Skip to content
Business Details Legal Business Name DBA Business Name Physical Address Industry Classification Type of Business / Service (description) Type of Ownership Structure Primary Phone Number, Customer Service Phone Number Customer Service Email Address Website URL Federal Tax ID Number Owner/Officer Personal Information Name, Job Title Residence Address Mobile Number Social Security Number Ownership Percentage Date of Birth Payment Processing Information Dollars Processed / month Transactions Processed / month Max Single Transaction Amount Max Daily Total Transaction Amount Customer Types (individuals / businesses)Transaction Types (debits / credits) Payment Consent Methodology (SEC code)Use of services (payroll, sale of goods, etc.) Settlement Bank Account Information Bank Name Routing Number Account Numbers Consent to Straddle Payment Services Agreement
Legal Business Name DBA Business Name Owner/Officer Personal Information Name, Job Title Residence Address Mobile Number Social Security Number Ownership Percentage Date of Birth
Legal Business Name DBA Business Name Owner/Officer Personal Information Name, Job Title Residence Address Mobile Number Social Security Number Ownership Percentage Date of Birth Specially Designated Nationals Foreign Sanctions Evaders Palestinian Legislative Council Sectoral Sanctions Identifications Capta List Non-SDN Menu-Based Sanctions Non-SDN Iranian Sanctions Non-SDN Communist Military Companies Sanctions
Denied Persons List Entity List Unverified List Military End User
AECA/ITAR Debarred
Nonproliferation Sanctions
Business Details Legal Business Name DBA Business Name Physical Address Industry Classification Type of Business / Service (description) Type of Ownership Structure Primary Phone Number, Customer Service Phone Number Email Address, Customer Service Email Address Website URL Federal Tax ID Number Owner/Officer Personal Information Name, Job Title
Social Security Number (SSN) Employer Identification Number (EIN) Individual Taxpayer Identification Number (ITIN) Taxpayer Identification Number for Pending U.S. Adoptions (ATIN) Preparer Taxpayer Identification Number (PTIN) All state and legal filings associated with a Business are typically traced through the Business's legal name. Without the correct entity legal name, Straddle is unable to conduct accurate screenings of that business for reports like Registration Records, which may subsequently delay onboarding. If onboarding clients that will process over $20,000 and 200 payments in a calendar year, you must file a form 1099-K with the IRS. The 1099-K requires a merchant’s Tax ID, legal name, address, and total number of transactions for the calendar year. If the company files inaccurate, incomplete, or tardy returns, it may be fined hundreds of dollars per erroneous filing, with no maximum penalty.
Sole Proprietorship Partnership Limited Liability Company (LLC) Corporation Non-profit How long has this entity been in business? Where did this business establish itself? What type of entity is this business?
The business has a physical presence in the state The business often has in-person meetings with clients in the state The business has a significant portion of company revenue coming from the state The business has employees working in the state
Virtual office space: Virtual office spaces or virtual business addresses sell professional-looking mailing addresses to businesses not operating at the location. Mailbox services: Businesses can rent a mailbox like those offered at The UPS Store or Mail Boxes Etc. Coworking space: Much like virtual office space, coworking spaces provide businesses with a professional mailing address to use for your business.
Straddle 101 - Internal
- Pages
Share
Explore
Weave (KYB Decisioning)
Introduction
Straddle provides account-to-account payment processing services for qualified businesses. Through Straddle, Users can accept bank payments from their customers, or they can send funds payments to their customers, vendors, or employees through a combination of A2A payment rails
In order to facilitate payments between two parties, Straddle assumes the role of a third-party in the payment process. This simply means that the funds for every payment must first be cleared into a Straddle account at a sponsor before being routed to the intended party.
There are federal laws, state laws, Nacha rules, and other forms of banking regulations that govern how payment service and initiation activities are conducted. These laws and regulations establish structure for the A2A payment process and they help to protect both the consumer and the originator from fraudulent and unethical behavior by the other party in the transaction.
By assuming, on behalf of the User, the position of a third-party in a transaction, Straddle exposes itself to significant legal and financial risks because it is now responsible, along with the originator, for the legal obligations of the originator and for the penalties that apply to the originator for their misconduct.
