of the country where the merchant is registered, card scheme rules and regulations and acquiring banks’ acceptance policy.
As PAYMENTZ is registered in India, most of the merchants are coming from India and applying for processing with Indian acquiring banks, so all compliance checks are adjusted to Indian law law and Indian acquiring banks.
Underwriting should be adjusted to each individual merchant application process, depending on the business model, company structure and country of registration. Different parameters are reviewed for different industries.
- Merchant application form
- Know your business (KYB) information (Point 2): Company name, address, contacts, registration data
- Processing history (Point 3): Summary with breakdown of monthly sales, refunds, chargebacks for last 6 months
- Bank information (Point 4): Processing currency, settlement currency, bank account information
- Know your customer (KYC) information (Point 6): Name of ultimate beneficial owner(s) (UBO(s)), personal information, address
- Business model (Point 8): Company profile, description of goods/services, payment methods, website, log in credentials
- Know your business documents
- Memorandum & Articles of Association
- Certificate of incorporation
- Extract from the Companies Register not older than 6 months
- Processing history
- Sales transactions
- Refunds
- Chargebacks
- Fraud transactions
- Bank documents
- Name of the merchant
- Address of the merchant
- Name of the Bank where the account is open
- Logo of the Bank
- Address of the bank where the account is open
- Account number
- Licenses
- Airlines
- Currency exchange
- E-Wallet & E-Money
- Financial services
- Gambling
- Money remittance
- Pharmaceuticals
- Derivatives trading
- Know your customer documents
- Color copy of ID (Aadhar Card, PAN Card and Passport) of each director/UBO, for ID that is currently valid
- Proof of address/utility bill/individual bank statement of each director/UBO, not older than 3 months
- GST registration
- Business Registration Proof
- Full name;
- Citizenship. Mandatory information, if a customer is from the prohibited jurisdiction, the company itself should be rejected.
- Address. Proof of address has to be collected to know where the individual is residing. (POA should be not older than 3 months and in English language).
- PEP – Politically Exposed person
- Website checks
- Website URL;
- Proof of domain ownership;
- Name, address and contact information of the footer;
- Terms and Conditions (Case by case);
- Privacy policy (Case by case);
- Risk policy (case by case);
- AML/KYC policy (if applicable);
- Registration field. (Always try to sign up as new user);
- Food
- Beverages
- Cosmetics
- Nutraceuticals
- Pharmaceuticals
- The merchant’s identity, geographical address and telephone number
- Contact e-mail address
- Trade register number of the merchant
- GST details of the merchant (if applicable)
- Professional association to which the merchant belongs (if applicable)
- The total price, inclusive of taxes and all charges
- Delivery costs (if applicable)
- Transaction currency (In both words and symbols)
- Merchant Sanction screening and Adverse Media screening
- Facctum - AML screening Solution
- HyperVerge - solution for KYC check during merchant onboarding
- The company name of the Customer under investigation;
- Trading name(s) of the company (if any);
- Parent company name. Parent company is subject to adverse media screening even if beneficial owners are owning more than 10%. If there are several owning parent companies – search has to be performed on all these entities;
- Old company names (within the last 5 years);
- All beneficial owners;
- Senior management;
- Nominee shareholders/directors (if any);
- Business partners;
- Company registered address;
- Company operational address;
- The relevance of the search result(s); with links to crime, terrorism, corruption, tax evasion, or impropriety being the primary factor for referral.
- The significance/materiality of the news; considering whether there has been a criminal investigation, with a court case or conviction for example; or if the news refers to allegation or rumors with no formal proceedings undertaken.
- Trusted source; for example is it a reputable source (e.g. international media organization) or unverified material (e.g. an obscure online blog)?
- The date the news was published; with recent information more pertinent to an investigation. Adverse media is sufficient only for 5 years. Older findings can be accepted relevant case by case.
