From a regulatory standpoint, if you will be allowing them to open the account online, you will want to go through the same process you use for opening any account in person at the bank using your KYC policies CIP including OFAC checking. Many banks only allow current customers to open Online Banking online. Check out the FFIEC Handbooks - Electronic Banking and Information Security. The above suggestion on vendors is also very accurate, make sure you do thorough due diligence on the vendor and the product. A couple of other key issues to think about - how are your going to provide disclosures, what are the user ID and password requirements (do they select their own or are they assigned by you), how are the log on credentials given to the customer, are you allowing any form of SSN as an ID or password, etc. I caution you on using any form of the SSN, even as an initial logon that must be changed. Try to implement something different. Also make sure you have a security awareness page with info on latest fraud techniques, on requiring up to date firewalls, anti-virus, anti-spyware and malware tools. Just a few thoughts!
_________________________
Susan Orr, CISA CRP CISM
susan@susanorrconsulting.com
630.499.0276