Best Practices for Platforms with Express or Custom Accounts

Provide the smoothest experience for your Express or Custom Connect accounts by following these best practices when it comes to compliance, verification, and fraud prevention. If you need help after reading this, search our documentation or check out answers to common questions. You can even chat live with other developers in #stripe on freenode.

Connect is a flexible and powerful tool that facilitates performing transactions for your users through Stripe. Although Stripe greatly simplifies the technical components of payment processing, there are a few obligations that must be fulfilled by you (the platform), the connected accounts, and Stripe. You must prepare to meet these requirements when defining and developing your platform.

Steps to take before going live

Platforms with Express or Custom accounts are expected to take all of the following steps before going live and onboarding users. Meeting these requirements helps prevent losses and ensures that payouts to your users are not delayed.

Use webhooks to watch for and respond to account activity
Manage fraud on your platform to limit risks to you and your users
Subscribe to the Connect Announce mailing list to hear about new features and changes

Platforms with Express accounts are expected to additionally take these steps:

Ensure you've customized the onboarding flow and Dashboard
Determine where to position Express in your onboarding flow
Make it clear to users where they should request support

Platforms with Custom accounts are expected to additionally take these steps:

Have your Custom accounts agree to the Stripe Connected Account Agreement
Know your users by collecting and verifying required information

Establish webhooks

Sometimes we’ll need more information about connected accounts. Should Stripe require something, we’ll reach out to you via a webhook (not via email). It’s vital that you establish a webhook endpoint that responds to our requests and other account activity. Failure to watch for, and promptly respond to, these notifications will lead to delays in money being transferred.

Sometimes Stripe will ask for additional information because the provided information failed verification: for example, a user’s date of birth or last name appears to be incorrect. In such cases, you should also take the opportunity to re-verify the previously submitted information, as the cause of verification failure may be a simple misspelling or data entry error.

Prevent fraud

The platform is ultimately responsible for any losses incurred by Express and Custom accounts through its Connect application. Stripe helps by monitoring the accounts that you onboard, preemptively shutting down accounts that we believe are fraudulent, and contacting you should we notice anything suspicious.

There’s no silver bullet to detecting bad actors on your platform, but generally the better you understand your user and their business, the better you—and Stripe—can assess their risk profile. To do this and reduce the opportunity for fraud, we recommend you:

Establish a time period in which you verify your users before they can do business through your platform
Examine a user’s online presence through social or professional profiles like Facebook, Twitter, or LinkedIn
Closely review the user’s website (should they reasonably have one)
Collect appropriate licenses, if warranted for a user’s business
Confirm your user’s email address if it is linked to their business domain (e.g., send an email to an address at that domain and require a response from it)
Collect and verify platform-appropriate information, such as a physical address, inventory list, or selling history
Monitor activity on your platform to get a sense of typical behavior, which can be used to look for suspicious behavior

If you suspect a user may be fraudulent, we recommend rejecting the account. This prevents the account from receiving further funds and improves Stripe’s fraud detection systems.

Further, Stripe’s built-in fraud tools can also be used to identify and prevent fraud on individual charge attempts. You’ll also want to familiarize yourself with the most common fraud types.

Customize the onboarding flow and Dashboard (Express only)

Express displays your icon and brand color throughout the onboarding process and on the Express Dashboard, so it’s important to provide recognizable branding. Within the Express section of your Connect settings you can customize the logo, platform name, and color scheme your users see.

Position Express in your onboarding flow (Express only)

To ensure the best possible conversion rate, position the Express onboarding process carefully within your application’s flow. Users are more likely to complete the process and provide the necessary information when Express onboarding is positioned after your application’s own initial sign-up and onboarding steps.

Before sending users into the Express onboarding flow, briefly introduce Stripe and convey the role that Stripe plays in your application. Consider adapting this sample text and including it in your user interface:

[Your Company Name] uses Stripe to get you paid quickly and keep your personal and payment information secure. Thousands of companies around the world trust Stripe to process payments for their users. Set up a Stripe account to get paid with [your platform name.]

Direct users to get support (Express only)

As you control much of the payments experience, we recommend your Express users reach out to you first with any questions. However, they may have questions that only Stripe can answer. To provide the most efficient support possible, platforms should first work with the user and potentially refer them to Stripe for these subjects:

Verification questions (e.g., what information do I need to give Stripe and why?)
Problems accessing the Express Dashboard (e.g., why doesn’t the two-factor authentication work?)

We expect platforms can handle all other questions, but if one comes up you’re unable to answer, reach out to us for help.

Agree to Stripe’s Services Agreement (Custom only)

All Stripe accounts must accept Stripe’s Services Agreement, and Custom accounts in particular must accept the Stripe Connected Account Agreement (which includes the Stripe Services Agreement). Acceptance must occur before you begin processing payments on a connected user’s behalf.

We’ve provided a recommend interface and sample text in multiple languages in our Services Agreement Acceptance documentation. There you’ll also find the code you’ll use to notify Stripe of a user’s acceptance.

Know your users (Custom only)

As your users are also Stripe’s users (albeit discretely), you’ll need to work with Stripe to meet all “Know Your Customer” (KYC) obligations. We’ve designed Connect to accept KYC information directly through the API. When the information provided is incomplete or incorrect, it may result in delayed payouts for your users, or financial losses of your own.

Stripe requires that certain information about your users is provided as part of onboarding in order to comply with local KYC requirements. A platform with Custom accounts is responsible for all communications with its users, including collection of this required information. Because Stripe will not have direct communications with your users, it is your obligation to communicate the importance of compliance and identity verification.

We recommend conveying to your users the relationships involved as such:

Stripe is processing charges on a connected user’s behalf. Although the platform is initiating and managing the transactions, funds are not flowing through the platform itself.
The connected user has a Stripe account but relies on you to help them manage it, and Stripe has a legal obligation to know who they are.

Properly explaining the relationship in terms of banking regulations should suffice. You and your users also benefit from having a clear privacy policy illuminating what will and won’t be done with the user’s information. (See Stripe’s Privacy Policy to know how we use provided information.)