- Risk assessment structure
- Business model, industry, products
- Business model
- Legal form as well as country and year of incorporation;
- Summary of business model and services merchant is providing;
- Company website;
- Justified reason
- Describe customer’s purpose of relationship with PAYMENTZ;
- Processing Expectations
- Evaluate on expected transaction volumes and average transaction tickets;
- Evaluate risks related to chargebacks and refunds;
- Business model
- Company Structure
- Ownership
- Summary of ownership structure, evaluate direct and indirect shareholders;
- State who is treated as UBO;
- State if there are any nominee shareholders;
- Evaluation of Adverse media search and sanction screening results;
- State whether there is a PEP, and if yes, then assess the risk;
- Complexity of group structure;
- Management
- State whether there are any nominee directors;
- State who is Managing director of the company;
- Evaluation of Adverse Media search and sanction screening results;
- State whether there is a PEP, and if yes, then assess the risk;
- Ownership
- Short evaluation of risk and final decision on risk level.
- Enhanced Due Diligence
- - Additional KYC questionnaire for Derivatives traders/Gambling/Financial institutions.
- - Source of funds/wealth only required for EDD.
- - To identify and verify UBO’s that own more than 10% of shares.
- - PEP self-declaration form when PEP appears in company structure or management.
- - All customers that are the subject to EDD must be approved by Management Board.
- Communication/Feedback
- Approval/Rejection
- Activation
- - Sign a legal agreement and the legal agreement franked for the value of Rs 600/- OR separately attach Non-Judicial stamp paper for the value of Rs 600/- with the following content written on it "This Non-Judicial Stamp Paper forms an integral part of Payment Gateway Solutions PVT LTD Merchant Legal Agreement executed by ______________________ (name) on ____________(date)"
- - Submit documents of business entity: These documents are required to be duly authenticated and signed as true copy by the Authorized Personnel. Following the initial investigation stages, supporting documents will be requested from the merchant in hard copies. These documents will be required to support the details that were either provided in the initial application, or that were formulated in the course of the initial assessment.
The summary of all the information about the merchant can be found in the Merchant application form (MAF), so review of this document represents the starting point of the due diligence process.
The filled application should provide the following information:
The data from the application form should be cross checked (for more information will be written in the following points) with submitted documents, to make sure that the provided information is supported by the documents (in some cases the application form is sent directly to the bank for the boarding process) and it is required that the submitted information is genuine.
In the case that information from the MAF and submitted documents are not aligned, it should be addressed to merchant to confirm the data.
From the MAF we should get the basic perspective of the merchant business and the way of working and it is designed in that way for us to understand the case better.
Know your business (KYB) documents are required in order to obtain the information about the merchants’ legal entity that is owner of the web site(s) where the merchants want to process the transactions.
The company documents that are required are dependent on the type of the legal entity and are provided in the Annexure 1.
For Public Limited and Private Limited companies main Incorporation documents which are requested during the underwriting process are:
The information from the submitted documents should be double checked and compared with the information from a company register (MCA for Indian companies).
If the more than 10% of the company is funded by the parent company, the company documents of the parent company should be requested and its parent company(s) until we have information about all natural persons, who are the ultimate beneficial owners(UBO) of the company. From each company in the chain, following documents should be requested:
Memorandum & Articles of Association, Certificate of incorporation, Share certificate Extract from the Companies Register not older than 6 months.
If the full application package is received, and some of the company documents are missing, it should be communicated and received from the merchant.
Searching for a company register is done by using Internet search engines (e.g. Google, Bing, etc.).
Memorandum & Articles of Association
Memorandum of Association (MOA) is a document that regulates a company’s external activities and must be drawn up on the formation of an incorporated company. The memorandum of association gives the company’s name, name of its members (shareholders) and number of shares held by them, and address of its registered office.
Articles of Association (AOA) is a document that specifies company’s operations and they define the company’s purpose and lay out how tasks are to be accomplished within the organization, including the process for appointing directors and how financial records will be handled. This set of rules can be considered a user’s manual for the company because they outline the methodology for accomplishing the day-to-day tasks that must be completed.
It should be double checked the information and the versions of MOA and AOA with the online portal of the company house in the country where the company is registered if available. It is important to compare the company’s nature of business from AOA and industry of the applying web site, it should be aligned with each other. Also, it should be reviewed the dynamics in the life of the company and the changes in name/address/shareholders/directors as this can provide additional information about the company’s nature of business and the way of running it. Frequent changes may indicate that merchant doesn’t have sustainable business and it may be high risk to accept it.
If the full application package is received, and Memorandum & Articles of Association are missing, it should be communicated and received from the merchant.
