PCI, KYC, and AML: Demystifying the Regulatory Terms

This article was written by one of our amazing contributors! Content may include promotional links.

Doing business online comes with plenty of challenges – one of them being how to deal with the numerous regulations put in place by different authorities. This is especially true if you get paid online, whether through gateways such as PayPal, direct transfer through banks, or via credit/debit cards.

To protect consumers, various authorities have put in place stringent measures that businesses have to comply with. And, just as with other regulations, the moment you fail to comply, you’re putting your business on the line. The problem is – most small business owners aren’t quite familiar with some of these regulations, which can sometimes result in innocent noncompliance.

So, to help you steer clear of trouble, today, we want to introduce you to three of the most important regulations that you need to deal with to safeguard your business.

1. Payment Card Industry (PCI)

Better known as PCI DSS (Data Security Standard), PCI refers to a set of security standards designed to ensure that ALL businesses and organizations that accept, process, store, or transmit credit card information maintain a secure environment. The standards were launched in 2006 and are managed by the five major credit card companies; Visa, MasterCard, American Express, Discover, and JCB.

For purposes of convenience, the standard has established four compliance “levels” based on transaction volume, with small businesses mostly falling into level 4. You can find out more about your responsibilities as a level 4 business from the PCI DSS website. The most important thing to know is that failure to cooperate may result in fines, card replacement costs, costly forensic audits, and brand damage in the event of a breach.

2. Know Your Customer (KYC)

To further protect consumers from the rampant data breaches and cyber attacks in general, all businesses are required to identify their customers by complying with the Know Your Customer (KYC) regulations.

There are three simple steps in complying with KYC. Step one is customer identification through the Customer Identification Program (CIP). CIP mandates that any individual conducting financial transactions online needs to verify their identity. Step two usually involves customer due diligence. There are three levels of due diligence; Simplified Due Diligence (SDD), basic Customer Due Diligence (CDD), and Enhanced Due Diligence (EDD). You need all the three to be safe. Finally, step three is all about ongoing monitoring. Again, failure to comply with KYC regulations can result in fines and sanctions.

3. Anti Money Laundering (AML)

With lots of “dirty” money being circulated online, authorities, including financial institutions and national governments, have also put in place Anti Money Laundering (AML) regulations that all business, irrespective of size, need to adhere to.

At the most basic, you’re required to have a program designed to help in the detection and reporting of malicious activity. So, obviously, you’ll be required to have a risk-based customer identification program to help you verify the identity of your customers. Be warned that AML regulations are very serious and can even lead to lawsuits and detention.

The great news is that with services like Jumio’s NetVerify you can quickly get your businesses verified and never have to worry about these compliance regulations.

Leave a Reply

Your email address will not be published. Required fields are marked *