Each user must, therefore, be carefully examined, evaluated, and approved before Straddle will process payments on behalf of that entity. It is the job of the Onboarding and Compliance Department to properly assess the level of risk each originator represents and make decisions accordingly.
The purpose of this document is to discuss the specific financial and legal risks involved in third- party processing, to lay out a comprehensive set of procedures for properly assessing the level of risk represented by each originator and to establish the criteria by which an analyst determines whether or not an originator will be approved to process A2A payments through Straddle.
Risk exposure
For the purposes of this document, the word “risk” means any exposure of Straddle to financial loss, regulatory compliance actions, audits and penalties, criminal investigations, lawsuits, criminal and civil penalties, or negative publicity due to actions of any originator or third-party partner, regardless of whether such actions were deliberate or unintentional.
There are several ways that Straddle is exposed to risk via its relationships and external factors. These risks can be segmented into those that Straddle mitigates through customer due diligence and those that are inherent due to third-party relationships and external factors.
Risks Mitigated Through Customer Due Diligence
These are risks that Straddle can proactively manage and mitigate by performing thorough due diligence on its customers (users) before and during the business relationship.
Credit Risk
Credit risk is the risk that a user or other third party is unable to meet the terms of the contractual arrangements with Straddle or to perform as otherwise financially agreed. The basic form of credit risk involves the financial condition of the user itself. Appropriate monitoring of the activity of the user prior to activation and periodic review of the user's financial condition are necessary to ensure that credit risk is understood and remains within company-approved limits.
Compliance Risk
Compliance risk arises from violations of laws, rules, or regulations; noncompliance with internal policies, procedures, or with Straddle's or its Sponsor Bank/ODFI(s) business standards. This risk exists when the products or activities of users are not consistent with governing laws, rules, regulations, policies, or ethical standards. For example, some originators may engage in deceptive product marketing practices violating Unfair, Deceptive, or Abusive Acts or Practices (UDAAP), or engage in collection practices that violate the Fair Debt Collection Practices Act. Ensuring that users maintain the privacy of customer records and implement appropriate information security and disclosure programs is another compliance concern. Compliance liability could potentially extend to Straddle for actions of its customers and their end-users.
Legal Risk
Legal risk is the risk of legal action being taken against Straddle as a result of activities of its users. This risk could relate to any of the parties in the relationship: Straddle, the user, or the user's customers. The complexity of these relationships and increased intervention of law enforcement in the financial services sector at both federal and state levels, as well as class action lawsuits, heighten Straddle's legal risk. Through comprehensive due diligence and contractual agreements, Straddle can mitigate legal risks associated with its users.
Reputational Risk
Reputational risk arises from negative public opinion. Third-party relationships that result in dissatisfied customers, interactions not consistent with Straddle policies, inappropriate recommendations, security breaches resulting in the disclosure of customer information, and violations of law and regulation can harm the reputation and standing of Straddle. Negative publicity involving Straddle's users can also result in reputational risk to Straddle and its bank partners. By carefully selecting and monitoring users through due diligence, Straddle can mitigate reputational risks.
Risks Inherent with Third-Party Relationships and External Factors
These are risks that are inherent due to Straddle's reliance on third-party partners and external systems, which require ongoing oversight and risk management strategies.
Third-Party Risk
Third-party risk is associated with relying on external service providers or partners, such as Originating Depository Financial Institutions (ODFIs), payment networks, or vendors. These risks stem from the possibility that these third parties may fail to meet their obligations or may expose Straddle to additional risks through their actions or inactions. For example, if an ODFI fails to comply with regulatory requirements, Straddle may be held accountable or experience disruptions in service. Regular due diligence, strong contractual agreements, and ongoing monitoring of third-party performance are critical components in managing third-party risk.
Operational Risk
Operational risk is the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events that directly affect Straddle's operations. This includes internal errors, system failures, fraud, or any event that disrupts Straddle's normal business activities due to internal factors or external events not related to third parties. Effective mitigation strategies include implementing strong internal controls, regular employee training, maintaining robust IT systems, and developing comprehensive disaster recovery and business continuity plans.
