Popular topics: How it works? Security

Onboarding procedure

How long does the acceptance and onboarding procedure take?

Upon receipt of your initial request via Get Started form on our website, we will give you a reply within 2 working days. It will be either a request for further information about your business, price list proposal or a rejection due to the FMPay’s risk management policy.

If you've accepted our price proposal, we will request you to fill in our Onboarding Questionnaire. Our revision process will take up to 3 working days. If all your documents are in order and you've successfully passed our identity verification procedure, we will send you our Service Agreement for signing. Once it has been signed, we will start the technical integration stage, which can take up to 7 working days depending on the complexity of the process.

Delete

What documents should I prepare for the onboarding as a Merchant?

You need to have good quality scanned copies of the following:

Corporate documents of your company: Certificate of Incorporation, Memorandum and Articles of Association, Power of Attorney (if required by your corporate structure).

Financial documents: Business Bank statements for the last 3 months or Processing history for the last 6 months. If your business is new, please provide a Business Plan with projected volumes.

Personal documents: Passports and proof of address for all directors, shareholders with >10% of shares and beneficial owners.

Technical documents: PCI-DSS SAQ/AOC + ASV scan and Proof of domain ownership.

If you are a licensed company, please provide a copy of the license or a link to the Register.

More information for the documents requirements for Merchants can be found here.

Delete

What documents should I prepare for the onboarding as an OCT Client?

You need to have good quality scanned copies of the following:

Corporate documents of your company: Certificate of Incorporation, Memorandum and Articles of Association, Power of Attorney (if required by your corporate structure).

Financial documents: your Business plan with expected turnover, countries that you want to send the OCT payments and for what purpose. As not all countries and payment types are supported, we want to ensure that all your payments will be processed without being rejected. At the moment it is not possible to make OCT transfers for activities that involve cryptocurrencies and gambling.

Personal documents: Passports and proof of address for all directors, shareholders with >10% of shares and beneficial owners.

If you are a licensed company, please provide a copy of the license or a link to the Register. More documents can be requested if you're a Financial Services Provider.

Delete

What personal documents should I prepare for all people involved in my company?

Each Director, Shareholder with >10% of shares and Beneficial owner should provide passport and proof of residential address not older than 3 months. This can be either a utility bill (gas, water, electricity, landline phone) or your personal bank account statement. 

Please note that we will verify the information provided by you with the UK Companies House and national Business Registry.

Delete

How do I send all my documents to FMPay?

Please refrain from sending any documents to us via email. You can upload all  documents securely using the link to our Onboarding Questionnaire which we will send you during onboarding. If you do not have time to complete the Onboarding Questionnaire all at once or missing any documents/information - you can come back to your saved application within the next 14 days.  If any documents will be missing in your application after submission, we will send you a private link via email to upload them.

Delete

Are there any specific requirements to my personal documents?

Documents must be uploaded in full color (no black-and-white scans). Acceptable file formats are jpg, jpeg, png, tiff, tif, and pdf.

- Documents must be clear and large enough to read, each file size should not exceed 25MB.

- Photocopies of identity documents are not acceptable, scan should be made from the original.

- Documents must be valid and not expired.

- Complete documents must be uploaded. A complete document is defined as:

- Both front and back of an identity card

- The entire personal information page of a passport with a photo and holder’s signature. A machine-readable zone (if any) must be visible on the document.

Proof of Residential Address document requirements:

- The full name and address of the individual are clearly stated and legible.

- Documents must be dated within the past 3 months.

- Complete documents must be uploaded. If the document states 3/3 pages, all pages are required to be uploaded.

- Translation into English is required for documents issued in languages other than English.

Delete

How is the identity verification procedure carried out?

The service is provided by our partner ZingSec and is compliant with our Privacy Policy. The procedure will take approximately 3 minutes to complete. 

To successfully complete your identity verification, please follow the steps below:

  1. Open the link on your mobile phone or a computer that has a camera.  
  2. You will be asked to take a picture of the front page of your ID card or passport page with a photo. Alternatively you can upload a picture of you ID/passport.
  3. Then you will be asked to position your face in the frame on the screen and the picture will be taken automatically.

We will then contact you to confirm that the identification procedure was successfully completed.

Delete

Why my business was declined?

We carefully review every application submitted. The decision to approve or decline an application is always made on a case by case basis. We follow Visa and Mastercard requirements, anti-money laundering and counter-terrorist financing regulations as well as internal risk management policies.

There are various reasons why an application can be declined. Usually, the business exceeds our risk appetite or does not meet certain requirements. The most common ones are as follows: the company is not registered in the United Kingdom; the business type is on the prohibited businesses list; the web-site is not suitable to operate as a web-shop.

If we are not able to accept your business, you will receive an email informing you about our decision. This decision is final and cannot be negotiated.

Delete

Do I need to notify you about any changes including the change of Director/Shareholder/Beneficial owner after I’ve finished the onboarding and started operating?

Yes, we must be informed of all changes made subsequent to your onboarding. All new Directors/Shareholders/Beneficial owners will need to provide us their passport, proof of address and undergo the identity verification procedure online powered by Zignsec.

Delete

What are SAQ/AOC + ASV scan documents that you ask for the onboarding?

These documents are related to the Payment Card Industry Data Security Standard, or PCI DSS. It is a standard security requirement for all entities that store, process, or transmit cardholder data, so it is applying to both Merchants and OCT clients. 

The SAQ stands for Self Assessment Questionnaire, this is a tool used to document a company's self-assessment of security practices concerning cardholder data. 

The AOC stands for Attestation of Compliance, it is an attestation completed by a Qualified Security Assessor (QSA) that states a Merchant's PCI DSS compliance status. An AOC is a documented evidence that you have implemented security best practices to protect cardholder data. Basically, an AOC is a written representation that you've completed the applicable SAQ and been verified by a QSA.

The ASV stands for Approved Scanning Vendor, it is an organization with a set of security services and tools to conduct external vulnerability scanning services to validate adherence with the external scanning requirements of PCI DSS Requirement 11.2.2. 

The documents you will need to submit depend on your PCI DSS Level, which is based on the number of transactions per year and the type of technical integration of your web-site with our payment platform.

Level 1 Merchants can only validate compliance with an independent assessment by ordering an external vulnerability scan performed by an ASV. Level 2, 3, 4 Merchants may be able to complete a SAQ (Self Assessment Questionnaire) to validate their compliance. 

ASV scan result + SAQ or SAQ only will be required during onboarding and then annually during the time you're operating an account with FMPay. Please check the list of the approved scanning vendors here: https://www.pcisecuritystandards.org/assessors_and_solutions/approved_scanning_vendors

More information about PCI DSS can be found at PCI Security Standards Council web-site: https://www.pcisecuritystandards.org/

Delete


Was this article helpful?

Can’t find what you’re looking for?

Our award-winning customer care team is here for you.

Contact Support