Stripe Identity Verification

As part of their commitment to meet legislation that is imposed on payment providers by federal financial regulatory authorities, Stripe follows strict protocols and has implemented algorithms to comply with legal requirements. This topic collects relevant information from the Stripe documentation and explains these protocols and algorithms in detail.

Legislation Requirements

Every country has its own requirements when it comes to paying out funds to individuals and companies. These are typically known as “Know Your Customer” (KYC) regulations.

Regardless of the country, the broad requirements are:

• Collecting information about the individual or company receiving funds
• Verifying the information is accurate

Instead of requesting all possible information from everyone, to optimize user experience, ideally you should only request the information required by the capabilities that are assigned to the connected account (in the case of a marketplace, sub accounts of members linked to the marketplace Stripe account). Information requirements for a given capability for each connected account can vary depending on factors such as business type, country, and activity.

Identity Verification

Verification requirements vary depending on:

• The country where the connected account is located.
• The capabilities the account has (only applicable to connected accounts in the U.S.).
• Whether the business entity is a company or an individual.

Typically, there are two sets of information that need to be collected and verified. The first set enables charges and the second set enables payouts. For example, to enable charges for a company in the U.S., you might need to collect:

• Information about the business (e.g., name, address)
• Information about the person opening the Stripe connected account (e.g., name, date of birth)
• Beneficial owner information (e.g., name, personal address)

Thresholds

The second set of information (typically required for connected accounts in the U.S.) enables payouts and needs to be collected after certain thresholds are reached. These thresholds vary, but they often have a processing element and a time element. For example, after 30 days from the first charge, or after $1,500 (USD) in charges are created (whichever comes first), Stripe requests this second set of information. Using the previous example, this additional information might include:

• The last four digits of an owner’s social security number (SSN)
• A scan of an ID document

Requirements by country

For a detailed description of requirements by country for individuals, companies, LLCs, sole proprietorships, and partnerships visit Required Verification Information.

Algorithms

Stripe has implemented different algorithms (just like eBay and other commerce enabled marketplaces) to assess risk and require action by users selectively.

1. Example steps of risk assessment and verification for a marketplace:
   Each member/merchant is assessed separately/individually by Stripe risk assessment algorithms.

2. The marketplace as a whole is assessed by Stripe risk assessment algorithms.

3. Dynamically, as triggered by Stripe algorithms, they might request additional information from certain members/accounts; like an ID document, date of birth, or the last four digits of the SSN.

   Note

   If the Stripe algorithms still assess the person is a high risk, then the Stripe gateway might request the full SSN.

4. Stripe provides API web hooks where such requests will be made on users dynamically as assessed; you can configure your marketplace to automatically request the information from that User. Once the data is submitted through the form, it is pushed back to Stripe where it is recorded securely, thus meeting Stripe’s risk mitigation requirements.

Resources

• Stripe — Know Your Customer (KYC)
• Stripe — Identity Verification
• Stripe — Required Verification Information
• Stripe — Capabilities Overview

Related topics

• Integrating Stripe
• Processing Payments with GraphQL Mutations