ONYX
Docs

KYC & Compliance

Complete regulated checks when an action requires them.

KYC & Compliance explains how regulated identity verification works inside Onyx.

KYC stands for Know Your Customer. Onyx only requests regulated verification when a specific action requires stronger identity, eligibility, fraud prevention, telecom compliance, or payment verification.

You should not be asked to complete regulated verification unless the action actually requires it.

Verification

Verification gate flow

Follow the customer-visible status from a required check through review, completion, failure, or expiration.

Current step

Action requires check

Verification required

Account shows

Affected action and next step

Visible

Data shared

Only required verification result

Scoped

Why Verification Exists

Some Onyx features operate inside regulated telecom and payment environments.

Verification exists to:

  • prevent fraud and impersonation
  • protect payment and wallet activity
  • support telecom compliance requirements
  • support card issuance
  • support regulated payment rails
  • protect account recovery
  • validate jurisdiction eligibility
  • support trusted connected app assertions

Verification is designed to support account safety and regulated access, not to create a public identity ranking system.

When Verification May Be Required

Verification may be required for:

  • wallet funding
  • card issuance
  • FX settlement
  • payment eligibility
  • number activation in regulated regions
  • connected app assertions
  • organization verification
  • recovery of sensitive account actions
  • high-risk account changes

If verification is not required for an action, the account should not request it.

Verification Providers

Onyx currently supports regulated identity verification through trusted providers including:

  • Sumsub
  • Persona

These providers can perform:

  • government ID verification
  • selfie and liveness checks
  • proof-of-address review
  • sanctions screening
  • fraud review
  • age verification
  • jurisdiction checks
  • organization verification

Verification providers process identity evidence and return verification results back to the Onyx account.

The product intentionally avoids exposing:

  • provider internals
  • compliance workflows
  • raw verification payloads
  • sensitive document archives
  • fraud scoring systems
  • regulatory terminology in normal account flows

Instead, your account receives:

  • trust state updates
  • eligibility results
  • action availability
  • refresh requirements
  • verification expiration state

Verification Flow

When verification is required, the account should explain:

  • which action triggered verification
  • what information is required
  • whether the check is regulated
  • what happens after submission

Typical flow:

  1. Action requires verification
  2. Account requests consent
  3. Verification session begins
  4. Documents or checks are submitted
  5. Verification review completes
  6. Account trust and eligibility update

Depending on the action, verification may include:

  • identity document upload
  • selfie capture
  • liveness confirmation
  • proof-of-address verification
  • organization documentation
  • additional eligibility questions

Some checks complete quickly. Others may require additional review depending on:

  • region
  • document quality
  • telecom requirements
  • payment rail requirements
  • fraud review
  • organization review

Verification States

Verification can appear as:

  • not required
  • required
  • started
  • pending
  • awaiting information
  • completed
  • failed
  • expired
  • revoked
  • refresh required
  • unavailable

Some account actions remain unavailable until verification completes successfully.

Your account should always show:

  • current verification state
  • which action is blocked
  • whether additional information is needed
  • whether the issue is temporary
  • what step is required next

Trust And Eligibility

Verification updates account trust and eligibility state.

Current trust states include:

  • Basic
  • Trusted
  • Verified
  • KYC Verified
  • Organization / Service Verified

Trust state can affect:

  • payment eligibility
  • card issuance
  • number support
  • connected app permissions
  • wallet-linked functionality
  • regulated services

Verification does not automatically make account details public.

KYC status should not appear as:

  • a public social badge
  • unrestricted connected app data
  • public profile metadata
  • unrestricted identity access

Scoped Verification Results

Connected apps can request limited verification assertions through Onyx ID.

Examples include:

  • identity verified
  • age verified
  • payment eligible
  • jurisdiction eligible
  • organization verified

Apps only receive the specific assertion you approve.

Apps should not receive:

  • raw KYC documents
  • unrestricted account access
  • unrelated wallet activity
  • unrelated payment history
  • fraud review details
  • private verification evidence

Verification Expiration And Refresh

Some verification states expire over time.

Refresh requirements can depend on:

  • local regulation
  • payment rail requirements
  • telecom policy
  • document expiration
  • account recovery state
  • organization review timing

Your account can show:

  • verification expired
  • refresh required
  • restricted access
  • additional information required

Some features may pause until verification refresh completes successfully.

Number And Telecom Compliance

Certain telecom services require identity verification before number activation or messaging access becomes available.

Requirements can vary by:

  • country
  • local telecom law
  • number type
  • messaging capability
  • carrier policy

Some regions may require:

  • address verification
  • identity confirmation
  • organization documentation
  • local eligibility checks

Number support can remain unavailable until those checks complete successfully.

Card And Payment Compliance

Card and payment infrastructure may require:

  • regulated identity checks
  • sanctions screening
  • fraud review
  • eligibility validation
  • PCI-aligned payment handling
  • issuer review

Some payment rails or card features can become unavailable because of:

  • unsupported region
  • failed verification
  • expired review state
  • issuer restrictions
  • regulatory restrictions
  • transaction review

Payment and card systems operate under regulated banking and issuer requirements.

Privacy And Data Handling

Verification data is designed to stay scoped and permissioned.

The account should not expose:

  • raw KYC documents
  • verification provider payloads
  • sanctions review data
  • private fraud analysis
  • compliance archives
  • sensitive identity evidence

Connected apps should only receive:

  • approved assertions
  • approved eligibility signals
  • approved trust visibility
  • approved permission scope

Verification exists to support:

  • account safety
  • telecom compliance
  • payment eligibility
  • card issuance
  • trusted connected app access
  • account recovery

without exposing unnecessary personal information.