What are Know Your Customer Requirements [KYC]
All similar software must also comply with the Bank Secrecy Act/Anti-money Laundering Act, the Bank Securities Act, as well as U.S. Software Export Laws.
This is one reason it is illegal to offer check drafting software for sale by download only, in the United States, or for sale at a retail store where identity cannot be confirmed or monitored. If you see websites that offer check drafting software for download, or without proper KYC screening, beware. If they don’t follow the most basic regulations, they likely won’t be very respectful of your customer’s data, and there is a high likelihood that that “company” will eventually be shut down.
According to the provisions of the USA Patriot Act, the stipulations of the Customer Identification Program (CIP) and the requirements for a Bank Secrecy Act/Anti-money Laundering Compliance Program, software that facilitates payment cannot be made available for download unless the physical address and/or identity of the recipient is identified and verified.31 CFR 103.121 – Federal regulations requiring the CIP.
In addition, no company may ‘export’ financial software to certain countries listed on the Commerce Control List, which currently includes Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria. The location and user identity of a download cannot be reasonably determined during an online transaction to comply with this export regulation. All software classified as “payment software” must ship to a physical address to comply with export regulations.
Due Diligence is required as cited in the US Securities Act to determine that the end user is not an individual that is likely to commit fraud, launder money, or fund terrorism.
The Federal Trade Commission (FTC) recently prosecuted Versa Check Brand, owner of Q-Chex Brand software for their use of easy to download payment processing software.
A federal judge ordered “Q-Chex” to cease its current method of online payment processing, which U.S. regulators said facilitated fraud. U.S. District Court for the Southern District of California, alleged that the company’s practices violate federal law and successfully obtained an injunction to stop such practices.
Before you buy, you may want to type in the name of the software or publisher into the Better Business Bureau website at http://bbb.org.
The BBB will list any complaints about the company, current and pending government actions, and other facts about how long the company has been in business, and what other services it provides.
Don’t get scammed by fly-by-night garage programmers, software pirates operating from a PO BOX, bootlegs, or any check by phone software that is offered for download or at ‘Half Price Outlets’.
Legitimate merchant software will require your business be validated, and at the very least, the vendor must know the customer or reasonably investigate the customer.
You may also find, check by phone software offered for download, does not comply with other regulations like EPC-6 for NO SIGNATURE REQUIRED checks and PCI / DSS compliance. Even if it is not malware, the software may be too old for your items to process through the modern banking system.
If banks need to process your deposits manually, it won’t be long before they flag, and then audit your business bank account. Once this happens, your bank will either send an urgent letter of compliance, and give the account holder 30 days to comply with modern check printing regulations, or they will simply lock the account and return your prior deposits unpaid, or reversed as counterfeit.
Bottom Line for CheckWriter™ Cloud Users:
– New customers are required to complete a 1 page form to help ensure the platform is not mis-used.
– The KYC form requires a valid U.S. business and a PERSONAL RESPONSIBLE PARTY who is in the U.S. and has valid photo ID and a valid SSN.
– All accounts bill monthly to a major U.S. credit or debit card drawn on a U.S. bank that clears AVS or address verification service to validate the account repeatedly.
Main reasons Check By Phone companies or processors are shut down:
1. Patent infringement
– Some of the technology behind checks by phone software is patented technology.
If your software or service provider has not investigated the patented technology behind some of the basic functionality, years may go by without this being discovered. Once the patent owners discover the infringement(s) they file action against the company to enforce their patents, and demand royalties that include transaction charges for every transaction that company’s customers have done over the life of the product.
In some cases, depending on how the end user (customer) utilizes the software, (for business use) the patent owner can pursue the end user and demand royalties for use of the technology.
2. Data breach
– Some software or platforms are outdated technology and hackers are waiting for the data.
While not required by law, most insurance companies consider not using PCI / DSS compliant software to store customer data is gross negligence and will not cover data breach claims in these circumstances. Data breach claims that are paid do not cover fines paid to the government.
Hackers know all of the loopholes and they are just waiting to exploit them. Not having the most up to date technology can put your customers and your business at serious risk.
3. Federal Trade Commission Action
– Some companies are so bad, the FTC has to step in and shut them down.
Some companies will sell similar software without proper KYC and AML guidelines, and with disregard to U.S. software export laws. This enables such companies to sell considerably more software, because they are illegally waiving the requirements. Because the government is slow to move, these companies are often investigated for a year or more before they are issued written warnings.
In some cases, selling to high volume money laundering operations, terrorist groups, prohibited foreign entities, known fraudsters and the like becomes profitable enough that the Federal Trade Commissions warnings are ignored. These companies are then sanctioned or shut down, leaving users without support and wondering about their data security.
4. Outdated technology (not focus product)
– Some products have never been updated
If you are doing random searching online for “Checks By Phone Software” and you get 20 choices, some of them will be many years old. These products may still be offered, but often don’t actually produce checks that work in the modern banking system. Items that are Check21 and EPC-6 compliant are required by your bank and your customer’s bank.
These types of solutions often mean the bank may need to manually process the items, or they may not work with smartphone or desktop deposit. It also means even newer regulations down the line won’t be updated either.
Here are a few better known brands, once considered legitimate by hundreds, and some thousands of un-knowing business users, but then wound up sanctioned, sued for patent infringement, shut down for AML violations, or simply disappeared.