Welcome » IT Booklets » E-Banking » Introduction » E-Banking Support Services » Electronic Authentication
Verifying the identities of customers and authorizing e-banking
activities are integral parts of e-banking financial services.
Since traditional paper-based and in-person identity authentication
methods reduce the speed and efficiency of electronic transactions,
financial institutions have adopted alternative authentication
The authentication methods listed above vary in the level of
security and reliability they provide and in the cost and
complexity of their underlying infrastructures. As such, the choice
of which technique(s) to use should be commensurate with the risks
in the products and services for which they control
access.For example, section 326 of the USA PATRIOT Act (Pub.
L. 107-56) requires financial institutions to implement reasonable
procedures for (1) verifying the identity of any person seeking to
open an account, to the extent reasonable and practicable; (2)
maintaining records of the information used to verify the person's
identity, and (3) determining whether the person appears on any
list of known or suspected terrorists or terrorist organizations.
See 68 Federal Register 25090 (May 9, 2003); 12 CFR Part 21 (OCC);
12 CFR Parts 208 and 211 (Board); 12 CFR Part 326 (FDIC); 12 CFR
Part 563 (OTS), and 12 CFR Part 748 (NCUA). Additional
information on customer authentication techniques can be found in
this booklet under the heading "Authenticating E-Banking
The Electronic Signatures in Global and National Commerce
(E-Sign) Act establishes some uniform federal rules concerning the
legal status of electronic signatures and records in commercial and
consumer transactions so as to provide more legal certainty and
promote the growth of electronic commerce.Pub.L. No. 106-229.
An electronic signature may be as simple as a person's typed name
or an image of a person's handwritten signature. The
development of secure digital signatures continues to evolve with
some financial institutions either acting as the certification
authority for digital signatures or providing repository services
for digital certificates.See OCC Bulletin 99-20: Certificate
Authority Guidance (May 4, 1999).