Skip to content
Swft Docs

KYC & B2B Verification

For B2B orders above a threshold you set, Swft can require company verification via Companies House (UK) and/or identity verification via Stripe Identity. Verification happens inline in the checkout — failure blocks the order.

What it does

Section titled “What it does”

Pick one or both verification methods:

  • Companies House — UK company-number lookup. Confirms the company exists, is active, matches the customer’s input, and meets your minimum incorporation-age rules.
  • Stripe Identity — biometric ID verification. The customer is redirected to Stripe to submit a government ID and a selfie; Stripe confirms the match.

Verification is gated behind a liability waiver the first time you enable it. By acknowledging the consent gates, you’re accepting that you’re responsible for the verification decisions Swft surfaces.

Where to configure it

Section titled “Where to configure it”

Swft Dashboard → KYC & Compliance.

Section titled “First-time consent”

On first enable, you’re required to tick four checkboxes and type I ACCEPT to confirm you understand:

  1. KYC checks are best-effort and not a guarantee of identity.
  2. You retain responsibility for any orders you accept.
  3. Companies House data can be out of date.
  4. You’re collecting personal data — your privacy policy must reflect this.

This is logged with timestamp and IP. After the first acknowledgement, the toggles below become editable.

Settings

Section titled “Settings”
SettingDefaultWhat it does
Require Companies HouseOnRun the UK company lookup on every B2B order above the threshold.
Require Stripe IdentityOffAdd Stripe Identity (document + selfie) on top of Companies House. Expensive — Stripe Identity is ~$1.50 per session.
Minimum order value (pence)EmptyOnly trigger KYC above this order total. Leave empty to require it on every B2B order.

Customer experience

Section titled “Customer experience”

A B2B order above the threshold renders an extra step between Details and Payment:

  1. Company verification — the shopper enters their company name. The plugin queries Companies House and shows the matched company (incorporation date, status, registered address). If it matches the input, the shopper confirms.
  2. Identity verification (if enabled) — the shopper is redirected to Stripe’s hosted Identity flow. They take a photo of their ID document and a selfie. They return to checkout once Stripe completes verification.
  3. Payment — only proceeds if all configured checks passed.

If verification fails, the shopper sees a “Couldn’t verify, please try again” message. Repeated failures block the order entirely.

Managing the audit log

Section titled “Managing the audit log”

The KYC page has an Audit log tab listing every verification attempt:

  • Timestamp, customer email, IP
  • Action (companies_house_lookup, stripe_identity_redirect, stripe_identity_result)
  • Outcome (verified, failed, abandoned)
  • Metadata: matched company name, company status, age, name-match score, Stripe verification session ID

Keep this for audit and compliance reporting — Swft retains the log for 2 years by default.

How it works under the hood

Section titled “How it works under the hood”

KYC settings are stored on the merchants table: kyc_enabled, kyc_consent_at, kyc_consent_ip, kyc_require_companies_house, kyc_require_stripe_identity, kyc_min_order_pence.

The checkout’s KYCVerification component (checkout/src/components/KYCVerification.tsx) drives the flow. Companies House lookups call GET /api/sessions/:id/companies-house?name=... which proxies to the Companies House public API. Stripe Identity uses POST /api/sessions/:id/kyc-identity to create a verification session, then polls GET /api/sessions/:id/kyc-identity-result/:vsid until the result is final.

Every action is appended to the kyc_audit_log table with merchant_id, customer_email, actor_type (system / customer), action, outcome, and JSON metadata.

Gotchas

Section titled “Gotchas”
  • Stripe Identity costs money. ~$1.50 per session, billed to your Stripe account. Don’t enable it for every order — use the minimum order value threshold.
  • Customer can abandon. If they close the Stripe Identity tab without completing, the verification is recorded as abandoned and they have to start over.
  • Companies House can lag. A company that just registered may not appear in the API for 24-48 hours. Plan around this if you’re onboarding very new businesses.
  • Name matching is fuzzy. Companies House might match “Acme Ltd” to “ACME LIMITED” — the audit log shows the match score so you can review.
  • B2B mode must be enabled. If your store doesn’t have B2B mode active, KYC won’t trigger because there are no B2B orders to gate.
  • Privacy law applies. Verification collects PII (name, ID document, selfie). Your privacy policy must disclose this and customers must consent. Swft doesn’t generate consent text for you — work with your legal team.