KYC, or Know Your Customer, is a set of identity verification and due diligence procedures used by financial institutions and regulated businesses to understand their customers. KYC helps companies verify customer identity, assess risk, and prevent fraud, money laundering, terrorist financing, and other financial crime.
In payments, KYC is part of onboarding and risk management. It helps banks, PSPs, payment facilitators, crypto platforms, marketplaces, and other regulated businesses decide whether a customer or merchant can use their services safely.
KYC verification is the process of collecting and checking customer information before or during onboarding. The goal is to confirm that the customer is real, that their identity details are accurate, and that their risk level is acceptable to the business.
Depending on the business type, region, and risk profile, KYC checks may include:
For businesses, KYC may also include KYB (Know Your Business) checks. KYB verifies a company's legal status, ownership structure, directors, authorised representatives, and business activity.
KYC does not end after onboarding. Many regulated businesses also perform ongoing monitoring to detect unusual behaviour, suspicious transactions, or changes in customer risk. For example, a system may flag activity that does not match a customer’s expected transaction pattern, geography, volume, or business model.
KYC usually begins when a customer opens an account or applies for a financial service. At this stage, the company collects basic information, such as the customer’s name, date of birth, address, identity document, and sometimes a photo or biometric data. For business customers, the process may also include company registration details, ownership structure, and information about authorised representatives.
The collected data is then checked to confirm that the customer is real and that the information they provided is accurate. This can be done through internal compliance teams, automated KYC software, identity verification providers, official databases, sanctions lists, and other trusted data sources.
KYC software helps companies manage this process more efficiently. It can verify documents, compare customer data with external databases, flag mismatches, identify high-risk customers, and reduce the risk of manual errors. If the initial customer data is inaccurate or fraudulent, later Anti-Money Laundering (AML) checks and transaction monitoring become less reliable.
KYC does not end after the first verification. Many financial institutions and regulated businesses continue to monitor customer activity over time. If a customer's behaviour changes, transaction volumes increase unexpectedly, or activity no longer matches their expected profile, the company may request additional checks or review the account more closely.
Clear KYC processes protect both the business and its customers. They help reduce fake accounts, fraud, regulatory breaches, and the misuse of payment services.
KYC and AML are closely related, but they are not the same. KYC is the process of verifying who the customer is and assessing their risk. AML, or Anti-Money Laundering, is a broader compliance framework designed to detect and prevent money laundering, terrorist financing, and other financial crime.
In simple terms, KYC is one part of an AML programme. KYC helps businesses understand their customers, while AML uses that information, along with monitoring, reporting, policies, and controls, to manage financial crime risk.
KYC compliance procedures vary by business. The main stages of the process lie in data collection and verification. It also includes due diligence and ongoing user monitoring.
1. Customer Identification Program (CIP).
Customer identification is the process of collecting and verifying basic customer information. For individuals, this may include name, date of birth, address, identity document, and photo verification. For businesses, it may include company registration details, ownership information, directors, and authorised representatives.
This stage helps companies confirm that the customer exists and reduce the risk of fake accounts, identity theft, and fraudulent onboarding.
2. Customer Due Diligence (CDD).
Customer Due Diligence means assessing the customer’s risk profile. This may include checking the source of funds, business activity, expected transaction behaviour, geography, sanctions exposure, and ownership structure.
Low-risk customers may only need standard checks. Higher-risk customers may require Enhanced Due Diligence (EDD), which involves deeper verification and closer review.
3. Ongoing monitoring.
Businesses need to keep customer information up to date and monitor activity for suspicious behaviour. Ongoing monitoring can help detect unusual transaction volumes, unexpected geographies, sanctions risks, changes in business activity, or behaviour that does not match the customer’s expected profile.
Ensuring effective KYC procedures are in place at account opening helps deter money launderers and other financial criminals from using your services. The customer information obtained during onboarding also improves the monitoring process by providing insight into the account and the expected use of funds.
KYC is essential for payment businesses because payment services can be misused for fraud, money laundering, sanctions evasion, and other financial crimes. Banks, PSPs, payment facilitators, marketplaces, and crypto platforms use KYC to assess who they onboard and the risk they pose.
For merchants, KYC affects how quickly they can open an account, access payment methods, increase limits, and expand into new markets. For PSPs and payment businesses, strong KYC processes support safer onboarding, cleaner merchant portfolios, and more reliable relationships with acquirers and regulators.
