Onboarding Crypto Merchants
Documents required for crypto merchants and related Business Models
The following is a list of documents required for crypto merchants (MCC 6051 - exchanges, wallet providers) and for merchants engaged in crypto options, forex trading, and investment brokers (MCC 6211). All files must be uploaded to the application (under the relevant sections) and named properly so the title reflects the actual content (files with random names such as. “scan1” or “picture3” are not accepted). Please also pay attention to the section regarding website/platform requirements. In case the reader has any questions related to this guide, please contact Payrexx’ partner/sales team via email or other relevant channels.
● AOA + Incorporation certificate
● List of shareholders
● List of all UBOs
● List of director(s)
● Ownership structure
● Trust agreement (if applicable)
This type of documents are required for all companies in the ownership structure. An example: Company A is owned by company B and C. Company C is owned by company D. In this case we need a documentation package for companies B, C, and D as well as A.
Documents cannot be older than 3 months and all documents must be in English.
If a merchant is located in a virtual office or at a formation agent/office hotel* please provide the following:
● The rental agreement for the office
● Proof and list of staff/employees on the premises
● List of other addresses where the daily operation is handled (risk, support, finance, etc.)
*This is often the case, where the UBO/shareholders are not located in the country, where the company is registered. Having a single employee (e.g. a “dummy” manager or agent) representing a company does not cover the merchant location rules set forth by the card schemes.
● EU Crypto license (if applicable)
○ Registration in relevant countries (if required by the local law of the cardholder country)
● EMI license if applicable (in case of fiat is not immediately converted into crypto)
● If merchant supports Cryptocurrency Options such as Spot And Derivatives Trading or in other ways is offering investment services the merchant must provide a license for such activities (if applicable)
○ Registration in relevant countries (if required by the local law of the cardholder country)
If the regulators in a merchant country require a license for operating within the crypto branch, this applies. If there is no requirement for a specific license, the merchant still needs to be registered in terms of AML/CFT and be able to document this registration. In many cardholder countries, the local laws require foreign crypto exchanges to register. All local laws must be followed and documentation hereof provided.
Legal Opinions (LO) (from Web Shield if it is a crypto exchange or a wallet provider) confirming the legal status of the service in both merchant and customer country. If the merchant is related to options trading or investments, the LO must be from a reputable law firm in the specific countries (cardholder countries) since Web Shield does not provide LO for such branches.
● One LO for each country incl. merchant country if no license is provided ○ Issued by Web Shield (crypto exchange/wallet merchants), OR ○ Issued by a reputable law firm in each country (only applicable for crypto options trading, forex brokers, investment companies, since this type of business model is not covered by LOs from Web Shield)
● Must be addressed directly to Clearhaus
● Demonstrate the laws applicable to merchant and customer
● Must be updated regularly minimum 1 time per year or more depending on when the regulations change.
All transactions must be legal in both the merchant and the cardholder’s country. This means the merchant must make sure they do not offer their service from or in countries that do not allow such transactions or business types.
Please provide a full list of target countries. Only countries where the merchant has provided a LO and where the merchant meet legal requirements will be accepted.
● Audited financial statement
● SAR incident report for the last year
● Reasonable evidence of expected substantial transaction volume
● Business plan
● AML/CFT policies & procedures
● SAR filling policy
● Complaints handling procedure
● Fraud/risk management and monitoring
● Any software used for risk monitoring and ID verification.
● Fraud prevention measures
● Evidence of blockchain activity monitoring (e.g. 3rd party contract)
● Insight in the sourcing of cryptocurrencies
● Adequate blockchain activity monitoring
Payrexx does not accept tumblers or cryptocurrencies heavily associated with illegal/hidden activities. Deposits from a wallet cannot be made to gambling sites or other high-risk business models.
Bank statement (or similar) - For verification of the ownership of the settlement bank account.
Domain registration Verification of the domain ownership.
