At ezyCollect, we prioritise the security and compliance of our payment processing services. As part of our integration with Stripe's Custom Connect platform, we are required to collect certain personal information, including the Social Security Number (SSN) of individuals associated with the businesses we onboard. We understand that this request may raise questions, and we aim to clarify the reasons behind this requirement.
Understanding the requirement
Stripe, as a global payment processor, must adhere to stringent financial regulations, including the U.S. government's "Know Your Customer" (KYC) and anti-money laundering (AML) laws. These regulations mandate that Stripe collects, verifies, and maintains information on individuals associated with every U.S.-based account. This process is essential to:
Prevent financial crimes: Ensuring that individuals are not using complex company structures to conceal activities such as terrorist financing, money laundering, or tax evasion.
Maintain transparency: Providing clear and verifiable information about the individuals who control or manage a business entity.
Comply with legal obligations: Meeting the requirements set forth by regulators and financial partners to operate within the legal framework of the financial industry.
What information is collected?
For U.S.-based businesses, Stripe requires the following information from individuals who have significant responsibility to control, manage, or direct the organisation:
Full Legal Name
Date of Birth
Home Address
Social Security Number (SSN): Initially, the last four digits are required. If verification fails or once transactions exceed $550k, the full nine-digit SSN will be requested.
This information helps Stripe verify the identity of the individual and assess the legitimacy of the business operations.
How is your information protected?
We understand the sensitivity of the information you provide. Both ezyCollect and Stripe are committed to protecting your personal data through:
Data Encryption: All information is encrypted during transmission and storage.
Strict Access Controls: Access to personal data is limited to authorised personnel only.
Compliance with Data Protection Laws: Adherence to regulations such as the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Why is this necessary for ezyCollect Users?
As a platform utilising Stripe's Custom Connect, ezyCollect is responsible for collecting and submitting the required verification information. This process ensures that:
Your business can receive payouts: Without verified information, Stripe cannot enable payouts to your business account.
Compliance is maintained: We meet our obligations under financial regulations, allowing us to continue offering secure payment services.
Risk is mitigated: Verifying identities helps prevent fraudulent activities and protects both your business and our platform.
Conclusion
We recognise that providing your SSN is a significant request, and we assure you that this information is collected solely to comply with legal requirements and to ensure the integrity of our payment processing services. If you have any further questions or concerns, please do not hesitate to contact our support team.
Further Information on SSN Collection & Verification Requirement
Summary
To comply with U.S. legal and regulatory obligations, ezyCollect must collect and verify the SSN (or, initially, the last four digits) of every U.S. resident individual on our platform. This requirement stems from three core obligations:
Anti-money-laundering (AML) and Know-Your-Customer (KYC) rules under the Bank Secrecy Act (BSA) and the USA PATRIOT Act mandate identity verification to prevent financial crime*.
Customer Due Diligence (CDD) requirements, which reinforce collecting unique identifiers (like SSNs) for beneficial owners of legal entities**.
Internal Revenue Service (IRS) tax-reporting rules (e.g. Forms 1099), which require a Taxpayer Identification Number on all reportable payments***.
Collecting the SSN (or last four digits) ensures proper reporting, fraud prevention, and alignment with evolving regulatory thresholds for payment volume.
*https://home.treasury.gov/news/press-releases/js335
**https://www.fincen.gov/resources/statutes-and-regulations/cdd-final-rule
***https://www.irs.gov/individuals/international-taxpayers/us-taxpayer-identification-number-requirement
---------------------------------------------------------------------
1. Regulatory Background
1.1 KYC & AML under the USA PATRIOT Act
Section 326 of the USA PATRIOT Act requires financial institutions and payment platforms to establish “Customer Identification Programs” (CIP), which must include procedures to verify identity, maintain verification records, and screen against lists of known or suspected terrorists or criminals*.
1.2 Customer Due Diligence (CDD) Rule
Under FinCEN’s CDD Final Rule, ezyCollect must gather Beneficial Ownership Information—including SSNs—for legal entity customers. This promotes transparency over who truly owns or controls an account, preventing misuse for money laundering or terrorist financing. (Citations)
*https://home.treasury.gov/news/press-releases/js335
2. Onboarding Workflow
2.1 Collecting Last Four Digits Initially
For efficiency and user convenience, ezyCollect first attempts verification with only the last four digits of the SSN. If this fails, or if a connected account’s lifetime payments exceed USD 500,000, we request the full nine-digit SSN*.
2.2 Full-Nine-Digit Requirement at Volume Threshold
Once a connected account’s lifetime payment volume exceeds USD 500,000, ezyCollect automatically escalates to require all nine digits of the SSN, ensuring continued compliance as risk and exposure grow**.
*https://support.stripe.com/express/questions/2023-24-updates-to-us-verification-requirements-faqs
**https://support.stripe.com/express/questions/2023-24-updates-to-us-verification-requirements-faqs
3. Data Use, Privacy, and Security
Use of SSN: SSNs are used solely by ezyCollect for identity verification, regulatory compliance, and tax reporting.
Data Protection: We employ industry-standard AES-256 encryption at rest and in transit, role-based access controls, and regular audits to safeguard SSNs.
Limited Disclosure: ezyCollect does not share SSNs with unauthorised third parties; information is provided only to regulators or tax authorities as legally required.