Skip to main content

KYC โ€” Know Your Customer

Scottsdale Mint is required by applicable laws and internal compliance policies to verify the identity of certain customers before fulfilling high-value precious metals orders. This process is known as Know Your Customer (KYC).

When KYC Is Requiredโ€‹

KYC verification is triggered automatically when:

  • An order exceeds a configured dollar threshold
  • A customer matches certain risk indicators
  • Compliance team manually flags an order

The exact thresholds and triggers are managed by the compliance team in the Kount agent console and in the WooCommerce KYC plugin settings.

KYC Process Overviewโ€‹

  1. Order placed โ€” Customer completes checkout and payment is authorized (but not captured for card orders)
  2. KYC triggered โ€” Order status set to wc-kyc-pending
  3. Customer notified โ€” Email sent with a secure, time-limited link to upload ID documents
  4. Documents uploaded โ€” Customer uploads government-issued ID and/or other required documents
  5. Compliance review โ€” Scottsdale Mint compliance team reviews uploaded documents
  6. Decision made:
    • Approved โ†’ Order proceeds; payment captured; order advances to wc-processing
    • Rejected โ†’ Order cancelled; payment voided; customer notified

Document Storageโ€‹

Customer identity documents are uploaded to a private AWS S3 bucket (scottsdale-kyc-documents or similar). Documents are:

  • Encrypted at rest (S3 server-side encryption โ€” AES-256)
  • Not publicly accessible (no public ACL; presigned URLs used for access)
  • Accessible only to authorized compliance team members via presigned URL
warning

Customer identity documents must never be stored in the WordPress database, logged in application logs, or cached. All document handling must go through the private S3 bucket only.

Access Controlโ€‹

Access to KYC documents is restricted:

  • Only users with the compliance_officer role (or equivalent) can view uploaded documents
  • Access is logged in Wonolog for audit purposes
  • Presigned URLs expire after 1 hour

Integration Notesโ€‹

This documentation provides a high-level overview only. Detailed implementation specifics of the KYC flow are not included in this public documentation for security reasons.

Compliance team members requiring detailed implementation information should contact the development team directly.