Login credentials Verified full access (highest level) to an account in case the merchant offers a “restricted member area” or is requiring KYC for account setup. The account must be fully verified without Payrexx having to add KYC or any other personal documentation and must be valid for as long as the merchant has an agreement with Payrexx.
Processing history Report from current/previous acquirer(s) including chargeback and fraud history for the last 6-12 months. It should be in “overview” format, not a long sheet with each transaction listed.
Documentation must include:
● Transactions (count and amount)
● Chargebacks (count and amount)
● Fraud numbers (if applicable)
The info must be divided into schemes and regions.
● Address ID - A utility bill (gas, water, electricity, or landline) not older than 3 months
● Picture ID - Drivers license, passport, or national ID
This is required for:
● Beneficial owners with more than 25% ownership or voting control
● Trustees (if applicable)
If deemed necessary, Payrexx may ask for KYC on UBOs with less than 25% or additional directors or related persons.
If you are signing on behalf of the merchant (must be agreed with Payrexx) please include a POA from the merchant in the documents.
The website/platform must contain:
● General Terms including withdrawal terms
● Link to AML/CFT and other relevant Risk policies
● Risk disclosure
● Contact and company information (company name and registration number, registered address, license number, etc.)
● Customer service details (email, phone number, or live chat)
● A clear description of the products/services, including prices and fees
● The location of the company must be shown during the checkout process (for example in the payment window)
● Visa and Mastercard logos have to be visible on the website.
● The entire webshop/platform must have an SSL certificate and the merchant must be PCI compliant.
Terms must be accepted by the cardholder prior to purchase. The name of the descriptor for the product/service, which will appear on the bank statement of the customer/cardholder, has to be visible during checkout. Upon request from Payrexx, insight into the delivery of the cryptocurrency must be provided via a direct link to Blockchain info for each transaction. The merchant must provide Payrexx with insight into every transaction, by providing user account information such as account statement, user info, KYC. Full KYC (ID and address legitimation) must be obtained on all transactions in order to fight chargebacks.
In general, merchant must abide to all AML/CTF requirements when engaging with a new customer.
In relevant cases, the merchant must be able to track and log where the traffic comes from in order to mitigate the risk of affiliate misuse.
Merchants must be able to provide a list of affiliates upon request and a log of the affiliate activity.
Chargeback and fraud management are of great importance to us in order to manage our portfolio and minimize our risk - both financially and in terms of card scheme programs (for both merchants and acquirers). It is therefore also of great importance to our merchants.
Chargebacks: Payrexx expects all our merchants to stay below a threshold of 0.45% and a count of 75 chargebacks per month.
Fraud: In terms of fraud, merchants should stay below a threshold of 0.45% on both Mastercard and Visa per month. In addition, they must stay below a fraud volume of 50K $ per month.
Payrexx is aware that some merchants with special business models tend to generate more chargebacks than others. In cases where a new merchant has a historically high chargeback or fraud ratio, we may ask the merchant to provide us with a plan for how they intend to decrease the numbers.
Payrexx is of course available for support and guidance in case the merchant or partner wishes to explore the possibilities of mitigating risks. Should we during the onboarding (or monitoring) see issues in the merchant setup (affiliates, billing, terms, pricing, etc.) that we believe will cause a higher risk of chargebacks, we may require the merchant to amend the setup in order to lower the risk.
In case such a plan or steps taken does not work as intended, Payrexx may impose restrictions on the account. In rare cases, we see no other possibility than to deactivate the merchant. For crypto merchans specifically, it is important to be able to provide evidence of delivery of the crypto currency , which is why we require full KYC on all transactions. KYC is a part of the requested documentation, in case we investigate a transaction, so it is important to be able to deliver this.
An application can only be assessed if all documents have been submitted. In case something is missing or unclear, the application will be returned. Applications for crypto merchants and other high-risk branches are subject to approval from Payrexx Management, hence there is a longer application processing time than we have for low-risk merchants.