Chapter 2 Manner of Establishment, Process for and Management of Identity Verification Mechanism
Section 1 Users
Article 4
When an electronic payment institution accepts users to register, open an electronic payment account, or register their stored value cards, it shall learn the identity of users, record such identity information, and confirm the veracity of users according to these Regulations; the preceding provision applies when users change their identity information.
Article 5
When an electronic payment institution accepts users to register, open an electronic payment account, or register their stored value cards, it shall check with the Joint Credit Information Center (JCIC) for the following information and keep relevant records for future reference:
1. Information on deposit account with suspicious or unusual transactions.
2. Data and information circulated by electronic payment institutions pursuant to Article 28 and Article 35 of the Rules Governing the Administration of Electronic Payment Business.
3. Notation data where the users’ requests to enhance identity verification.
4. Other data as required by the competent authority.
Electronic payment institutions shall use the data obtained from JCIC prudentially, according to the preceding paragraph; and they shall decide whether to approve or reject user's registration application based on objectivity and autonomy.
Article 6
An electronic payment institution shall reject users to register, open electronic payment accounts, or register their stored value cards if the users have any of the situations specified in Article 4 of the Regulations Governing Anti-Money Laundering of Financial Institutions.
An electronic payment institution shall reject the user’s application for registration, or application for registering their stored value cards if the users have any of the following situations:
1. The deposit account or electronic payment account has been reported as a watch-listed account and the account status has not been removed.
2. The applicant applies for registration frequently over a short period of time without reasonable explanation.
3. The transaction functions applied for are obviously inconsistent with the applicant's age or background.
4. Data obtained from inquiry with JCIC according to Paragraph 1 of the preceding article show irregularity.
5. The same mobile phone number provided for identity verification has been used repeatedly in identity verification without reasonable explanation.
6. Other situations under which the user’s application may be rejected as provided by the competent authority.
Article 7
The types and transaction functions of e-payment accounts opened by users with an electronic payment institution are as follows:
1. Type 1 and Type 2 e-payment account: An e-payment account for individual users and non-individual users that offers the functions of collecting, paying funds, and accepting deposit of funds as stored value funds.
2. Type 3 e-payment account: An e-payment account for individual users that only offers the functions of paying funds under collecting and making payments for real transactions, deposit funds and receiving small-amount domestic and international remittances from a lineal relative or guardian’s electronic payment account in the same institution.
Article 8
When accepting individual users to register, open electronic payment accounts, or register their stored value cards, an electronic payment institution shall ask the users to provide basic identity information, including at least name, nationality, type and number of identification document and date of birth. It shall also retain the photocopy or image files of the identity certification or keep important information as the records.
Article 9
When an electronic payment institution accepts individual users to register and open a Type 1 e-payment account, its identity verification process shall comply with the following provisions:
1. Verifying the mobile phone number provided by the user: Verify that the user can use the said mobile phone number to operate and receive messages and notifications.
2. Verifying the veracity of the user’s identity information. The verification method shall comply with any one of the criteria set forth below:
(1) When a national ID card is provided, the institution shall check the user's ID card issuance records, name, and data with JCIC to verify data veracity;
(2) When a resident certificate, vertical household registration certificate, or other identity document issued by a government agency is provided, the institution must check such documents with the Ministry of the Interior or the issuers of the said documents, the name and data with JCIC, or use other appropriate methods to verify the user's name.
3. Confirming the financial payment instrument used by the user.
4. Verifying the user identity via over-the-counter review, a certificate that complies with the Electronic Signature Act, or video teller machine.
When an individual user uses the e-payment account, specified in the preceding paragraph, to engage in small-amount domestic and international remittances between different institutions, the electronic payment institution shall adopt one more of the following methods into its identity verification process:
1. Verifying that the user’s ID number and the mobile phone number owner’s ID number in Subparagraph 1 of the preceding paragraph are the same.
2. Confirming the second payment instrument used by the user.
The payment instrument referred to in Subparagraph 3 of the Paragraph 1 and Subparagraph 2 of the preceding paragraph shall be deposit accounts, credit cards, or other financial payment instruments recognized by the competent authority only. The said deposit accounts excludes Type 3 digital bank deposit accounts.
Article 10
When an electronic payment institution accepts individual users to register and open a Type 2 e-payment account, its identity verification process shall comply with the provisions in Subparagraphs 1 to 3, Paragraph 1 of the preceding article.
The provisions in Paragraphs 2 and 3 of the preceding article shall apply mutatis mutandis to conditions specified in the preceding paragraph.
Article 11
When an electronic payment institution accepts individual users to register and open a Type 3 e-payment account, its identity verification process shall comply with the provisions in Subparagraphs 1 and 2, Paragraph 1 of Article 9.
