Required Documents

In order to perform a successful merchant registration, certain documents are required for the Merchant, Shop, Related Company and/or Related Person resources - depending on the Customer Due Diligence Level (Simplified, Standard, Enhanced).

The mandatory documents have to be uploaded using the POST /documents API request - one by one after the merchant was successfully posted via POST /merchants (merchant state should be PendingOnDocuments so that documents can be uploaded).

📘

List of required documents

To receive a list of required/mandatory documents for a specific merchant the GET /entity-required-documents resource should be used.
The response will contain information which document is required for each entity (Merchant, Shop, Related Company and/or Related Person).
Also a status is returned that indicates if a required document was already uploaded:

  • missing: document was not yet uploaded
  • assigned: document was already uploaded and assgned to the merchant/shop/company/person

Once all mandatory documents were uploaded, the PXP Financial Onboarding System will move the merchant state from PendingOnDocuments to the next state (see Onboarding Flow) and continue the onboarding process.

📘

Document size and and allowed file types

The maximum messages size for POST /documents after encoding is limited to 15MB (which means that documents up to approx. 11MB can be uploaded).
The allowed file types are: pdf, .jpeg, .png

🚧

Payment Facilitators

For Payment Facilitators the documents PXP Financial requires will depend on the specific distribution of responsibilities between the partner and PXP Financial. This will be defined as part of the setup process.

List of documents

The following table lists all possible document types PXP Financial currently accepts.

The Document Type is the value that will be sent and received in the POST /documents and GET /documents operations as the type attribute/property.

Document Type

Associated Entity

Description

CertificationOfIncorporation

Merchant or RelatedCompany

An official document of incorporation; proof of registration as sole trader.

ArticlesOfAssociation

Merchant or RelatedCompany

A document that is required for incorporation in some countries. It contains a description of the business model of the company.

BankStatement

Merchant

Copy of the bank statement/screenshot of online banking tool showing at least bank account number and owner.

BankReferenceLetter

Merchant

A document that should contain an official bank letter for every bank account submitted as part of the application.
Please aggregate all bank letters into one document (PDF).

AddressProofForMerchantLocation

Merchant

A copy of a recent utility bill (no older than 3 months) or rent agreement associated with the address stated as
incorporationAddress in the POST /merchants call.

CardProcessingHistory6Months

Merchant

A document that contains a record of the merchant’s processing history for card payments. Please pass this data in one document (CSV or Excel).

ProofOfDomainOwnership

Merchant

If the merchant is processing ecom payments, PXP Financial requires a document that contains proof that the merchant holds ownership of the URLs associated with each shop. This data should be aggregated and sent in one document. If the merchant is accepting card-present payments, this document should contain proof of ownership of the URL of the corporate website. If the merchant does not operate any website (e.g. sole traders) then no such document is needed.

BusinessLicenseOrAuthorization

Merchant

For some MCCs and countries, special licenses are required by the local regulator. Examples of this would be 7995 (Gaming), 5912 (Drug Stores and Pharmacies) or 6211 (Binary/Forex). If the merchant is operating such a business in any country that requires a license, please send a document that aggregates all of this information in one file (PDF).

LegalOpinions

Merchant

Where applicable, legal opinions issued to the merchant confirming the legality of products or services provided, shipping, import/export etc (Forex/Trading/CFD merchants; Crypro exchanges; Pharmacies; CBD etc)

Organogram

Merchant

A document that discloses the corporate structure of ownership.

AnnualReport

Merchant or RelatedCompany

A report on business performance.

CompanyAMLPolicyAndGuidelines

Merchant

A document describing the AML policy and guidelines of the merchant.

ChargebackAndFraudPolicyAndProcedures

Merchant

A document that describes the chargeback and fraud prevention policy and guidelines of the merchant.

PassportOrGovernmentID

RelatedPerson

A scanned passport or other form of official identification related to a person.
Only relevant for a related person that has a role of Owner, Shareholder, DirectorOrExecutive or UltimateBeneficiary.

PersonalUtilityBill

RelatedPerson

A utility bill, no older than 3 months, associated with a person holding either of the following roles: Owner, Shareholder, DirectorOrExecutive or UltimateBeneficiary.

ProofOfAuthorisedSignatory

RelatedPerson

A proof that a person is the authorised signatory of the merchant.
Only relevant for a related person who is the Signatory but is not an Owner or
DirectorOrExecutive at the same time.

TaxFilings

Merchant

If applicable, a record of the last tax filing.

PCIReportOnCompliance

Merchant

A copy of the latest PCI ROC (Report On Compliance). Please refer to PCI Documents to see for which merchants this becomes relevant.

PCISelfAssessmentQuestionnaire

Merchant

A document every merchant processing card volumes is required to fill out. As a PCI regulated entity, PXP Financial is required to hold this on record for every merchant processing through PXP Financial. Please refer to PCI Documents to see if the merchant needs to submit the questionnaire or needs to submit a copy of the PCI certification (PCIReportOnCompliance).

PCIQuarterlyASVReport

Merchant

The result of the quarterly ASV (Approved Service Vendor) check of Shop URLs. For a new merchant application, please submit the most recent report.

ExternalRiskChecksResult

Merchant

If applicable, the collected results of externally processed merchant risk or underwriting checks.

ExternalCompanyRiskChecksResult

Merchant

If applicable, the collected results of externally processed business verification checks (KYB checks).

ExternalCustomerRiskChecksResult

Merchant

If applicable, the collected results of externally processed customer identity checks (KYC checks).

Contract

Merchant

The signed contract with the merchant.

