Marketplaces and e-commerce companies have to abide by several different laws to protect their buyers and sellers — but figuring out which ones apply can be confusing.
When it comes to anti-money laundering (AML) laws specifically, what are your marketplace’s exact responsibilities? At Persona, we often hear this question from customers. So we’ve written this post to explain.
Keep reading to learn what your payment processor does, who’s on the hook for AML, and which anti-fraud measures you should be incorporating in your marketplace.
Are marketplaces responsible for AML laws?
The short answer: No, marketplaces aren’t responsible for complying with AML laws. The payment processor you partner with is responsible for complying with AML laws, since they’re the one who handles the financial transactions.
However, that doesn’t mean your marketplace is completely off the hook. You may not be held accountable for stopping AML fraud, but it’s still in your best interest to implement safeguards and systems that help prevent all types of fraud.
Before we list those safeguards, though, let’s explore what exactly a payment processor does — and why they need to follow AML laws.
Why payment processors need to follow AML regulations
Payment processors are third-party service providers that let companies accept electronic payments without needing a direct merchant account. Processors like Stripe, PayPal, and Square handle payments directly for merchants, transferring a customer’s card data to the participating financial institutions.
Payment processors also check that customer bank accounts have enough money to complete the transaction, and they protect customers’ personal information so no one can access it.
There are two reasons why payment processors need to abide by AML laws:
- Compliance: Some jurisdictions call out payment processors within their anti-fraud regulations. The European Union's Payment Services Directive, for example, considers payment services to be regulated institutions, and requires them to abide by certain rules.
- Fraud prevention: Even when they don’t have to abide by specific laws in their jurisdiction, payment processors still need robust AML and due diligence programs to satisfy their banking partners, obtain Money Transmitter Licenses, and prevent fraud.
To comply with AML laws, payment processors typically have comprehensive Know Your Customer (KYC) and Know Your Businesses (KYB)processes where they vet and verify the marketplaces they work with.
Most payment processors don’t require marketplaces to KYC their own buyers or users; the exception, however, is with a high-risk industry like pre-paid gift cards, cryptocurrency, and gambling. In those cases, many payment processors would require merchants to verify their customers.
Want a full breakdown of AML legislation? Here’s the Anti-Money Laundering Act of 2020 explained.
Does that mean your marketplace doesn’t have to do verification or fraud prevention?
Not at all. As a marketplace, you want to stay fraud-free to protect your bottom line and support your payment processor in doing their job. After all, there are a handful of situations that hurt both you and your payment processor.
High chargeback rates, for example, don’t just result in significant financial losses — they also increase your risk of fraud, since some customers use chargebacks to score free products or services. Other fraud indicators on the transaction level include:
- International sales: A high volume of international sales means a greater risk of fraud.
- High-ticket sales: Transactions over $100 often come with more frequent chargebacks.
- Subscription services: Recurring payments are more susceptible to chargebacks and fraud.
If your chargeback rates or fraud levels are too high, payment processors might classify you as a high-risk merchant — and start imposing stricter rules. They might ask you to do additional identity verifications on users, for example, or prevent you from processing payments once you’ve hit a certain sales volume.
If you don’t comply with a payment processor’s rules, you could get hit with higher fees or have your account suspended.
Which fraud prevention measures should you have in place?
There are plenty of practical tools you can use to prevent — or at least mitigate — fraud in your marketplace. Here are some common fraud prevention tools payment processors either encourage or require:
Identity verification on the seller side
Having an identity verification (IDV) process on the seller side helps you comply with the US’s INFORM Consumers Act and the EU’s DAC7 directive. DAC7 requires any digital platform that hosts EU-resident sellers to collect and report personal and business information on sellers and their income.
INFORM requires you to do three things:
- Collect and verify key information (contact information, bank details, tax identification number) for high-volume sellers who earn at least $5,000 in gross revenues or complete at least 200 transactions over the course of a year.
- Give consumers a way to report suspicious market activity.
- Require sellers to disclose their name, contact information, and physical address to consumers if they earn at least $20,000 in revenue over the course of a year.
For guidance implementing IDV, check out Persona’s advice here.
KYC strategy
It’s a good idea to consider whether or not you could benefit from a KYC process. Implementing a KYC strategy can help you verify your users’ identities and stop fraud, especially at high-risk points in the buying/selling journey (like issuing refunds or selling gift cards). KYC and other identity-based checkpoints tend to be particularly good at stopping fraud because they happen before the transaction occurs, so they tend to weed out bad actors earlier in the process.
Explore our guide to building an effective KYC program.
Address Verification System
An address verification system (AVS) helps with digital debit and credit card transactions. When a merchant processes a transaction without using the physical card — called a card-not-present (CNP) transaction — the AVS can check whether the order’s billing address or zip code matches the address and zip code the issuer has on file.
Card Verification Value checks
You can require customers to input their card’s card verification value (CVV) during transactions, then check the number against the card issuer’s stored information to ensure it’s legitimate.
3D Secure (#DS)
3D Secure (3DS) — verified by Visa and MasterCard — requires customers to verify their identity before their payment is processed. You can use 3DS to direct customers to a verification page on their bank’s website where they input a password or code sent to their phone.
Two-factor authentication (2FA)
Two-factor authentication (2FA) is when you require a customer to verify their identity by inputting a code sent to their email address or phone before they log into their account on your marketplace.
Continuous monitoring
Continuous transaction monitoring makes it easier to flag suspicious or risky behavior, and to escalate the situation when necessary by asking for additional verifications or extra information.
The bottom line
Payment processors face greater compliance requirements for preventing money laundering, due to the fact that they’re directly involved in financial transactions. Marketplaces, on the other hand, are less regulated than payment processors, which means they tend to have fewer compliance requirements.
However, marketplaces still need a slew of tools and systems to protect themselves from fraud and comply with their payment processor’s particular rules.
One helpful tool to start with is Persona’s Dynamic Flow, which lets you add verification flows anywhere in the customer jouney of buyers and sellers on your marketplace buyer or seller — and give customers a seamless experience.
Want more information? Reach out to ask questions or set up a demo anytime.