• Manual KYC and KYB workflows are the single biggest reason Indian banks lose merchants to payment aggregators during onboarding.

• A modern merchant KYC KYB platform automates identity checks, business registry validation, document processing, and risk scoring in one orchestrated flow.

• Straight-through processing (STP) delivers instant approval for low-risk merchants - without sacrificing compliance rigour for complex cases.

• Mintoak's DigiOnboard implements this architecture natively, with pre-built connections to Aadhaar, PAN, GSTN, and MCA21, deployed as a white-label experience under the bank's brand.

• Banks that automate KYC and KYB reduce cost-to-onboard structurally, improve merchant activation rates, and maintain a fully auditable compliance trail.

Indian banks expanding their merchant acquiring networks face a paradox that effort alone cannot resolve. The growth they are investing in is being throttled by manual KYC and KYB workflows still embedded in their onboarding processes.

A prospective merchant experiencing a three-week approval cycle doesn't wait. India's digital payments ecosystem already serves 491 million UPI users and 65 million merchants ^[1] and is on track to process 617 billion transactions annually by FY30, nearly triple today's volumes ^[1] . The merchant base banks need to onboard to participate in that growth is being captured by whoever moves fastest.

RBI KYC guidelines, PMLA compliance requirements, and FATF recommendations on digital identity all mandate robust Know Your Customer (KYC) and Know Your Business (KYB) verification. But the answer is not to choose between compliance and speed. A modern merchant KYC KYB platform delivers both simultaneously - and this guide maps the full architecture for bank decision-makers.

FATF-aligned PMLA compliance requirements are the rules businesses must follow to verify customer identity, monitor and report suspicious financial transactions, maintain records, and prevent money laundering or terrorist financing under the Prevention of Money Laundering Act.

Sequential approvals and compounding delays

Traditional merchant onboarding involves sequential manual touchpoints - document collection, Core Banking Solution (CBS) data entry, compliance review, credit assessment - each step waiting on the previous. A well-run bank can still find itself 8 to 14 working days into an application before a merchant ID is generated.

Manual review stages introduce data entry errors that generate rework loops, consuming the operations bandwidth needed for legitimate applications. The merchants experiencing the longest delays are often not high-risk cases. They are standard applications that hit a data entry mistake two stages back.

The commercial cost of friction

The direct cost of manual operations - headcount, field visits, document handling - is measurable. The larger loss is the one a spreadsheet doesn't capture. A merchant who abandons a bank onboarding process midway doesn't come back. The acquiring relationship, the current account float, the cross-sell opportunity, the daily transaction data - all of it goes to whoever completed the onboarding faster.

India's SME sector contributes 30% to GDP yet faces an estimated credit and financial services supply gap of ₹30–35 trillion ^[1] . Each merchant lost during a friction-heavy onboarding process is not just a lost QR code - it is a lost entry point into that underserved relationship.

Build versus buy: the real calculation

Building KYC automation in-house requires API integrations with Aadhaar, GSTN, MCA21, PAN, and sanctions databases - plus document AI, risk models, workflow orchestration, and ongoing regulatory maintenance. Most banks underestimate the integration complexity. The build cost, when fully accounted for, consistently exceeds a purpose-built platform deployment.

The architecture has three layers. The distinction between them is the difference between digitizing a form and automating a workflow.

Layer 1: Data capture

Merchants submit documents through a mobile-first interface. Intelligent capture engines extract and pre-fill structured fields automatically. For existing bank customers - ETB merchants - data held in the core banking record is pre-populated from the first screen. The merchant does not re-prove identity from scratch.

Layer 2: Verification orchestration

This is the layer that matters most. Rather than running identity checks, business registry validation, and document verification sequentially, the orchestration layer triggers all simultaneously upon submission. API calls to Aadhaar, PAN, GSTN, MCA21, and sanctions databases run in parallel. Total verification time reflects the slowest single check - not the sum of all of them.

A process that previously consumed two full working days of compliance team bandwidth is compressed into seconds - the same outcome that Mintoak's DigiOnboard delivers across live deployments at Indian banks including HDFC Bank, Axis Bank, Yes Bank, and SBI.

The orchestration layer also manages branching logic. Low-risk merchants route to straight-through approval. Medium-risk applications go to a digital review queue with documentation already collated. High-risk applications trigger structured enhanced due diligence. Compliance rigour is preserved - applied proportionately, not uniformly.

