Customers
Manage end users who send or receive payments through your integration
Customers represent the end users who send or receive payments through your integration. They represent the individuals or businesses involved in payment transactions with a Straddle account.
This guide will walk you through the process of creating, managing, and verifying customers using Straddle’s API. This guide explains how to create and manage customers while maintaining compliance and security.
The Customer Object
A customer in Straddle is an entity (individual
or business
) that you interact with for payment purposes.
Field | Type | Description | Required? |
---|---|---|---|
id | string | Unique identifier for the customer, generated by Straddle. | |
name | string | Full name of the individual or business name. | |
type | string | Type of customer (individual or business ). | |
email | string | Customer’s email address. | |
phone | string | Customer’s phone number in E.164 format. | |
external_id | string | Your system’s unique identifier for this customer. | |
status | string | Current status of the customer (pending , review , verified , rejected , inactive ). | |
address | object | Customer’s address information. | |
↳ address1 | string | Primary address line. | |
↳ address2 | string | Secondary address line (optional). | |
↳ city | string | City name. | |
↳ state | string | State or province code. | |
↳ zip | string | Postal or ZIP code. | |
↳ country | string | Country code (ISO 3166-1 alpha-2). | |
↳ type | string | Type of address (residential or commercial ). | |
compliance_profile | object | Information used for identity verification. | |
↳ dob | string | Date of birth (YYYY-MM-DD format). | |
↳ ssn | string | Full or last 4 digits of Social Security Number (masked in responses). | |
↳ ein | string | Employer Identification Number (for business customers). | |
↳ legal_business_name | string | Two-letter abbreviation of the state where the business was originally registered (for business customers). | |
↳ website | string | URL of the company’s official website (for business customers). | |
↳ representatives | object | A list of people associated with the Business. (for business customers). | |
device | object | Information about the device used during customer creation. | |
↳ ip_address | string | IP address of the device. | |
metadata | object | User-defined key-value pairs for storing additional information. | |
created_at | datetime | Timestamp of when the customer record was created. | |
updated_at | datetime | Timestamp of the most recent update to the customer record. |
Identity Built-in
When you create a customer, Straddle automatically initiates the identity verification process. This process includes:
Identity
Identity
- Fraud: Straddle employs a machine learning model trained with hundreds of predictors to detect the likelihood of identity fraud. Provides 98% instant risk decisions without the need for selfies.
- Synthetic Identities: Purpose-built and trained with consortium data to tackle fake and randomized synthetic identity patterns. Produces highly accurate, real-time, actionable risk scores and reason codes, with 90% auto-capture in the riskiest 3% of users.
- Email / Phone / Address Risk: Provides a risk score and correlation value for email addresses, phone numbers, and physical addresses. Risk scores use ML models trained on specific variables and layered with 800 million rows of known good and bad outcomes to predict the likelihood of fraud.
- Device Risk (Coming Soon): Predicts risk associated with a device using data attributes such as IP, geolocation, device type, and device software. Device is the first application fraud solution that “binds” a device to the individual using it to counter application fraud and validate customer logins.
KYC
KYC
Know Your Customer (KYC) matches consumer-provided PII against the closest single identity on record or best-matched entity and returns a true or false value indicating the likelihood of a match. KYC is a legal requirement for financial institutions and financial services companies to establish a consumer’s identity and identify risk factors.
Straddle KYC is accurately auditable and fully compliant with Section 326 of the US Patriot Act, the Customer Identification Program (CIP), and FinCEN’s expanded Customer Due Diligence (CDD) program.
dob
and ssn
in the “Compliance Profile” of an API request when creating a customer to trigger KYC validationAML and Watchlist Monitoring
AML and Watchlist Monitoring
Global Watchlist Screening with Monitoring identifies risk by matching person and non-person entities against sanctions and enforcement lists, as well as Politically Exposed Persons (PEP) and adverse media registries worldwide.
Features
- Sanctions and Enforcements Screening: Screen consumers and businesses during onboarding to identify if they are sanctioned or flagged by enforcement authorities.
- PEP Screening: Screen individuals against PEP lists to identify those who could pose a higher Anti-Money Laundering (AML) risk.
- Adverse Media Screening: Protect your company’s reputation by identifying individuals associated with news items related to financial crimes.
- Real-Time Monitoring: Continuously monitor existing customers in real time to determine if they appear on updated sanctions or PEP lists.
