KYB and continuous monitoring
without building it in-house
Fintechs with merchant ecosystems face the same obligations as acquirers but with none of the team. Kenal AURA ships the full KYB and continuous monitoring stack (SSM Live, director eKYC, adverse media, and drift detection) behind a tenant that can be provisioned in a week.
Summary
Kenal AURA is the merchant lifecycle risk operations platform for fintechs, payment platforms, and marketplaces with merchant or seller ecosystems. Pull company and director data directly from SSM Live, run selfie plus MyKad eKYC, monitor merchant websites continuously, and catch drift before it becomes a scheme finding or a public incident.
Time-to-production instead of years of build
Building a KYB and monitoring stack from scratch is a two-year project: OCR pipelines, face match thresholds, registry integrations, classification rules, evidence retention. Kenal AURA is a working platform. A fintech tenant can be provisioned, bulk-load its merchant book, and be running baseline scans within a week.
Authoritative source data
Company status, directors, and shareholders come directly from SSM Live e-Info for Malaysian merchants. Director identity comes from eKYC with liveness-checked selfie and MyKad OCR. Adverse media runs on a continuous background worker against news, blogs, and watchlists. Every signal is sourced, not inferred.
Continuous, not one-shot
Onboarding checks do not protect you six months later. Kenal AURA runs web change detection, pinned-page drift, MCC drift, and adverse media screening on a configurable cadence for every merchant. When a merchant's content or public profile shifts, you know before it becomes a chargeback or a public incident.
Integrates with the rest of your stack
Kenal AURA is a platform, not a portal. Every alert, scan result, and case transition is available via webhook to your existing ticketing, alerting, and dashboard systems. Webhooks are HMAC-signed and retry on failure. No brittle polling, no manual export.
Modules that power this
SSM Live Integration
Company, director, and shareholder data pulled directly from SSM e-Info for Malaysian merchants.
Learn moreDirector eKYC
Selfie liveness, MyKad OCR, and face similarity scoring for every declared director.
Learn moreAdverse Media Screening
Continuous negative-news and watchlist screening on a background worker.
Learn moreWeb Change Detection
Automated merchant website crawling and multilingual content classification.
Learn moreDrift Detection and Alerting
Baseline comparison and severity-ranked alert queues for analyst triage.
Learn moreIntegrations
HMAC-signed webhook event routing into your existing ticketing and alerting stack.
Learn moreFrequently asked questions
- We already have a KYC provider. Why a KYB platform on top?
- KYC verifies individuals. KYB verifies businesses: company registration, beneficial ownership, directors, and the ongoing monitoring of the merchant website and public profile. Most fintechs have a consumer KYC stack but no KYB stack, which leaves merchant onboarding and post-onboarding monitoring as the weak link. Kenal AURA fills that gap.
- Do I need to operate the platform day-to-day?
- The platform runs the detection, classification, evidence capture, and SLA tracking, which is the repetitive operational work. You still need a human analyst to make the judgment calls: confirming violations, warning merchants, suspending, terminating. Most fintech portfolios can be operated by one or two people once the platform is in place.
- How does Kenal AURA integrate with our existing systems?
- Every alert, scan result, and case transition is available through HMAC-signed webhooks with configurable retry. Events can flow into your existing ticketing system (Jira, Linear, ServiceNow), your alerting system (PagerDuty, Opsgenie), or a data warehouse for reporting. No polling, no manual export.
- Where is our merchant data stored?
- Production runs on a multi-cloud regional footprint: AWS Malaysia (ap-southeast-5) and GCP Singapore (asia-southeast1). Each fintech tenant is placed on the regional cloud that meets its country's data residency requirement. Encryption at rest uses AES-256, data in transit uses TLS, and evidence retention is 7 years with integrity hashes.