Last updated: 19 May 2026
This policy describes how ExCards and our card issuer partner verify the identity of customers (Know Your Customer, KYC) before issuing a card and on an ongoing basis.
Card issuance requires light KYC — a clear, in-focus scan of a government-issued passport (photo page). We do not require selfies, video calls, or liveness checks. Biometric data is not stored.
Full name, date of birth, nationality, passport number, issue and expiry date, country of residence, contact email or Telegram handle. Optional: jurisdiction of tax residence for fee calculation.
Passport scans are checked for authenticity (machine-readable zone parsing, basic forgery checks) by our issuer partner. False or altered documents result in rejection and a permanent block.
Every applicant is screened against UN, EU, US OFAC, UK HMT, and Swiss SECO sanctions lists, as well as politically exposed person (PEP) databases. Hits trigger manual review or rejection.
KYC data is refreshed when triggers occur: card expiry, change of country of residence, suspicious activity, or every 24 months as a default cadence. We may request updated documents.
KYC data is accessible only to: (a) ExCards compliance staff under role-based access, (b) the card issuer partner for issuance and ongoing monitoring, (c) regulators on lawful request. Data is encrypted at rest and in transit.
KYC data is retained for at least five years after the customer relationship ends, in line with FATF Recommendation 11 and applicable local AML laws.
You may request a copy of your KYC data, request correction of inaccurate data, or request deletion after the retention period ends. See Privacy Policy for the full data subject rights process.
We may refuse to issue a card without giving a specific reason if KYC checks fail or if issuance would breach applicable law or issuer policy.
KYC-related inquiries: /contact.html.