OFAC SDN and consolidated lists
US, Canada, and global lists
Enforcement lists
311 Special Measures
OIG exclusion lists
EPLS, HIDTA, HIFCA
The result of this verification process determines the customer’s status, which can be one of the following:
-
pending
: Initial status when the customer is created -
review
: Additional review is needed -
verified
: Customer has passed all verification checks -
rejected
: Customer failed verification checks -
inactive
: Customer is no longer active
Customer Attributes
Customer Status Details
Status | Description |
---|---|
pending | Initial status when the customer is created. |
review | Additional review is needed for verification. |
verified | Customer has passed all verification checks. |
rejected | Customer failed verification checks. |
inactive | Customer is no longer active. |
Notes
Notes
-
The
ssn
field in thecompliance_profile
is always masked in API responses for security reasons. Use the unmasked customer data endpoint to access the full SSN when necessary and authorized. -
The
ein
,website
andrepresentatives
fields in thecompliance_profile
are only applicable for business customers. -
The
device
information is automatically captured when a customer is created through your application. This data is used as part of the identity verification process. -
The
metadata
object can contain up to 20 key-value pairs, each with a maximum length of 40 characters for keys and 500 characters for values. -
The
created_at
andupdated_at
fields are automatically managed by Straddle and cannot be modified directly.
Creating a Customer
To create a customer, you’ll use the POST /v1/customers
endpoint. Here’s an example of how to create a customer using the Straddle API:
This request creates a new customer with the provided information. The response will include a unique id
for the customer, which you’ll use for future operations.
Ensure that you handle sensitive information like SSNs securely and in compliance with relevant regulations.
Retrieving Customer Information
To retrieve information about a customer, use the GET /v1/customers/{id}
endpoint:
Updating Customer Information
You can update a customer’s information using the PUT /v1/customers/{id}
endpoint:
Updating certain fields may trigger a re-verification process, which could change the customer’s status.
Listing Customers
To retrieve a list of customers, use the GET /v1/customers
endpoint. This endpoint supports pagination and various filter options:
You can filter customers by various parameters such as status
, type
, created_from
, created_to
, and more. Refer to the API reference for a complete list of available filters.
Handling Customer Reviews
When a customer’s status is set to review
, it means additional verification is needed. You can use the GET /v1/customers/{id}/review
endpoint to retrieve detailed information about the review:
The response will include detailed information about the verification process, including any specific issues that need to be addressed.
To update the status of a customer under review, use the PATCH /v1/customers/{id}/review
endpoint:
Working with Unmasked Customer Data
In certain situations, you may need to access unmasked customer data. This is sensitive information and should be handled with care. To retrieve unmasked customer data, use the GET /v1/customers/{id}/unmasked
endpoint:
Access to unmasked data is restricted and requires special permissions. Ensure you have the necessary authorization before attempting to access this endpoint.
Best Practices for Working with Customers
-
Provide as much information as possible: The more information you provide when creating a customer, the more accurate the verification process will be.
-
Handle verification failures gracefully: If a customer’s verification fails, provide clear instructions on what they need to do next.
-
Keep customer information up to date: Regularly update customer information to ensure accuracy and maintain compliance.
-
Use webhooks: Set up webhooks to receive real-time notifications about changes in customer status or verification results.
-
Respect privacy: Only collect and store the minimum amount of personal information necessary for your business operations.
-
Implement proper error handling: Be prepared to handle various API errors and provide appropriate feedback to your users.
-
Use pagination for listing customers: When retrieving large lists of customers, always use pagination to improve performance and responsiveness.
-
Leverage metadata: Use the metadata field to store additional information about customers that’s specific to your business needs.
-
Implement proper access controls: Ensure that only authorized personnel have access to sensitive customer information, especially unmasked data.
-
Regular audits: Periodically review your customer data and processes to ensure ongoing compliance with regulations and best practices.
Understanding Reason Codes
Straddle uses reason codes to provide detailed information about verification results. These codes can help you understand why a customer might have failed verification or been flagged for review. Here are some common reason codes:
-
I1001
: Identity not found within Consortium Institutions -
R201
: The input SSN is invalid -
R551
: Email address is invalid -
R603
: Phone number is invalid -
R703
: Address is invalid or does not exist
For a complete list of reason codes and their meanings, refer to the Reason Codes Reference.
Handling Specific Use Cases
High-Risk Customers
For customers flagged as high-risk, you may want to implement additional verification steps:
-
Request additional documentation
-
Conduct manual review
-
Implement transaction limits
Business Customers
When working with business customers, you’ll need to collect additional information:
-
Business name
-
Business type (LLC, Corporation, etc.)
-
Tax ID (EIN for US businesses)
-
Information about business owners or authorized representatives
For more information on Business Identity verification, refer to the Business Identity guide.
Conclusion
Understanding and effectively managing customers is crucial for successful integration with Straddle. By leveraging Straddle Identity, you can ensure that you’re interacting with verified individuals and businesses, reducing the risk of fraud and enhancing the security of your payment operations.
Remember that customer management is an ongoing process. Regularly review and update your practices to ensure they align with the latest regulations and industry best practices.
For more detailed information about the customer-related API endpoints, refer to the Customers API Reference.