Layer 3: Risk decisioning

The verification output feeds a risk scoring model evaluating business vintage, industry risk category, geographic risk, ownership structure, and adverse media - generating a composite risk tier that drives approval logic without underwriter involvement for standard-risk merchants. Human judgement is reserved for cases that genuinely require it.

Platform extensibility

The platform must absorb new regulatory requirements - credit-on-UPI developments, account aggregator integrations and ONDC merchant verification standards - without re-architecture. A platform requiring a development sprint every time the RBI issues a new circular is a compliance liability, not a compliance asset.

RBI launched multiple new regulations governing digital payments in FY24-25 alone - including the PRAVAAH portal mandate, the Payments Regulatory Board framework, and expanded offline payment aggregator guidelines ^[1] . The regulatory surface area is widening, not narrowing.

KYC: individual identity verification

Real-time API connections deliver identity confirmation in seconds for individual merchant proprietors and authorised signatories:

• Aadhaar eKYC via the UIDAI Authentication API confirms identity and address in real time, with liveness detection and facial recognition meeting the RBI's V-CIP (Video-based Customer Identification Process) standards.
• PAN validation via Income Tax Department APIs confirms tax identity and cross-checks name consistency with Aadhaar records.
• GSTIN verification via GST Portal APIs confirms business registration status, filing history, and HSN code classification.

KYB: business entity verification

KYB automation extends to the business entity - the layer where manual processes are slowest:

• MCA21/NSDL integration confirms company registration, ROC filings, director details, and charge records for private limited companies and LLPs.
• Beneficial ownership mapping through UBO (Ultimate Beneficial Owner) identification algorithms traces shareholding structures across entity layers, flagging complex chains that warrant enhanced due diligence.
• Sanctions and watchlist screening against RBI defaulter lists, OFAC (Office of Foreign Assets Control), UN Security Council lists, and domestic PEP (Politically Exposed Person) databases runs at onboarding and on an ongoing basis post-activation.

Mintoak's DigiOnboard has pre-built integrations to each of these sources through RegTech partners. Banks deploying DigiOnboard connect to the full Indian regulatory verification stack through a single integration point.

Extraction and authenticity verification

AI-powered OCR (Optical Character Recognition) engines extract structured data fields from uploaded documents - registration certificates, GST certificates, cancelled cheques, and board resolutions - eliminating manual data entry at the source.

Forensic AI models analyse font consistency, metadata integrity, and tamper indicators, cross-validating extracted data against government registry APIs. A GST certificate whose registration number doesn't match the GSTIN API response is flagged before it enters the bank's records.

Configurable checklists and exception handling

Configurable document checklists tied to MCCs and business entity types enforce the right requirements automatically - preventing over-collection that frustrates legitimate merchants and under-collection that creates compliance gaps.

Documents falling below confidence thresholds route to a human review queue with AI-generated annotations highlighting specific anomalies. Compliance officers make faster, better-informed decisions on complex cases without slowing standard applications.

Composite risk scoring and MCC assignment

The risk model evaluates business vintage, industry risk, geographic risk, transaction volume projections, ownership complexity, and adverse media simultaneously - generating a composite tier that drives approval logic without underwriter involvement for standard-risk merchants. MCC assignment, frequently delayed in manual processes by classification decisions sitting across three teams, is automated through NLP-based (Natural Language Processing) business activity classification that maps business descriptions, website content, and GSTIN-linked NIC (National Industrial Classification) codes to the appropriate MCC. Accurate interchange routing and risk-based limits are in place from day one.

Instant provisioning for Straight-Through Processing (STP) cleared merchants

Merchants clearing all automated KYC and KYB checks receive instant approval and downstream provisioning within the same session. Mintoak's DigiOnboard generates Merchant IDs and Terminal IDs instantly upon STP clearance and provisions the digital QR code immediately within the app. A merchant who is live in minutes begins generating acquiring revenue immediately. A merchant whose application sits in a queue for a week does not. With the online merchant payment market projected to reach ₹86 trillion in transaction value by FY30 - growing at a 22% CAGR ^[1] , every week of onboarding delay represents a measurable slice of acquiring revenue that goes elsewhere. Across a portfolio of thousands of monthly applications, the compounding effect is material.