Certificate of incorporation
Certificate of incorporation represents a document that shows that the company was actually registered in the country, it provides legal name, date of incorporation and the registration number.
Date of incorporation provides information on how long the merchant is in the industry and what is their current business phase. When the applying merchant is a start-up, it is required to provide statement of personal bank account of the owner and proof that is capable of supporting the business. Banks have different policies and approach towards start-ups and requirements should be sent depending on the targeted acquiring bank(s).
Companies that are less than 2 years in business are considered to be a start-up and will have specific approach in this case.
When the company is incorporated by the parent company that is already in the industry for some time, it is not considered as a start-up.
Essential indicator of merchant’s business is processing history with current/previous acquirer(s), where we can have overview of the performance of e-store. Assessing processing history figures is a starting point, based on which analysis are made and it can give better perspective of level of risk of a merchant.
Important determinants of the processing history are:
Analyses are made for previous six months with breakdown of monthly sales, refunds, chargebacks and fraud transactions. It is mandatory to provide processing history in PDF/Excel format and a screenshot of the previous processor’s backend where the merchant’s name and web site is visible.
Sales transactions
Sales transactions represent all the successful transactions made by card holders for purchasing the goods/services from the merchant in card not present environment, via e-store. There should be detailed analysis of the sales, where sales per month and comparison of month-to-month dynamics in the performance are reviewed. In some cases, high fluctuations in the sales volume may indicate the high risk and have to be further evaluated to understand why fluctuations take place and how they affect the performance. Sometimes variable volume is related to merchant’s business model and strategies.
Actual average monthly sales volume from processing history should be compared to projected monthly processing volume declared by the Merchant and clarification are asked if there are differences.
Additionally, the average ticket size should be calculated (if not already provided in processing history) to know what is the average processed amount. Average ticket is calculated by dividing sales volume by the sales count.
With having both figures of sales volume and average ticket size, during a web site review, the prices of offered goods/services, traffic volume of visitors (Alexa.com) should be also taken into consideration with assessment of the feasibility if the merchant is capable of achieving projected sales volume and if the prices and processing history figures match. In cases that figures don’t match and projected volume is difficult to achieve it should be communicated to a merchant.
Refunds
Merchants may issue refunds (returns) to customers based on their return policies. Depending on the return policies, companies may allow consumers to return merchandise at any time for a full refund or wait until the merchandise is returned to a physical warehouse before issuing a refund.
Refunds represent return of the funds by the merchant, full or partial amount, to the customers, where customers have raised issue based on not receiving the goods/services or unsatisfactory with the quality, etc.
Regarding refunds, two different analysis are made: refunds volume ratio and refunds count ratio. Refunds volume ratio is calculated by dividing total amount of refunds with total amount of sales, while refunds count ratio is calculated by diving total number of refunds with total number of sales transactions. It is important to analyze the both ratios in order to have better perspective of the handling raised cases, from customers, by merchant.
High quantity of refunds and low quantity of chargebacks indicate that the merchant has good customer support service for handling complaints raised by card holders. For running a business smoothly it is important to have low number of chargebacks, so having a call center is essential in card-not-present payment industry for resolving open cases.
Acquiring banks have different policies towards refunds ratios depending on the industry, generally refunds ratios above 2% are perceived as risky merchants for boarding.
Chargebacks
A chargeback is the charge a credit card merchant pays to a customer after the customer successfully disputes a transaction on his credit card statement.
Customers dispute charges to their credit card usually when goods or services are not delivered within the specified time frame, goods received are damaged, or couldn’t’ resolve the open case with the merchant. Also in some cases, charges are disputed when the purchase was not authorized by the card holder. Card holder initiates a chargeback with the issuing bank (bank that issued a card to the customer), and merchant may dispute a chargeback by providing the supporting documents (shipping report, communication with the customer) that prove that the goods/service were provided in the stipulated time.
Regarding chargebacks, two different analysis are made: chargebacks volume ratio and chargebacks count ratio. Chargebacks volume ratio is calculated by dividing total amount of chargebacks by total amount of sales, while chargebacks count ratio is calculated by dividing the total number of chargebacks by total number of sales transactions. It is important to analyze the both ratios in order to have better perspective of the chargeback management by the merchant.
