KYC in the Mobile POS Market

Navigator Edition: March 2012
By: Raymond Carter and Brooke Ybarra

First Annapolis recently conducted field research that included signing up for the Intuit GoPayment and North American Bancard (NAB) Pay Anywhere mobile POS offerings to see, among other reasons, how the boarding process functioned. As expected, we found much evidence of process innovation – an expedited and customer-friendly process that met minimum regulatory requirements to the extent we could observe them.

The Sign-Up Process

In signing up for the Intuit GoPayment and NAB Pay Anywhere accounts, which a professional on our research team did as an individual rather than as a business, we were asked three challenge questions for each to verify identity.

For Intuit this step occurred after entering personal information (name, address, SSN, birthday) and accepting the terms and conditions. We received a pop up stating the application was being processed and then presenting three challenge questions under a heading “Verify Identity.”

  1. Where was your social security number issued?
  2. Which of these names are you familiar with?
  3. In which county have you lived?

Upon answering the questions, we submitted the application and came to a screen that said Intuit should have an answer back to us in about 2 days via email. (It actually took about 24 hours, and we received a shipping confirmation for the card reader the next business day.)

For NAB, this same step occurred after we entered personal information, accepted the terms and conditions and submitted the application. The next step was labeled “Verify Your Identity” and had three challenge questions.

  1. In which city is [the address of the professional submitting the application?
  2. With which name are you associated?
  3. Which street have you lived on?

Upon answering the questions, the site indicated the application was under review and that we would receive the free terminal within 5-7 business days upon application approval. (Application approval actually occurred within 3 hours, and we received the device via USPS two business days later.)

The KYC Strategy

As part of the Bank Secrecy Act and the USA Patriot Act, banks must collect and verify client information including:

  • Name
  • Date of birth
  • Address (P.O. boxes not acceptable)
  • Identification Number (either a tax ID or Social Security number)

The verification process Intuit and NAB used validated the customer’s identity by comparing the customer’s responses to the challenge questions to information stored at the credit bureaus or to information provided by other companies that specialize in providing KYC software. This is likely where the challenge questions are originated, and the acquirers verified identity in the background by comparing information that the customer would know but others generally would not. This challenge verification approach is called Dynamic Knowledge Based Authentication. After the acquirer verifies identity, it will also need to cross-reference the merchant to the Office of Foreign Assets Control Specially Designated Nationals (OFAC SDN) list.

It appears to us that these acquirers are complying with the USA Patriot Act. Other acquirers’ KYC processes vary a bit and tend to do more than the required minimum (for example, physical site visits).  Intuit and NAB are exhibiting a willingness to scale back a KYC review to the minimum requirements in order to positively effect a customer experience (and probably a cost structure) that is tailored to this particular niche. We believe this process innovation will be central to competing effectively in the mobile POS market over time.

For more information, please contact Raymond Carter, Principal specializing in Commercial Risk,; or Brooke Ybarra, Senior Consultant specializing in Merchant Acquiring,

To read the rest of this article, please subscribe to

The Navigator Newsletter