Platforms are particularly prone to fraud and money laundering. For example, users can sign up as both buyers and sellers and use stolen credit cards to access cash or move money illegally. Assembly implements measures in order to help prevent these occurrences and to reduce the risk for your platform.
To integrate correctly, Assembly requires your platform pass the necessary information in order to verify the identities of your users.
Generally, sellers on the platform can transact either as an individual or a company. Depending on the profile chosen, Assembly lays out different information requirements that you need to pass on for onboarding the sellers on a platform.
User verification processes ensure that we collect and analyse identity information on each and every seller before allowing them to transact. This ensures there is confidence in the parties involved in a transaction.
Assembly is not the entity that sends funds; the banks do. Thus, we collect information that complies with bank requirements and government sanctions.
Required User Verification Information
It is important to identify sellers on your platform in order to prevent sanctions breaches and money laundering.
By default, the information required from all users that are sellers on your platform can be found here
User verification is an ongoing process, even for longtime users on a platform. To know the workflow we use to ensure the integrity of your user base, see User Verification.
In compliance with the US Treasury Department, we check every seller against the Office of Foreign Assets Control (OFAC) and Specially Designated Nationals (SDN) database to ensure no business is done with banned nations, entities and individuals that the USA has economic and trade sanctions against. Similarly, we perform the same checks against the Australian Department of Foreign Affairs and Trade (DFAT), economic and trade sanctions lists.
Our compliance is not limited to the USA and Australia; with any country we bank with, we need to adhere to their sanctions.
Anti-Money Laundering (AML) checks mean Assembly analyze and classify customer behaviours based on buyer and seller data to ensure no illegal laundering activities are carried out through your marketplace, or on the Assembly platform.
It is important to identify the buyer and to ensure that their payment method is owned by them, and has subsequently been authorized by them for the transaction. Otherwise, chargebacks may occur and are often the primary cause of fraud.
Fraud is often the result of insufficient identification of the following:
- The buyer is the owner of the credit card or bank account being used for payment.
- The buyer has authorized the purchase.
- The buyer knows who they are purchasing the goods/assets or services from.
- The buyer understands what they are purchasing.
To ensure the above, there are some pieces of information that Assembly requires:
The buying experience on Assembly is aimed to be as frictionless as possible. That said, if you have information available for a buyer on your platform, passing as much of it across to Assembly will help to establish a strong user profile, and in turn, help to flag suspicious transactions.
Furthermore, if the buyer also transacts as a seller on your platform, the additional data required for sellers will be completed ahead of the transaction time, reducing payout friction.
The following buyer information is required:
- User details (please refer here for the full details)
- Payment Method Details (Credit Card, Bank Account)
- Device ID
- IP address
We also strongly recommend including the billing address with the buyer information.
A Device ID is a unique string associated with a device, generated from a combination of contributing factors, such as the device's MAC Address, IP address, and other identifying factors.
Assembly requires you to pass the Device ID of a buyer, which will be verified and processed when making a payment. A Device ID is generated on the front end. This is the only location where the device information can be retrieved. Additionally, the device ID is only required when an item has been created and a card is charged.
Using the Device ID, the Assembly fraud engine can compare the user and credit card account details against transactions in a global database.
Assembly offers the ability to easily generate and pass the buyer’s Device ID. This is done through the PromisePay.js package.
Capturing the IP address of the user that is making a payment can provide a highly effective way of detecting fraudulent activity. Passing this will support the analysis of the buyer's location compared with their payment account and will help to determine if the credit card or bank account belongs to the buyer. The IP address is only required when an item has been created and a card is charged.
Assembly offers the ability to easily generate and pass IP Address. This is done through the PromisePay.js package.