> ## Documentation Index
> Fetch the complete documentation index at: https://www.marqeta.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# About KYC Verification

> Learn about Know Your Customer (KYC) verification, when KYC verification is required, and what information about the individual or business you need to provide.

Some Marqeta card programs require account holders residing in the United States to pass Know Your Customer (KYC) identity verification before being allowed to transact. For example, KYC verification is required for reloadable cards because of regulatory mandates.

KYC verification is also required for the proprietors, officers, and beneficial owners of businesses in the United States.

For more information about account holders, see [About Account Holders](/developer-guides/about-account-holders/).

For information about performing KYC verification tasks using the Marqeta platform, see [KYC Verification](/core-api/kyc-verification/).

<h2 id="_what_is_kyc_verification">
  What is KYC verification?
</h2>

With Know Your Customer, you must ensure that your customers are who they say they are. Regulations such as the Bank Secrecy Act/Anti-Money Laundering law (BSA/AML) in the United States require that financial institutions handling your funds perform identity verification to help limit suspicious or fraudulent activity. When this verification process is applied to a business, it is referred to as Know Your Business (KYB).

KYC verification answers these important questions:

* Is the individual (represented by the `user` resource) or company (represented by the `business` resource) who or what they claim to be?

* Does the individual or company have a history of suspicious or fraudulent activity?

On the Marqeta platform, individual KYC and Business KYC are distinct processes that you will perform separately.

For information about individual KYC, see [Individual KYC](#_individual_kyc).

For information about Business KYC, see [Business KYC (KYB)](#_business_kyc_kyb).

<h2 id="_individual_kyc">
  Individual KYC
</h2>

This section pertains to performing KYC on a `user` resource. For information about Business KYC, see [Business KYC (KYB)](#_business_kyc_kyb).

<h3 id="_when_is_kyc_verification_required_for_an_individual">
  When is KYC verification required for an individual?
</h3>

KYC verification is generally required for individual account holders when:

* The account holder’s card is reloadable.

* The account holder can access cash from their card, such as by ATM or cashback.

* The account holder can transact internationally.

* The card’s account balance exceeds \$1000 USD.

* Funding for the holder’s account could come from somewhere other than the program funding source, such as by ACH or direct deposit.

<h3 id="_required_information_for_individual_kyc">
  Required information for individual KYC
</h3>

To perform KYC verification for an individual account holder, you must provide the following information in the relevant `user` resource:

* First and last name

* Address (PO Boxes are not acceptable)

  * Street address

  * City

  * State

  * Postal code

  * Country code (ISO alpha-2 format)

* Date of birth

* Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN)

For detailed information about the `user` resource, see [Users](/core-api/users/).

<h3 id="_performing_kyc_for_an_individual">
  Performing KYC for an individual
</h3>

To perform KYC verification for an individual, first ensure that you have provided the required information in the relevant `user` resource.

After you have provided the required information in the relevant resource, you can perform KYC verification by sending a `POST` request with the relevant `user_token` to the `/kyc` endpoint. You can perform KYC twice on any given user, regardless of outcome. For detailed information about performing KYC verification using the Marqeta platform, see [Perform KYC](/core-api/kyc-verification/#post_kyc).

To view the results of your requested KYC verification, send a `GET` request to the `/kyc/{token}` endpoint, where `{token}` is the KYC request token returned by `POST /kyc`. For detailed information about retrieving KYC verification results, see [Retrieve KYC result](/core-api/kyc-verification/#get_kyc_token).

You can view a list of all KYC verification results for a user by sending a `GET` request to the `/kyc/user/{user_token}` endpoint. For more information, see [List KYC results for user](/core-api/kyc-verification/#get_kyc_user_usertoken).

<h3 id="_what_happens_if_individual_kyc_verification_fails">
  What happens if individual KYC verification fails?
</h3>

If individual KYC verification fails, Marqeta escalates the verification to the KYC provider. In such cases, the account holder may be required to provide additional documents as proof of identity.

<h2 id="_business_kyc_kyb">
  Business KYC (KYB)
</h2>

This section pertains to performing KYC on a `business` resource. For information about individual (`user`) KYC, see [Individual KYC](#_individual_kyc).

<h3 id="_when_is_kyc_verification_required_for_a_business">
  When is KYC verification required for a business?
</h3>

KYC verification is generally required for business account holders when:

* The account holder’s cards are reloadable.

* The account holder allows access to cash from their cards, such as by ATM or cashback.

* The account holder transacts internationally.

* The account balances on cards exceeds \$1000 USD.

* Funding for the holder’s account could come from somewhere other than the program funding source, such as by ACH or direct deposit.