Banks should benchmark platforms across six dimensions:

• Depth of Indian regulatory API integrations - Aadhaar, PAN, GSTIN, MCA21/NSDL, sanctions databases - pre-built and maintained by the vendor.
• Configurability of risk rules without code changes, so the bank's evolving risk appetite doesn't require a development sprint.
• Core banking integration capability - verified merchant records must flow to CBS (Core Banking Solution) without manual handoffs.
• Demonstrated STP rates from live Indian bank deployments, not theoretical projections.
• Total cost of ownership versus build-in-house, factoring in API maintenance, regulatory update cycles, and headcount reduction.
• Vendor track record with regulated Indian banking institutions.

A phased roadmap reduces change management risk: KYC automation in a pilot geography first, full KYB and risk scoring in phase two, instant provisioning and Straight-Through Processing (STP) in phase three. Each phase delivers measurable ROI milestones.

Heads of Merchant Acquiring should also evaluate post-onboarding lifecycle capabilities - periodic KYC refresh, transaction monitoring integration, and merchant risk re-scoring. Onboarding is the entry point to a relationship that requires continuous compliance management throughout.

What is the difference between KYC and KYB, and why do banks need both for merchant onboarding?

KYC- Know Your Customer- verifies the individual: the merchant proprietor, director, or authorised signatory. KYB- Know Your Business- verifies the entity: registration status, ownership structure, director details, and tax compliance. For merchant acquiring, both matter. A legitimate individual can represent a fraudulent or non-compliant business. Running only one check leaves a gap that regulators- and fraudsters- will find.

Why do merchant onboarding KYC delays cost banks more than just time?

The visible cost is operational- staff hours, rework loops, field visits. The invisible cost is larger. A merchant sitting in a manual review queue for two weeks is a merchant actively evaluating other options. When they onboard with a fintech aggregator instead, the bank loses not just the acquiring revenue but the current account, the cross-sell opportunity, and the daily transaction data that would have enabled it. The delay doesn't show up as a loss on a P&L- but it is one.

India's merchant acceptance infrastructure has grown rapidly - 665 million QR codes deployed, 11 million PoS terminals active, soundboxes crossing 23 million ^[1] , but the onboarding pipeline feeding that infrastructure has not kept pace. The acceptance side is ready. The activation side is the bottleneck.

What should banks look for in a KYC KYB platform for merchant onboarding?

The most important factor is the depth of Indian regulatory integration- pre-built, maintained connections to Aadhaar, PAN, GSTN, and MCA21/NSDL rather than integrations the bank has to build and update independently. Beyond that: configurability of risk rules without code changes, demonstrated straight-through processing rates from live deployments at Indian banks, and genuine white-label capability so the merchant experience stays under the bank's brand. Total cost of ownership- not just licence fee- should factor in API maintenance, compliance update cycles, and operations headcount reduction.

How is digital merchant KYC verification different from traditional branch-based KYC?

Traditional KYC requires the merchant to be physically present, or a field agent to collect documents on the bank's behalf. Digital merchant KYC verification replaces both with a mobile-first flow where the merchant uploads documents from their phone, Optical Character Recognition (OCR) extracts the data, and API calls to government sources- Aadhaar, PAN, GSTN- validate identity and business details in seconds. The compliance outcome is equivalent. The time, cost, and merchant experience are not.

Can a bank automate KYC and KYB without replacing its core banking system?

Yes. A well-architected merchant KYC automation platform integrates with the bank's existing CBS (Core Banking System)- through an API layer. Only the integration layer changes as new connections are added. The bank doesn't need to re-platform to automate onboarding. Mintoak's DigiOnboard is built on this model, and a phased deployment starting with a pilot geography can go live within 12 weeks.

_Mintoak's DigiOnboard module delivers KYC and KYB automation purpose-built for Indian banks - with pre-built regulatory integrations, configurable risk workflows, instant Merchant Identification Number (MID) and Terminal Identification Number (TID) generation, and white-label deployment under the bank's own brand.

Learn more at mintoak.com/products/mintoak-digionboard_

[1] PwC, 2025: PwC & Global Fintech Fest. (October 2025). The Indian Payments Handbook 2025–2030. Available at: https://www.pwc.in