Article 12
When accepting a non-individual user to register an e-payment account, an electronic payment institution shall ask the user to provide basic identity information, including at least the name of the entity, country of registration, registration paper, license, or type and number of approval document for establishment, contact information, as well as representative's name, nationality, type and number of identification document, mailing address, and telephone number.
Article 13
When an electronic payment institution accepts a non-individual user to register and open a Type 1 e-payment account, its identity verification process shall comply with the following provisions:
1. Confirming a payment instrument used by the user.
2. Requesting the photocopy or image file of the user's license or certificate, or approval for establishment, and its representative's identification certification. Taiwanese government agencies, public schools, state-owned enterprises, or utility companies and foundations, of which their representatives are appointed by the government according to the law, may be exempted from these requirements.
3. Verifying the user’s identity presented by the user’s representative or its authorized agent via over-the-counter review, a certificate complied with the Electronic Signatures Act, or video teller machine.
The provisions in Paragraphs 3 of Article 9 shall apply mutatis mutandis to conditions specified in Subparagraph 1 of the preceding paragraph.
With respect to the image file of the registration license or certificate, or approval for establishment provided from onshore non-individual users in accordance with Subparagraph 2 of Paragraph 1 hereof, the electronic payment institution shall check the registration records with the Ministry of Economic Affairs, Ministry of Finance, or the competent authorities in charge of user's main line of business.
An electronic payment institution shall verify the beneficial owner of the user in accordance with its directions for anti-money laundering and countering terrorism financing.
Article 14
When an electronic payment institution accepts non-individual user to register and open a Type 2 e-payment account, its identity verification process shall comply with the provisions in Subparagraphs 1 and 2, Paragraph 1 of the preceding article.
The provisions in Paragraph 3 of Article 9 and Paragraph 3 of the preceding article shall apply mutatis mutandis to conditions specified in the preceding paragraph.
Article 15
When an electronic payment institution accepts users to register stored value cards, the identity verification process for individual users shall comply with the provisions in Subparagraphs 1 and 2, Paragraph 1 of Article 9; the identity verification process for non-individual users shall comply with the provisions in Subparagraphs 2 and 3, Paragraph 1 of Article 13.
An electronic payment institution must request the user’s contact phone number when it implement the process prescribed in the preceding paragraph.
An electronic payment institution issues a stored value card to its user, which is annexed to the user’s electronic payment account, the registration for the such stored value card annexed to the electronic payment account shall be deemed as completed.
Article 16
An electronic payment institution is deemed to have carried out the required identity verification process for a user, provided that the outsourced service provider has performed the identity verification of the users by following a procedure not less than the requirements set out in Articles 9 to 11 and Articles 13 to 15 hereof.
If an electronic payment institution engage an outsourced service provider to perform the identity verification process, the regulations set forth in Article 7 of the Regulations Governing Anti-Money Laundering of Financial Institutions shall apply to the institution.
Where an outsourced service provider cannot implement the measures specified in the preceding paragraph, the electronic payment institution shall terminate its outsourced services.
Article 17
An electronic payment institution shall, based on the results of differentiated identity verification performed according to these Regulations, set up users risk categorization standards, rate the risk levels of users accordingly, carry out scheduled or unscheduled monitoring, inspections, and risk control.
Section 2 Contracted Institutions
Article 18
When an electronic payment institution signs a contract with a contracted institution, the identity verification process shall comply with the following provisions:
1. Type 1 individual contracted institutions: Articles 4 to 6, 8, 9, and 16 apply mutatis mutandis to Type 1 individual contracted institutions.
2. Type 1 non-individual contracted institutions: Articles 4 to 6, 12, 13, and 16 apply mutatis mutandis to Type 1 non-individual contracted institutions.
3. Type 2 individual contracted institutions: Articles 4 to 6, 8, 10, and 16 apply mutatis mutandis to Type 2 individual contracted institutions.
4. Type 2 non-individual contracted institutions: Articles 4 to 6, 12, 14, and 16 apply mutatis mutandis to Type 2 non-individual contracted institutions.
Article 19
When an electronic payment institution signs a contracted institution contract with a contracted institution, it shall request the contracted institution to provide advertisements, photographs of the business premises, or other information that can verify the existence of real transactions for its supply of product or services.
An electronic payment institution must sign a “contracted institution contract” with a user before it may provide the user with services as being a payee in the process of collecting and making payments for real transactions as an agent service, but this does not apply to those that meet the conditions prescribed in the regulations in Subparagraph 4, Article 6 of the Act, or Article 7 of the Rules Governing the Administration of Electronic Payment Business.