Best practices for platforms with Express or Custom accounts

    Provide the smoothest experience for your Express or Custom Connect accounts by following these best practices when it comes to compliance, verification, and fraud prevention.

    Connect is a flexible and powerful tool that facilitates performing transactions for your users through Stripe. Although Stripe greatly simplifies the technical components of payment processing, there are a few obligations that must be fulfilled by you (the platform), the connected accounts, and Stripe. You must prepare to meet these requirements when defining and developing your platform.

    Steps to take before going live

    Platforms with Express or Custom accounts are expected to take all of the following steps before going live and onboarding users. Meeting these requirements helps prevent losses and ensures that payouts to your users are not delayed.

    • Use webhooks to watch for and respond to account activity
    • Manage fraud on your platform to limit risks to you and your users

    Platforms with Express accounts are expected to additionally take these steps:

    Platforms with Custom accounts are expected to additionally take these steps:

    Establish webhooks

    Sometimes we’ll need more information about connected accounts. Should Stripe require something, we’ll reach out to you via a webhook (not via email). It’s vital that you establish a webhook endpoint that responds to our requests and other account activity. Failure to watch for, and promptly respond to, these notifications will lead to delays in money being transferred.

    Sometimes Stripe will ask for additional information because the provided information failed verification: for example, a user’s date of birth or last name appears to be incorrect. In such cases, you should also take the opportunity to re-verify the previously submitted information, as the cause of verification failure may be a simple misspelling or data entry error.

    When a connected account updates their account information (e.g., bank account), Stripe notifies you of this change through a webhook. Your platform must verify the updated account information.

    Prevent fraud

    The platform is ultimately responsible for any losses incurred by Express and Custom accounts through its Connect application. Stripe helps by monitoring the accounts that you onboard, preemptively shutting down accounts that we believe are fraudulent, and contacting you should we notice anything suspicious.

    There’s no magic formula for detecting bad actors on your platform, but generally the better you understand your user and their business, the better you—and Stripe—can assess their risk profile. To do this and reduce the opportunity for fraud, we recommend you:

    • Establish a time period in which you verify your users before they can do business through your platform
    • Examine a user’s online presence through social or professional profiles like Facebook, Twitter, or LinkedIn
    • Closely review the user’s website (should they reasonably have one)
    • Collect appropriate licenses, if warranted for a user’s business
    • Confirm your user’s email address if it is linked to their business domain (e.g., send an email to an address at that domain and require a response from it)
    • Collect and verify platform-appropriate information, such as a physical address, inventory list, or selling history
    • Monitor activity on your platform to get a sense of typical behavior, which can be used to look for suspicious behavior

    If you suspect a user may be fraudulent, we recommend rejecting the account. This prevents the account from receiving further funds and improves Stripe’s fraud detection systems.

    Additionally, you can use Stripe’s built-in fraud tools to identify and prevent fraud on individual charge attempts. You should also familiarize yourself with the most common fraud types.

    Sanctions concerns

    As a U.S. company, Stripe complies with all sanctions programs administered by the U.S. Office of Foreign Assets Control (OFAC), along with a number of other national and international sanctions regimes. This includes both prohibitions against interactions with certain individuals and entities as well as comprehensive bans on business dealings involving certain countries or regions that are targeted by sanctions regimes.

    Stripe screens all accounts, including connected accounts, in compliance with our own obligations under these sanctions regimes. If a connected account is flagged as a possible sanctions concern, Stripe will pause payouts from the connected account and reach out to the platform via email to request additional information. If there is a particular email address you would like sanctions-related requests to be sent to, please let your Stripe contact or our customer support team know. You can also set up webhooks to listen for sanctions-related events, which will appear as account.updated, disabled_reason: listed.

    Payouts from the connected account will remain paused until the review has been cleared. Disregarding or violating sanctions can lead to fines, regulatory action, and loss of licensing for both Stripe and our users.

    Customize the onboarding flow and Dashboard (Express only)

    Express displays your icon and brand color throughout the onboarding process and on the Express Dashboard, so it’s important to provide recognizable branding. Within the Express section of your Connect settings you can customize the logo, platform name, and color scheme your users see.

    Position Express in your onboarding flow (Express only)

    To ensure the best possible conversion rate, position the Express onboarding process carefully within your application’s flow. Users are more likely to complete the process and provide the necessary information when Express onboarding is positioned after your application’s own initial sign-up and onboarding steps.

    Before sending users into the Express onboarding flow, briefly introduce Stripe and convey the role that Stripe plays in your application. Consider adapting this sample text and including it in your user interface:

    [Your Company Name] uses Stripe to get you paid quickly and keep your personal and payment information secure. Thousands of companies around the world trust Stripe to process payments for their users. Set up a Stripe account to get paid with [your platform name.]

    Direct users to get support (Express only)

    As you control much of the payments experience, we recommend your Express users reach out to you first with any questions. However, they may have questions that only Stripe can answer. To provide the most efficient support possible, platforms should first work with the user and potentially refer them to Stripe for these subjects:

    • Verification questions (e.g., what information do I need to give Stripe and why?)
    • Problems accessing the Express Dashboard (e.g., why doesn’t the two-factor authentication work?)

    We expect platforms can handle all other questions, but if one comes up you’re unable to answer, reach out to us for help.

    Agree to Stripe’s Services Agreement (Custom only)

    All Stripe accounts must accept Stripe’s Services Agreement, and Custom accounts in particular must accept the Stripe Connected Account Agreement (which includes the Stripe Services Agreement). Acceptance must occur before you begin processing payments on a connected user’s behalf.

    We’ve provided a recommend interface and sample text in multiple languages in our Services Agreement Acceptance documentation. There you’ll also find the code you’ll use to notify Stripe of a user’s acceptance.

    Know your users (Custom only)

    As your users are also Stripe’s users (albeit discreetly), you’ll need to work with Stripe to meet all “Know Your Customer” (KYC) obligations. We’ve designed Connect to accept KYC information directly through the API. When the information provided is incomplete or incorrect, it may result in delayed payouts for your users, or financial losses of your own.

    Stripe requires that certain information about your users is provided as part of onboarding in order to comply with local KYC requirements. A platform with Custom accounts is responsible for all communications with its users, including collection of this required information. Because Stripe will not have direct communications with your users, it is your obligation to communicate the importance of compliance and identity verification.

    We recommend conveying to your users the relationships involved as such:

    1. Stripe is processing charges on a connected user’s behalf. Although the platform is initiating and managing the transactions, funds are not flowing through the platform itself.
    2. The connected user has a Stripe account but relies on you to help them manage it, and Stripe has a legal obligation to know who they are.

    Properly explaining the relationship in terms of banking regulations should suffice. You and your users also benefit from having a clear privacy policy that explicitly states what will and will not be done with the user’s information. (See Stripe’s Privacy Policy to know how we use provided information.)

    Further reading

    Learn more about Connect:

    Was this page helpful?

    Feedback about this page?

    Thank you for helping improve Stripe's documentation. If you need help or have any questions, please consider contacting support.

    On this page