Acquiring banks have different policies towards chargeback ratios depending on the industry, generally chargebacks ratios above 1% are perceived as very risky merchants for boarding.
Fraud transactions
A fraudulent transaction is the one that is unauthorized by the credit card holder. Such transactions are categorized as lost, stolen, not received, issued on a fraudulent application, counterfeit, fraudulent processing of transactions, account takeover or other fraudulent conditions as defined by the card company or the member company.
Acquiring banks send TC40/SAFE reports from Visa and MasterCard with the list of the transactions that have triggered alerts in the fraud engine, for further investigation. The transaction list is sent to merchant and required documents to support to prove that the transaction is genuine.
Regarding fraudulent transactions, two different analysis are made: fraudulent transactions volume ratio and fraudulent transactions count ratio. Fraudulent transactions volume ratio is calculated by dividing total amount of fraudulent transactions with total amount of sales of previous month, while fraudulent transactions count ratio is calculated by diving total number of fraudulent transactions with total number of sales transactions of previous month. It is important to analyze the both ratios in order to have better perspective of the fraud management by the merchant.
Acquiring banks have different policies towards fraudulent transactions ratios depending on the industry, generally fraud transactions ratios above 1% are perceived as very risky merchants for boarding.
Bank documents are required to have insight into merchant’s bank account balance, cash flows, bank account information for settlements, etc. Bank documents complement processing history for gathering information about merchants’ financial management and the way of operating the business.
Bank account statements are required for the previous 12 months, where it is provided information about the inflows, outflows, opening balance and closing balance. Based on this information and the processing history we can have perception of sustainability of the merchant and financial health. Bank account balance and cash flow of the merchants have important impact in cases when merchants face excessive number of chargebacks and refunds, to analyze merchants’ liquidity and solvency.
Bank account information for settlements is required from the merchants for transferring net revenue funds to a merchants’ bank account. Bank account information to be provided in bank statements:
Apart from that to verify the settlement account (account where the merchant will receive processed payments), PAYMENTZ requires a cancelled check with the Merchant details.
Different industries have different legal risks. The legal environment of some markets is very complex. When receiving a merchant application, it should be evaluated the legal risk of the market(s) connected to that merchant and take that risk into consideration in the assessment of the merchant application. Where applicable/possible the merchant must provide a valid and appropriate license that shows that the merchant is allowed to operate in that particular market.
Generally, for the following industries license is required:
Each license should be double checked with the authority (the validity of the license) that has issued that license, in most of the cases it can be verified online.
Also, license may be valid in one region and not to be accepted in some others, so traffic should be monitored and controlled to avoid any legal implications.
When a company is engaged in gambling, derivatives trading the license is a must, as these industries are heavily regulated. In case we doubt that company is somehow engaged in similar activities, but does not have a license, we need to always ask for a legal opinion, which will explain the business model and whether or not such activity requires licensing.
Legal opinion is a written statement by a court, judicial officer, or legal expert as to the legality (or illegality) of an action, condition, or intent.
Know your customer (KYC) documents are required in order to obtain the information about directors of the company and ultimate beneficial owner(s), persons that are managing and funding the company.
The documents that are required from the merchant are:
The full list of documents, which can be provided for identity and address proof is displayed in the Annexure 1.
The information from the submitted documents should be compared with the information from a company register and other online sources in the country where the company is registered, to verify names/addresses of the registered people and validity of the submitted KYC.
In cases when the company is funded more than 10% by some other legal entity, it should be requested KYC documents of each director/UBO in that entity. If it is more complex organization structure, it is required organogram of the whole group and KYC of each director/UBO in the chain towards UBO(s).
Nominee/trustee shareholder is a registered owner of shares held for the benefit of another person (the beneficial owner). The beneficial owner may choose to appoint a nominee because it does not wish to have the shares registered in its name, or it may be required to appoint a nominee. A nominee/trustee shareholder is often appointed to protect the identity of the beneficiary owner for commercial or personal reasons. There are many reasons a shareholder may want to keep his or her details and details of their investments private.
However, PAYMENTZ always has to identify and verify who is the ultimate beneficial owner, in this case, the officer should always ask for a trust declaration or a nominee services agreement, where it is stated under whose name position of Ultimate beneficial ownership is taken by nominee/trustee UBO.
