Q: Can a bank use an electronic credential, such as a digital certificate, as a non-documentary means to verify the identity of a customer that opens an account over the Internet or through some other purely electronic channel?
A: A bank may obtain an electronic credential, such as a digital certificate, as one of the methods it uses to verify a customer’s identity. However, the CIP rule requires the bank to have a reasonable belief that it knows the true identity of the customer. Therefore, for example, the bank is responsible for ensuring that the third party uses the same level of authentication as the bank itself would use. See also FFIEC guidance titled “Authentication in an Electronic Banking Environment” (July 30, 2001). (January 2004)