Systemic Risk
Systemic risk is the risk that the failure or disruption of one participant in the financial system could lead to widespread financial instability or failure across the entire system. As a payment processor, Straddle is connected to various financial institutions and payment networks. Disruptions or failures at any point in the payment system—including those of ODFIs, clearinghouses, or other critical infrastructure—can have cascading effects on Straddle's operations. Systemic risks are often beyond the control of any single entity but can be mitigated through participation in industry-wide risk management initiatives, adherence to regulatory standards designed to enhance the resilience of the financial system, and developing contingency plans to respond to systemic events.
Data and technology
In order for the Straddle Onboarding Department to perform proper due diligence when underwriting each potential originator, the following information MUST be provided by each originator prior to Straddle commencing due diligence:
Data
The underwriting process does not technically begin until all required information is collected. Failure to provide the required information within a reasonable time period will result in rejection of an originator application.
Technology
Businesses are increasingly accessing financial services online, and to satisfy market demands and expectations Straddle must provide a seamless customer experience starting with simplifying account opening. The struggle that many fintechs and payment providers face is the trade-off between speed and thoroughness during customer onboarding. At Straddle, we understand there is no substitute for a proper due diligence process - and the existing “onboarding automation” products on the market weren’t quite good enough. To fix this, we built Weave: a proprietary business and identity decisioning platform.
We’ve partnered with the best data providers in the industry to connect with Weave and built the infrastructure on a highly customized Salesforce platform.
Weave is powered by custom objects called Threads that connect seemingly disparate sets of data into actionable insights for a holistic view of customer risk:
Weave decision engine
What’s it do?
KYC: Verify Identity of Owner/Officer
Reason
A fraudulent person can obtain a tremendous amount of information about a company and its officers from the Internet alone. This person could then falsely represent themselves as the owner of a company and submit an application that is accurate in every area except the things like the settlement bank account. The fraudulent individual could then use their Straddle originator account to collect payments and defraud the public under the name of this business.
Source data
Assessment Guidelines
The only real protection from identity theft is to have the owner of an “identity” provide a preponderance of information that should only be known by the real owner of the identity and that can be verified independently of the owner.
Straddle’s Identity+ module combines KYC, Identity Fraud and Synthetic Identity detection into an actionable decision with included reason codes. Use the credit report as a secondary source for validating the name, residential address, and place of employment as provided on the application. The listed “Owner” on all new originator applications is automatically sent a link to validate the provided settlement account via open-banking connectivity. Straddle uses open banking API credential service to verify the individuals’ name(s) who are authorized to transact on a given bank account. People Data Labs provides supplemental information on the individual in the form of social profiles and background data.
If the prospective merchant is unable to validate with credentials, Straddle will use internal connection to EWS verification service to match the account owner’s name to the name on the Straddle application. If the individual’s identity is still unable to be authenticated via credential based identity solutions, they will be required to complete the Socure biometric or document authentication by uploading a picture of a valid government ID along with a ‘selfie’ picture.
Straddle, via Middesk, will then confirm business ownership or executive authority through state government business registration listings. This service is automated and will retrieve the business formation documents from any states that make them available. Additional ownership confirmation is received via an automated web crawl that matches the “Owner Name” to information on .
If the above methodology is not successful in determining if an individual is who they say they are and authorized to transact on behalf of the business applying for Straddle services, then the Straddle onboarding team will reject the application for Straddle services.
KYC: Evaluate Legal, Business, & Financial History of Owner
Source data
Reason
If the owner or primary officer of a company has a proven track-record of legal problems, involvement, or ownership in fraudulent or failed businesses, or has demonstrated a consistent pattern of mismanaging personal finances, then it may be safe and reasonable to conclude that a significant risk exists for the same character issues to affect the management and practices of the current business applying for payment services.
Assessment Guidelines
Start by reviewing the credit report. A history of debt write-offs or liens or a recent bankruptcy would demonstrate the owner’s attitude toward paying his/her debts and could be an indicator of the current financial stability of the company. Excessive unsecured debt and/or credit scores of <650 should be reviewed with enhanced due diligence. If the owner demonstrates a commitment to honoring debt, then late payments on a credit report should be noted but not given the same weight as write-offs, liens, or bankruptcies.
In addition to a personal credit report, the primary officer and any other listed contacts are screened via no less than 14 international watchlists.