In cases when an organization is appointed as nominee/trustee, the officer has to identify UBO of this organization and treat this individual as nominee UBO.
Director of the company always has to be identified and verified. Information about who is the company’s Director usually is stated in an extract from the company’s register. All individuals` with specific position (Managing director, CEO, President, Executive, Chairman) should be identified and verified and copies of ID documents and address proof documents have to be collected.
The following information must be obtained about Directors:
A PEP are individuals who are or have been entrusted with prominent public functions by a foreign country, including the Heads of States/Governments, senior politicians, senior government or judicial or military officers, senior executives of state-owned corporations and important political party officials. Members of the immediate family (including spouse or common-law partner, mother or father, or child and their spouses), or a close cooperation partner, of individual, are also treated as PEPs.
Due to her/his position and influence a PEP is considered to hold a position that constitutes a risk of being exploited for, among other things, bribery and corruption.
In cases when there are PEP’s in the company’s structure detected, PEP self-declaration should be sent to a customer and the consent sought from the Management Board to start relationship with the Merchant.
All Customers owned or controlled (UBO) directly or indirectly by a PEP shall be regarded as High-risk customers and therefore be subject to Enhanced Due Diligence
Where a PEP is no longer entrusted with a prominent public function PAYMENTZ must continue to treat the customer as a PEP for 12 months, thereafter a risk assessment must be carried out, before discounting the individual for not being a PEP.
What should be screened on website:
Beside all the compliance check, the traffic volume of the merchant`s website visitors should be reviewed using industry standard tools. Traffic volume of visitors should be coherent with information about the projected sales volume provided in MAF and the web site should be registered on the company name.
In a case that Whois information is not publicly disclosed, confirmation of domain ownership by the company is required (screenshot from domain registrar is sufficient). Website’s traffic should be analyzed, the origin of the traffic and pattern.
For quality assessment access to company`s URL(s) for review is mandatory (if the URL is not yet live then company needs to provide log-in details for beta/test version).
8.1. Payment Methods – Logos
It is required that merchants' web sites have up-to-date visible logos of the payment methods that they accept for processing their purchases. In most cases, logos are displayed in the footer of the web site as it is mandatory by the card schemes. The acquiring banks closely watch if the websites are continuously monitored by their merchants to ensure compliance.
8.2. Complete Description of Products/Services
In order to have a direct communication and clear expectations, it is required that merchants on the web sites provide detailed description of their products/services. With transparent presentations to the card holders, chances for chargebacks and refunds are lower. There can be some products which causes allergies and different side effects, following products should have ingredients list and how to use description on the web site:
Specific information requirements apply when customer buy digital content online, e.g. when downloading or streaming music or video. Before customer make the purchase, merchant has to inform how the content operates with relevant hardware/software (interoperability) and about its functionalities, including whether any geographical restrictions apply to the use of the content and if private copies are allowed.
Merchant is required to provide clear, correct and understandable information about the products/services.
It should be reviewed the products’ presentation and description, that is presented in clear and understandable way for the customers.
Picture that presents the products should be of high resolution.
8.3. Refund and return policy
On the merchants’ web sites, refund and return policy is required to be displayed to clearly inform cardholders about their rights, responsibilities and further implications. Merchant must repair, replace, reduce the price or give customer a refund if goods customer bought turn out to be faulty or do not look or work as advertised. A customer also has the right to cancel and return your order within 14 days, for any reason and with no justification. During the web site review, refund & return policy should be analyzed in order to evaluate the refund process. It is mandatory that merchants have refund/return options for the customers.
8.4. Merchant contact information
Merchant has to provide on the web site contact information to the customers, so they can contact the merchant before/after the purchase for any complains/additional information. Merchants are obliged to provide the following information:
Merchants who provide after-sales telephone lines for consumers must make sure that such calls are charged at the basic rate. It is forbidden for merchants to require consumers to use, for example, premium-rate telephone lines to make enquiries or complaints about their purchase or contract.
The telephone number of the customer support has to be verified by dialing it, during the call it should be checked if the automated machine or representatives clearly state the merchant’s name. It is necessary that merchant information is compared with the information from the company register to verify the data provided to customers. Email address has to be verified by sending a message and receiving the response from the merchant.
