Escrow KYC Verification is Not Due Diligence

In reading some forum threads and email chains over the last couple of years, I think there is some confusion about the Know Your Customer (KYC) verification at, Payoneer Escrow, and other escrow services. As far as I understand, the KYC verification process is not a form of due diligence for a buyer or seller.

From what I understand, KYC verifies that the buyer and seller in a transaction are who they say they are when the transaction is set up. If a scammer or thief is one party to a deal, the KYC process would likely not be able to “out” that party as a scammer or a thief. The process would simply verify that their banking details match their account details.

Let’s say that Joe is buying from Bob using a domain name escrow service. I believe the escrow service will verify that Bob and Joe are who they say they are. They do not verify that Joe has the funds to buy nor do they verify that Bob actually owns the domain name or has the right to sell the domain name. Essentially, if Bob stole the domain name or otherwise has no rights to sell the domain name, that is something that the escrow service would not check.

I do not think it is the escrow service’s responsibility to do due diligence. I also do not think it is feasible for them to do it either. If the escrow service did due diligence, the escrow service would need to have a thorough investigative process, and that would cost a lot more money than they currently charge. It would also be quite a bit of risk to them if they miss something. In addition, imagine if you brought a deal to them to transact and they couldn’t verify ownership and canceled a legitimate deal simply because they couldn’t verify ownership. The buyer should do due diligence before agreeing to a deal or at least before transacting.

One positive aspect of the KYC verification process is that if a deal is consummated with a thief or scammer, would have that person’s banking and address details. I am pretty sure the other party would need to get a subpoena for that information, but it should be available if legal action is pursued. This is probably of little consolation to someone who was scammed as legal fees can be very high and the likelihood of recovering funds paid to buy a domain name that ends up stolen is pretty slim or would be less than the legal fees required to hire an attorney to see this through.

Domain buyers and sellers need to do their own due diligence before transacting.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn


  1. There are guys out there who do these quick fast money flip deals, and think they do their HW, but eventually it is to good to be true, and they get burned.

    Most times the buyer if it is a stolen domain will have to basically eat it.

  2. Elliot, as we say here in the UK, ‘Spot On’ (or ‘you hit the nail on the head’).

    At a most basic level, an escrow services only offers ‘due diligence’ by receiving and holding the payment from the buyer, on behalf of both the buyer and the seller, whoever they may be.

    Since possession is ‘nine tenths of the law’, by holding the payment in escrow, the escrow service protects the payment of both the buyer and seller.
    For illustration, all those illegal trades paid by Bitcoin using a Bitcoin escrow service encapsulate only this protection.

    By contrast, all ‘normal payment’ escrow services are Government regulated, and it is for the benefit of Government only (and neither for the benefit of the buyer and the seller, nor for the benefit of the escrow service) that escrow services have to i) identify who their buyer and seller customers are, and ii) verify this identity is correct.
    This is known as KYC and Due Diligence.
    For anti-money laundering purposes, the escrow services may or may not (often not) also have to verify the identity and ownership of the domain being transacted.

    So KYC and Due Diligence are not performed for the benefit of the buyer and the seller (although they may or may not obtain some ancillary benefit from these checks).

    So it is imperative that the buyer performs full due diligence on their own behalf.
    Remember, once the escrow process is ended, with payment being made from the escrow service to the seller, the buyer’s protection is also completely ended.
    If for example six months after the end of escrow, the domain turns out to have been stolen, and if say the registrar decides that ownership of the domain is going to be repatriated to the original legal owner, then the buyer would end up a defrauded victim.

    The seller’s due diligence requirements are normally less extreme, as usually the seller needs to ensure that the escrow conditions are set so that once the seller provides the evidence required in the escrow conditions for the domain transfer having been correctly made, then payment will be irrevocably made from escrow to the seller.

    Just to put all this into perspective, we at reckon we spend 75% to 80% of our staff and management time, and total expense, on KYC/Due Diligence/Anti-Money Laundering/Counter Terrorist-Financing work, even though we do not earn a penny from any of it, our customers resent it (although, they do benefit in an ancillary way from it), and we could gladly do without it entirely if Government did not force us to.

  3. Great post! Elliot is correct – Payoneer’s KYC review is not a substitute for your own due diligence on a buyer or seller. As a financial intermediary, Payoneer is required by banks and regulators to ensure we do not support terrorist or money laundering activity. We screen registration data for every registered user against government watch lists and our own sophisticated review criteria. On top of this, we also conduct fraud checks on the various methods of payment (credit card, eCheck, bank transfer, etc.) to ensure the source of the payment is not fraudulent. While our review activities will certainly help you avoid doing business with potentially malicious parties, buyers and sellers still need to conduct their own due diligence to ensure their buyer or seller is legitimate and avoid scammers.


Please enter your comment!
Please enter your name here

Recent Posts

Longest and Shortest Billboard Domain Names

I spent Father's Day weekend at our son's soccer tournament in the middle of New Jersey. It was a 6 hour drive, but it...

Rookie Mistake: Reading Expiry Lists at Breakfast

Every morning, as early as I am awake, I look through domain name expiry lists to see what is coming up for auction. I'll...

GoDaddy Auctions Running NameFind Auctions

GoDaddy is running a featured auction via its GoDaddy Auctions platform with domain names from its NameFind portfolio. While I would argue the domain...

Spaceship Hits 1 Million DUM – Only 13% of New Registrations are .com

Earlier this morning, Richard Kirkendall shared that Spaceship hit the 1 million Domains Under Management (DUM) mark. Richard is the Founder of Namecheap and...

Converse.CO UDRP Decision Turns on Price Inference

In general, I thought UDRP panels have gotten past the issue of pricing as it relates to generic / descriptive one word domain names....