Marqeta must also perform KYC verification on the controlling person (the proprietor or officer) of a business during the onboarding process. The controlling person is the individual responsible for running the company, regardless of ownership.

For privately held companies in the United States, Marqeta must perform KYC verification on all beneficial owners. A beneficial owner is an individual who owns 25% or more of the company, either directly or indirectly. A company may have no beneficial owners. If the proprietor or officer is also a beneficial owner, you must only submit their information as the proprietor. Submitting an individual as both a proprietor and a beneficial owner will cause an extra KYC verification to be performed on the individual.

Businesses must submit an attestation from an individual who confirms that all information submitted for a business is correct and truthful.

<h4 id="_preventing_transactions_before_your_business_has_passed_kyc_verification">
  Preventing transactions before your business has passed KYC verification
</h4>

Some programs require that a business passes KYC Verification before cardholders perform any transactions. In such cases, Marqeta recommends that you do not create child users of a business or issue any cards until after that business has passed KYC verification and is in the `ACTIVE` state.

<h3 id="_required_information_for_business_kyc">
  Required information for Business KYC
</h3>

To perform KYC verification for a business account holder, you must provide the following information in the relevant `business` resource:

* Legal business name

* Fictitious business name ("Doing Business As" or DBA)

* Business office address (PO Boxes are not acceptable)

  * Street address

  * City

  * State

  * Postal code

  * Country code (ISO alpha-2 format)

* Date the business was established

* Organizational type of the business (corporation or sole proprietorship, for example)

* State in which the business is incorporated

* Taxpayer identification number for the business

* Business proprietor or officer information

* Beneficial owner information, if applicable

* Attestation evidence

* Attester name

* Attestation date

For detailed information about the `business` resource, see [Businesses](/core-api/businesses/).

<h4 id="_required_information_for_sole_proprietorships">
  Required information for sole proprietorships
</h4>

When creating a sole proprietorship, you must designate the `business` as a sole proprietorship using the `incorporation` fields documented on [Businesses](/core-api/businesses/). The details for the `proprietor` object should be completed using the individual’s information. Complete the `KYC Required` portion of the `business` object with the following details:

* The `business_name_legal` is the individual’s legal name.

* If the sole proprietorship has a `Doing Business As` name, provide this in the `business_name_dba` field. Otherwise leave this field blank.

* If the sole proprietorship has an Employer Identification Number tax ID that is different from the individual’s SSN, provide this in the `identifications` fields documented on [Businesses](/core-api/businesses/) as the Business Tax ID or Business Number. Otherwise, this field must contain the individual’s Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN).

<h3 id="_performing_kyc_for_a_business">
  Performing KYC for a business
</h3>

To perform KYC verification for a business, first ensure that you have provided the required information in the relevant `business` resource.

After you have provided the required information in the relevant resource, you can perform KYC verification by sending a `POST` request with the relevant `business_token` to the `/kyc` endpoint. You can perform KYC twice on any given business, regardless of outcome. Attempting to perform KYC a third time on a given business will return an error. For detailed information about performing KYC verification using the Marqeta platform, see [Perform KYC](/core-api/kyc-verification/#post_kyc).

Occasionally, a business component may be successfully submitted for processing, but the processing is not completed by the vendor in the allotted time. In such cases, you will see the `VENDOR_PENDING` outcome for both the KYC request status and the relevant business component in the `business_result` object. Marqeta will send you the final outcome for your KYC verification request using a `kybresults` webhook event. For detailed information about the `kybresults` webhook event, see [KYB results event](/core-api/event-types/#_kyb_results_event).

To view the results of a KYC verification that you requested, send a `GET` request to the `/kyc/{token}` endpoint, where `{token}` is the KYC request token returned by `POST /kyc`. For detailed information about retrieving KYC verification results, see [Retrieve KYC result](/core-api/kyc-verification/#get_kyc_token).

You can view a list of all KYC verification results for a business by sending a `GET` request to the `/kyc/business/{business_token}` endpoint. For more information, see [List KYC results for business](/core-api/kyc-verification/#get_kyc_business_businesstoken).

<h3 id="_what_happens_if_business_kyc_verification_fails">
  What happens if Business KYC verification fails?
</h3>

If Business KYC verification fails, Marqeta escalates the verification to the KYC provider. In such cases, the account holder may be required to provide additional documents as proof of identity.


## Related topics

- [Account Holders Overview](/docs/developer-guides/account-holders-landing-page.md)
- [About Account Holders](/docs/developer-guides/about-account-holders.md)
- [Platform Overview](/docs/developer-guides/platform-overview.md)
- [KYC Verification](/docs/core-api/kyc-verification.md)
- [About Address Verification](/docs/developer-guides/about-address-verification.md)