Required documents for a Merchant

The above documents are mandatory depending on the Customer Due Diligence Level (SoleTrader, Standard) as described in Overview but also on the data which was transmitted in the POST /merchants request.

The following table lists all document types and the information if they are mandatory, optional or conditionally mandatory for each CDD-Level:

DocumentType

SoleTrader

Standard

CertificationOfIncorporation

Mandatory

Mandatory

ArticlesOfAssociation

n/a

Mandatory

BankStatement

Mandatory

Mandatory

BankReferenceLetter

n/a

n/a

AddressProofForMerchantLocation

Mandatory

Mandatory

CardProcessingHistory6Months

Yes, if isStartUp set to false and if fraudRatiosForThePastMonths or chargebackCountRatiosForThePastMonths is above 0,5% in any month.

Yes, if isStartUp set to false

ProofOfDomainOwnership

Mandatory if domainOwnership = Own

Mandatory if domainOwnership = Own

BusinessLicenseOrAuthorization

Mandatory if MCC is 7995, 6012, 6051, 6211, 5912

Mandatory if MCC is 7995, 6012, 6051, 6211, 5912

LegalOpinions

Mandatory if applicable

Mandatory if applicable

Organogram

n/a

Mandatory

AnnualReport

n/a

n/a

TaxFilings

n/a

n/a

ChargebackAndFraudPolicyAndProcedures

Mandatory if isChargebackOrFraudAnalysisProcessInPlace was answered with "true".

Mandatory if isChargebackOrFraudAnalysisProcessInPlace was answered with "true".

CompanyAMLPolicyAndGuidelines

Mandatory if isRegulatedByAMLGuideline was answered with "true".

Mandatory if isRegulatedByAMLGuideline was answered with "true".

PCIReportOnCompliance

Mandatory for PCI Level 1.
See PCI Documents.

Mandatory for PCI Level 1.
See PCI Documents.

PCISelfAssessmentQuestionnaire

Mandatory for PCI Level 2-4.
See PCI Documents.

Mandatory for PCI Level 2-4.
See PCI Documents.

PCIQuarterlyASVReport

Mandatory for PCI Level 2-4. For a new merchant, the most recent report has to be provided. See PCI Documents.

Mandatory for PCI Level 2-4. For a new merchant, the most recent report has to be provided. See PCI Documents.

Required documents for a Related Company

For each related company provided in the relatedCompanies list, the following documents are mandatory in addition:

DocumentType

Soletrader

Standard

CertificationOfIncorporation

not applicable (a sole trader must not have any related companies)

Mandatory

ArticlesOfAssociation

not applicable (a sole trader must not have any related companies)

Mandatory

Required documents for a Related Person

For a person listed in the relatedPerson list, the following documents are mandatory in addition:

DocumentType

Any CDD-Level

PassportOrGovernmentID

Mandatory if the persons role is Owner, Shareholder, DirectorOrExecutive or UltimateBeneficiary

PersonalUtilityBill

Mandatory if the persons role is Owner, Shareholder, DirectorOrExecutive or UltimateBeneficiary

ProofOfAuthorisedSignatory

Mandatory if the person is the authorised Signatory of the merchant (has role Signatory assigned) and is NOT Owner or DirectorOrExecutive at the same time

PCI documents

The following table shows which PCI related documents have to be submitted for a merchant.

ROC: Report on Compliance
SAQ: Self Assessment Questionnaire

PCI Level

of Visa & MC transactions combined

Required Documents

1

more than 6 Million

ROC, using PCIReportOnCompliance document type

2-4

2: 1-6 Million
3: 200.000- 1 Million
4: less than 200.000

Using PCISelfAssessmentQuestionnaire document type:
Redirect or Iframe: SAQ A
Direct POST or Javascript: SAQ A-EP
XML or Other: SAQ D

PCI Level 1
Merchants processing a combined scheme volume (this includes all transactions of all schemes participating in the PCI compliance standard - JCB, CUP, Amex and Discover) of over 6 million transactions need to provide a document on PCI compliance (ROC, transmitted using the PCIReportOnCompliance document type). These merchants need to be audited and re-certified on a yearly basis.

PCI Level 2-4
The SAQ is a standardized questionnaire that does not require an audit.

The different levels of SAQ stated in the table above refer to different questionnaires the merchant needs to fill out. This depends on the way the merchant captures card data from their customers.

  • Redirect or IFrame: The merchant only redirects the customer to a PCI certified processor. The merchant system does not come into direct contact with the card data.
  • Direct POST or Javascript: The merchant website/UI directly captures the card data, but posts it to an external processor using client-side technologies. The merchant backend does not receive card data, only the website/UI does.
  • XML or Other: For merchants that do not meet the reduced requirements for SAQ-A and SAQ-EP, the most comprehensive questionnaire (SAQ-D) needs to be filled and submitted to PXP Financial.

🚧

Quarterly ASV report (PCIQuarterlyASVReport)

Please note that merchants categorized as PCI Level 2-4, while not requiring a yearly PCI audit, are still subject to a quarterly security scan of any website accepting card payments.
Such a scan is usually done by PCI-approved external vendors that provide this as a service. Such vendors are referred to as 'Approved Scanning Vendor' - ASV in short.

The result of the quarterly scan is usually referred to as 'ASV scan report'.
While PCI compliance requires that all merchants are obliged to perform these scans, PXP Financial currently requires this to be submitted for all category 2 and 3 merchants.

Updated ASV scan reports should be submitted to PXP Financial every 3 months using document type PCIQuarterlyASVReport.