8.5. Purchasing process
While placing an order, it is required that all the necessary information regarding payment is provided to the customer, before making a transaction.
Merchant is obliged to provide following information:
Customers must give consent to the merchant`s Terms and Conditions and Privacy Policy and to any additional payment requested by the merchant, for example express delivery, gift wrapping or travel insurance.
If a merchant wishes to surcharge customer for using a specific means of payment, then the fee cannot be higher than what it actually costs merchant to process that payment.
Once customer have made a purchase, written confirmation of transaction has to be received. The confirmation must be on paper or on another durable medium such as e-mail, fax or a message to customer’s personal account on the merchant's website.
It is necessary to make a purchase during the web site review with the test card data, to clarify the purchasing process and to confirm that the merchant is providing genuine products. Also, it is required to compare the prices from the merchant web site with the market prices to exclude significant deviation between them it shouldn’t be significant deviation.
8.6. Shipping and delivery policy
After ordering of products/services, it should be standardized process of delivering customers’ purchases, and presented in transparent way.
The merchant should deliver goods/services within the period specified on the merchant’s web site.
A customer must always be clearly informed of the total price for a purchase, including delivery and other related costs, different prices for delivering items to different states can be justified. The merchant is responsible for any damage to the goods from the time of dispatch until customer receives them.
If the merchant does not deliver within the deadline a customer is entitled to terminate the purchase and be reimbursed as soon as possible.
If there are any delivery restrictions they clearly should be stated in the policy so customers can be well aware before the purchase. Providing this information would reduce the number of refunds/chargebacks from the transactions that are coming from restricted countries.
During the web site review, shipping & delivery policy should be analyzed in order to evaluate the shipping process of a merchant. It is mandatory that this policy is presented on the web site of a merchant.
8.7. Data protection (Privacy) policy
PAYMENTZ has to undertake comprehensive security assessment of the merchant along with strict check if Payment Card Industry-Data Security Standard (PCI-DSS) and Payment Application-Data Security Standard (PA-DSS) are followed by merchants on-boarded.
If merchants intend to store customers` card data, this should be clearly stated on the web site in Privacy policy or Terms & Conditions to make consumers aware before providing this information. In this case the merchant is obliged to provide relevant PCI-DSS compliance certificate (issued annually upon audit by the authorized entity) and security assessment reports.
In other cases Merchant site shall not save customer card and such related data. A security audit of the merchant may be carried out to check compliance to PA-DSS standards, as and when required.
RBI instructs merchants to protect this data and obtain the consent of any individual before sharing this information with third parties (except authorities).
It is mandatory that data protection policy is presented on web sites of the merchants. During the web site check, the policy should be analyzed in order to evaluate the way of handling personal and card data by the merchant.
During onboarding, PAYMENTZ shall sign the agreement with a merchant including provision for security / privacy of customer data, compliance to PA-DSS standards and incident reporting obligations. PAYMENTZ will obtain periodic security assessment reports either based on the risk assessment (large or small merchants) and / or at the time of renewal of contracts.
8.8. Billing descriptor
Merchants should provide information to the customers regarding billing descriptor, to make sure that customers know in advance what will be shown on their card bank statements as description of the transactions.
Usually billing descriptor of the web site is web site address and customer support number, so card holder can contact the merchant and clarify the transaction if needed. During the web site check, it should be reviewed what is the billing descriptor of the web site and compare the number with the customer support number provided in contacts, in case of difference of number from descriptor, the other number should be contacted to verify it.
8.9. Customers’ agreement
Before successfully placing an order, customers have to agree with Terms & Conditions, Data protection (Privacy) policy of the web site. Usually this is done in the form of checkbox that states “I confirm with Terms & Conditions”.
During the web site review, it should be checked if there is statement with checkbox that a customer is agreeing with the Term & Conditions and if there is if the field is mandatory to complete the purchase. A purchase should be possible only if a customer agrees with the terms of the web site and its policies
For having a better overview and risk assessment of a merchant and to determine if any given company or any individuals are related to Money Laundering, Terror Financing, Tax Avoidance or have malafide intention of duping customers, sell fake / counterfeit/ prohibited products, etc. or other criminal and or illegal activity, a merchant should be also screened by third party vendors. If application fulfills minimum criteria of PAYMENTZ for being approved, before proceeding with boarding process with a bank, services of security & investigation companies are used.