Office of Foreign Assets Control (OFAC)
U.S. Department of Treasury
Bureau of Industry and Security
U.S. Department of Commerce
Directorate of Defense Trade Controls
U.S. Department of State
Bureau of International Security and Non-Proliferation
U.S. Department of State
Socure provides additional watchlist coverage coupled with Adverse Media detection and ongoing monitoring for Beneficial Owners and Companies (detailed below)
If any information is surfaced that is incongruous with the Straddle enrollment form, such as the primary officer “home address” being a UPS store, the data is highlighted in red and triggers an enhanced due diligence investigation by the Straddle onboarding analyst.
The other search tools can be used to find lawsuits, bad press, FTC investigations, FTC judgments, criminal investigations, prosecutions, customer complaints and other negative information tied to the owner’s name, address, or other personal information. A complete background check may be performed for those individuals or entities where enhanced due diligence is required.
If the owner/officer of an originator shows a proven history or a significant incidence of personal legal, business, or financial problems, without proof of remedy, Straddle should choose to decline the application for processing services.
KYB: Verify legitimacy of the business
Is the business legitimate and is the sign-up data valid/correlated to the business?
Reason
Know Your Business has the same objective as KYC in the sense that it is a way for Straddle to assess and understand the various risks that new business relationships pose. The KYB process should enable Straddle to examine the entities that they are dealing with and help them to determine whether they are authentic or are being used to conceal the identities of owners for illegitimate purposes.
A business may apply for Straddle services using the name of a business that does not really exist, the name of a business that does exist but is not located at the address provided, or a name that purposely violates all or part the registered or trademarked name of an existing business. In each case, the goal of submitting such an application would usually be to defraud unsuspecting customers and use Straddle to collect fraudulent payments.
Source data
Assessment Guidelines
Rather than have our compliance analysts scour the internet for disparate data sources relating to the business, the proprietary Straddle onboarding platform aggregates various data sources into a human-readable format and alerts the analyst when the package is ready for review.
Initially, the system prompts the analyst to review “Industry Type” – if the potential business customer falls under a prohibited industry the application for payment services is to be immediately declined. Subsequently, the business website is confirmed to be active and to correlate with the email domain used by the individual submitting the application.
Inconsistencies in merchant name, industry, email address, address, phone numbers and other data should be considered as significant problems, and if not resolved should result in the rejection of a merchant application.
A “business report” is compiled validating the following:
Taxpayer Identification Number (TIN)
A Taxpayer Identification Number (TIN) is a unique identification number used by the Internal Revenue Service (IRS) in the administration of tax laws. While there are various types of TINs, all businesses will have some form of TIN, which will act as a unique identifier of a business entity.
The list of TIN types are the following:
Today, Straddle only offers payment services to customers that have EINs, also known as a Federal Tax Identification Numbers (FEIN), which are assigned to business entities, as well as estates and trusts.
All valid business entities will have an EIN issued by the IRS. The Federal government requires a legal entity have an EIN in order to pay employees and to file business tax returns. To be considered a Partnership, LLC, Corporation, S Corporation, Non-profit, etc., a business must obtain an EIN when incorporating.
EIN vs SSN
Businesses that are registered as sole proprietorships use the Owner / Operator's SSN in the place of the EIN.
EINs do not expire. Once an EIN has been issued to an entity, it will not be reissued. As such, each EIN is unique to a business and persists over time.
Verifying the EIN of a business is a crucial part of business verification. When creating a Business through Straddle with a TIN, Straddle will verify that the EIN is valid and that it matches the name passed to Straddle. If the EIN is unable to be verified or does not match the name provided, Straddle via its Middesk integration will perform a series of lookups to identify alternate names that may be associated with that EIN.
Verifying a TIN and Business Name match is important for a couple of reasons:
When a TIN is passed for verification, Straddle will receive one of the following responses:
TIN Response
status
label
sub_label
Success
The IRS has a record for the submitted TIN and Business Name combination
Found
Failure
We believe the submitted TIN is associated with a different Business Name
Mismatch
Failure
The IRS does not have a record for the submitted TIN and Business Name combination
Not Found
Failure
TIN/name failure - Duplicate request
Duplicate
Failure
TIN/name failure - IRS is unavailable
Unavailable
There are no rows in this table
Business Formation
Businesses are formed or incorporated at the beginning of their existence. This happens through an act called "incorporation" or "formation," which is typically handled through a state's Secretary of State. A business owner files the required paperwork with this government body, and the Secretary of State issues a set of Articles of Incorporation or Organization to commemorate the act of creating the entity. That state of incorporation is referred to as the entity's domestic jurisdiction.
