eKYC Guard — Identity Verification & Fraud Prevention for WHMCS

Stop fraud before it provisions. Automatically verify every customer's real-world identity — across 220+ countries — before a single service or domain goes live.

Overview

eKYC Guard turns identity verification into an automatic gate inside WHMCS. No customer gets a server, VPS, cloud service or domain until they pass KYC — so fraud, chargebacks and abuse are blocked at the source. Seven verification providers, built-in AML/sanctions screening, full lifecycle automation, and GDPR-ready compliance — all without leaving your WHMCS admin.

The problem every host knows

One stolen card. One fake signup. That's all it takes to trigger a chargeback, a phishing site on your IP range, a spam complaint, or a compliance headache. By the time you notice, the service is already provisioned and your team is already firefighting.

Manual review doesn't scale. Asking for documents over email is slow, insecure, and impossible to audit. And "just refund it" still costs you fees, time, and trust.

The solution

eKYC Guard makes identity verification a precondition for provisioning. The moment an order is placed, eKYC Guard holds activation until the customer proves who they are. Verified customers are provisioned automatically. Everyone else is stopped before they cost you a cent.

It runs entirely inside WHMCS. No external dashboard to babysit, and no developer required to operate it.

Why eKYC Guard is a must-have

• Kill chargebacks and card fraud — verified identity means real accountability. Fraudsters don't pass KYC; they leave.
• Stop abuse before it starts — no more phishing hosts, spam VPSs, or throwaway accounts wrecking your IP reputation.
• Stay compliant, effortlessly — built-in AML / sanctions / PEP screening, GDPR consent capture, document encryption at rest, and a full audit trail.
• Automate the busywork — invitations, reminders, suspensions, terminations and re-activation all happen on their own.
• Verify anyone, anywhere — 220+ countries, government IDs, passports, driver's licenses, selfies, liveness, and India's DigiLocker.
• Provision faster for good customers — legitimate buyers verify in two minutes and are activated automatically. Friction only for the risky.

If you sell hosting, VPS, cloud, domains, or SaaS to the public, identity verification isn't a nice-to-have anymore — it's table stakes. eKYC Guard makes it one click to turn on.

Verification providers

Enable any of these, or let customers choose. Switch providers anytime without losing a single record.

• Didit — global, 220+ countries, ID + selfie / liveness
• Stripe Identity — global, document + selfie
• Sumsub — global, configurable KYC levels
• Onfido — global, Studio workflows
• Persona — global, customizable inquiries
• Shufti Pro — global, real-time verification
• DigiLocker — India, government-backed identity
• Manual review — admin approves uploaded documents

Key features

Provisioning firewall

• Blocks product/service and domain provisioning until the customer is verified.
• Require KYC per product or product group — only where it matters.
• TLD rules for domains: all, whitelist, or blacklist.
• Fail-safe: never freezes your pipeline over a temporary provider outage.

Compliance and security

• AML / sanctions / PEP screening — a potential match goes to manual review instead of auto-approving.
• GDPR consent capture, with timestamp, before any document is processed.
• Document encryption at rest on a private, out-of-web-root path.
• Automatic data retention — documents auto-purge after your chosen window.
• Full audit trail — every action, decision and document view is logged.
• Periodic re-verification (re-KYC) every few months.

Set-and-forget automation

• Verification invitations and first/second reminders.
• Grace-period enforcement: auto-suspend, then terminate, then disable the account.
• Auto-provision on verify — pending services and orders activate the instant the customer passes.
• Editable WHMCS email templates — your branding, your wording.

Admin experience

• Clean dashboard with live stats, filters and search.
• One-screen review: approve, reject, or upload documents on a customer's behalf.
• Bulk actions — approve, reject or email dozens at once.
• Provider "Test connection" buttons to validate your API keys in a click.

Customer experience

• Localized client area — English, Spanish, French and Arabic.
• Mobile camera capture for documents and selfies.
• Live status that auto-refreshes while verification is processing.

How it works

1. The customer orders a service or domain. eKYC Guard holds provisioning.
2. The customer verifies in about two minutes, or uploads documents for review.
3. Verified customers are provisioned automatically. Unverified customers are reminded, then suspended on your schedule.

Who it's for

• Hosting and VPS providers fighting fraud signups and abuse.
• Domain registrars needing registrant accountability.
• Cloud, IaaS and SaaS businesses with KYC/AML obligations.
• Anyone tired of chargebacks, refund scams, and manual document chasing.

Compatibility and requirements

• WHMCS 8.0 to 9.x
• PHP 7.4+ (8.1+ recommended), with the cURL extension
• HTTPS enabled (required for provider redirects and webhooks)
• Optional: the PHP sodium extension, for document encryption at rest
• An account with at least one verification provider, or use manual review

Installs in minutes: upload, activate, paste your provider keys, done. No core file edits.

Frequently asked questions

Does it slow down my real customers?

No. Legitimate customers verify in about two minutes and are provisioned automatically. You can also scope KYC to only the products that need it.

What if a verification provider goes down?

eKYC Guard is fail-safe — it never freezes your provisioning pipeline over a temporary outage. You stay in control.

Can I use more than one provider?

Yes. Enable as many as you like and let customers choose, or enforce a single flow. Manual document review is always available as a fallback.

Is it GDPR-friendly?

Yes — explicit consent capture, encryption at rest, configurable data retention with auto-purge, and a complete audit log of access and decisions.

Do I need a developer to run it?

No. Everything is managed from the WHMCS admin area.

Pricing

• Monthly License — $3.99 — one WHMCS domain, all providers, updates and support.
• Annual License — $29.99 — one WHMCS domain, updates and support for one year.

Support

• Website: arahoster.com
• Documentation and provider setup guides included
• Free compatibility updates

eKYC Guard — verify with confidence, provision with peace of mind.