Currently companies that PAYMENTZ uses for screening of the merchants are:
Additionally to sanction screening compliance officer has to conduct adverse media screening via open sources. The indicators that have to be screened via Google search:
The following factors should be considered for all search results when assessing the credibility and relevance of adverse media identified:
The compliance officer should use the following structure of risk assessment:
For merchants that pose a high risk, additional due diligence, referred to as Enhanced Due Diligence (EDD), must be performed.
EDD must be performed for all high-risk customers.
The essence of the EDD is comprehensive analysis and mitigation of the risk triggers or factors making the merchant subject to EDD.
If the entity is subjected to EDD process additional requirements has to be followed:
During the due diligence process and Risk evaluation, PAYMENTZ communicates with a merchant to receive all pending documents and clarifications or if something needs to be changed regarding documentation/web site by emails and phone calls.
Based on the business model of the merchant, documents and the web site compliance, risk assessment is performed and if the risk level and the model of the merchant is acceptable, the next step is boarding process with PAYMENTZ. In case that a merchant is not acceptable, it should be communicated by e-mail with a concrete reason to the merchant.
Prior to activation of the account the merchant has to:
After the final go-ahead is received from the Compliance Team, the Technical Support Team gets the account activated and the Payment Gateway Integration Kit is sent to the merchant in an auto generated Activation Mail.
Merchant can now integrate with PAYMENT and start processing transactions upon successful integration.
PAYMENTZ System is updated with the Merchant Information and Bank Details, while the business rules are implemented.
Further based on the Risk Profile of the merchants ('High Risk', 'Medium Risk' and 'Low Risk'), merchants and their activities are monitored accordingly.
Annexure 1
Customer Identification Documents and requirements
Identity documents
Type | Documents |
---|---|
Individuals |
a) Passport. b) PAN Card. c) Voter's Identity Card. d) Driving License. e) Identity card (subject to the Company's satisfaction). f) Aadhar Card. g) Letter from a recognized public authority or public servant verifying the identity and residence of the Customer to the satisfaction of PAYMENTS. |
Public Limited/Private Limited |
a) Certificate of incorporation and Memorandum & Articles of Association. b) Board Resolution. c) List of Directors details from MCA details. d) Company PAN Card. e) KYC documents of shareholders/directors. |
Partnership firms |
a) Registration certificate, if registered. b) Partnership deed. c) Power of attorney granted to a partner or an employee of the firm to transact business on its behalf. d) PAN card. e) KYC of the partners and the persons holding the Power of attorney |
Sole Proprietor |
a) Registration certificate (in case of registered concern) b) Certificate/license issued by the Municipal authorities under Shop and Establishment Act c) Sales and Income tax returns d) CST/VAT registration certificate e) Certificate/Registration document issued under GST/Professional Tax Authorities |
Others (Government, NGO, Education, Society) |
a) Memorandum of Understanding/Certificate of registration (for registered Trust only) b) Trust deed/Society deed/Government Certificate c) List of trustees/ members/ authorized signatory certified d) PAN Card e) Trust resolution |
Address proof
Individuals: |
a) Telephone bill b) Bank Account Statement c) Letter from any recognized public authority d) Electricity bill e) Letter from employer (subject to the Company’s satisfaction). |
Company/Firm: |
a) Electricity bill (own property) b) Rent agreement and electricity bill (rented property) c) Bank statement or passbook |
Account proof (settlement)
Cancelled check |
Financial proof
a) Bank statement for last 12 months with bank seal and logo b) Audited Balance sheet with P&L Account statements for last 2 years |
Notes:
- All the documents for individuals have to be self-attested.
- For Sole Proprietor all the products planned to be sold online have to be mentioned in the Registration Certificate.
- Documents for Public Limited/Private Limited Companies have to be certified, duly signed and stamped by a Company Secretary or a Director. MOA has to contain all the products and services planned to be sold. Board resolution has to be signed by minimum two directors/company secretary.
- Partnership Deed has to contain the names of all partners and sharing details. All the products planned to be sold online have to be mentioned in the Partnership Deed.
- If any of the above documents are in any language other than English, it must be translated into English along with a certificate from a translator / notary public.