At the time of formation, the entity owner also decides the formation type of the entity. The formation type determines the personal liability of the founders, how taxes are paid, and other important details.
The main formation structures are:
A business must also decide in which states to establish themselves. While a business forms in a domestic jurisdiction, it is not required to operate only in that market. For example, more than 65% of Fortune 500 firms incorporate their business in Delaware, despite residing elsewhere.
Understanding the formation of an entity is key to evaluating the risk profile of a business. When creating a Business review in Middesk, we evaluate the Business in all U.S. markets to determine the entity's footprint, including its domestic and all foreign jurisdictions.
Determining the actual formation of a business is important to answer questions like:
Secretary of State Filing
As mentioned in Formation, while a business can be formed and established in one jurisdiction, a business can operate in many other states. When filing to conduct operations in another jurisdiction with a state's Secretary of State, a business entity files a registration with that government body. This new state is referred to as one of the entity's foreign jurisdictions.
An entity is considered as conducting business in a state when:
While registering a business is not a legal requirement in every state, if a business does not register or falls out of good standing with the state, the business forfeits many of its protections as a business in that state. These include founders' personal liability protection, legal benefits, and tax benefits.
When registering a business in a foreign jurisdiction, it typically provides information about its location, directors, officers, and financial standing, as well as a series of legal documents capturing additional information about that business.
In addition to the initial state registration, nearly every state requires a regular information report to be filed. Whether annual or biannual, the purposes of a company’s annual report are to provide the state with updated information on the business. If an entity does not file an annual report, the entity may fall out of good standing with the state, which can be interpreted as a risk signal.
Determining the state registration for businesses is a critical part of due diligence, as the actual status of that business is commonly determined at the state level. Additionally, the IRS does not maintain accurate records on the status of a business entity. As such, EIN verification alone does not signal if a business is active or defunct.
For all businesses verified by Straddle through Middesk, we conduct searches for that business entity in all 50 states and D.C. This forms a clear picture of the business, where it operates, and its health and relationship with each state in which it operates.
Secretary of State Filings also provide a wealth of information about a business. Straddle will always use registration records to summarize a few key points that we should know including:
SoS Response
Status
Label
Sub-label
Success
X of Y filings found are Active
Active
Warning
X of Y filings have no status provided
Partially Unknown
Warning
X of Y filings found are Inactive
Partially Inactive
Failure
The business has no Active Secretary of State filings
Inactive
Failure
The business has no Secretary of State filings
Not Registered
Success
The business is Active in the state of the submitted Office Address
Submitted Active
Warning
The submitted state does not make filing status available
Submitted Unknown
Failure
The business is Inactive in the state of the submitted Office Address
Submitted Inactive
Failure
The business is not registered in the state of the submitted Office Address
Submitted Not Registered
There are no rows in this table
Business Name
Business name is another entity identifier that can help surface meaningful signals about a business entity, its current standing, and other risk factors.
There are two main sets of names important to consider in business verification: an entity's legal name, and its Doing Business As (DBA) names.
Legal Name
An entity's legal name is meant to uniquely identify the business in a given state. Each state may have requirements around valid entity names (e.g., requires the use of alphabetical characters) or the use of suffixes (e.g., LLC, Inc.). Most states do not allow an entity to register with a name already in use, and some states require an entity name to reflect the operations of the business.
While states guard against duplicative names, each state acts independently when forming entities. Therefore, many business entities have the same name as a separate business in another state. In this case, it is critical to understand the domestic and foreign jurisdictions of each state, and how and when each filing was made.
Doing Business As (DBAs)
A company is said to be "doing business as" a name when the business operates under a name different than its legal, registered name. These names are also referred to as "assumed", "fictitious", or "trade" names.
State and local governments usually require companies to register these alternate names through a DBA filing, allowing the company to legally operate under a separate trade name.
Understanding names associated with a business is an important part of the due diligence process, if only because a business may register an Straddle customer or partner with their DBA. However, when uncovering the critical details about a business, such as its litigation history, information is almost always filed under the entity's legal name.
The Straddle onboarding system helps surface names associated with the entity, as well as verifies the name submitted with the report request. We will surface the following status as they relate to business name:
Name response
Status
Label
Sub-label
Success
Match identified to the submitted Business Name
Verified
Warning
Similar match identified to the submitted Business Name
Similar Match
Failure
Unable to identify a match to the submitted Business Name
Unverified
Failure
We believe the submitted TIN is associated with “name”
Alternate Name
There are no rows in this table
Address
Understanding where a business is located and operates can influence multiple decisions in the business entity diligence process. Moreover, addresses are not static and may change over time. As such, the Straddle compliance and underwriting decisions often require a holistic picture of a business entity's historical physical presence.
In addition to location, the type of address is a critical signal for those conducting diligence. For example, home-based business owners face privacy and safety issues when using their home address as their physical business address and often opt instead to use a P.O. Box as their entity's registered address.
Other addresses commonly tied to a business can be:
Addresses can be an important part of verifying the legitimacy of a business.
For example, as a payment processor evaluating the risk profile of a business, it is important to know what address this business is operating out of and the actual details of that address. It may be a red flag to see hundreds of thousands of dollars being processed in payments from a residential address.
When running a Business report, Straddle retrieves address information from bona fide sources such as the IRS, Secretary of State, and other regulatory bodies that require address filings. At the same time, Middesk flags other details about retrieved addresses, including whether the address is a commercial or residential location, if the address is a virtual or mailbox location, and if the address is deliverable or not.
While addresses have numerous data points that are relevant, the onboarding system will summarize the address information as follows:
Address response
Status
Label
Sub-label
Success
Match identified to the submitted Office Address
Verified
Warning
Identified an address within 0.2 miles of the submitted Office Address
Approximate Match
Failure
Unable to identify a match to the submitted Office Address
Unverified
Success
Submitted Office Address is a Commercial property
Commercial
Warning
Submitted Office Address is a Residential property
Residential
Success
The USPS is able to deliver mail to the submitted Office Address
Deliverable
Failure
The USPS is unable to deliver mail to the submitted Office Address
Undeliverable
There are no rows in this table
People
Understanding the details of the ownership structure and executive team of a company is extremely important in helping to maintain compliance with Know Your Customer and Ultimate Beneficial Owner requirements, as well as, in helping to understand the potential risk or fraud signals about that entity.
When an entity is formed with the state, there will commonly be a record of the individuals that are associated with the formation of that business. The exact roles that individuals hold can change based on the entity structure, but the most common individuals that are associated with an entity are as follows:
Typical corporate roles
Title
Description
President
Usually the legally recognized highest rank of corporate officer
Treasurer
Responsible for accounting and handles corporate funds
Secretary
Handles corporate records and may also handle corporate stock and the stock transfer book
Member
The formal name for an LLC owner
Owner
The only one (or one in a few) managing business operations
Registered Agent
An individual or corporation, who may or may not be part of the business
entity, who is designated to receive correspondence from the Secretary of State.
There are no rows in this table
While there is no single source to capture all officer information for private companies in the US, Middesk and People Data Labs provide an aggregate list of individuals and corporations associated with each business based on data acquired from a variety of sources.
There are a variety of ways to leverage the consolidated list of people, which include validation of Beneficial Owners, Signatories, and other workflows that may require developing a linkage between the individual that is applying on behalf of a business and the business entity itself.
If the individual(s) listed on the Straddle payment services application cannot be matched to public records via Middesk or other ancillary sources such as or , Straddle may require additional signatories on the service agreement before proceeding with account onboarding.
Website
Websites are rich sources of information about corporate entities and are helpful in verifying the legitimacy of a business.
Website status
Status
Label
Sub-label
Success
Website was Online when the business record was ordered
Online
Failure
Website was Offline when the business record was ordered
Offline
Success
Successfully found entity details on the submitted Website
Verified
Warning
Unable to find entity details on the submitted Website
Unverified
Failure
The website has been purchased but has no content.
Parking Page
There are no rows in this table
Want to print your doc?
This is not the way.
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.