Customer ID Verification
New process
This guide provides information about customer ID verification using Galileo's new integrated ID verification process: Identity Verification Service (IVS). IVS replaces the Legacy CIP integration solution in June 2026.
If you are using Galileo's Legacy CIP process, refer to the Legacy Customer ID Verification (KYC/CIP) guide.
Before opening an account and conducting financial transactions with a customer—whether a private individual or a business—a bank must follow strict processes to verify the identity of the customer. To operate in the U.S. financial system, you must comply with laws designed to prevent money laundering and terrorist financing, primarily the Bank Secrecy Act (BSA) and the USA PATRIOT Act. These regulations require your financial institution to implement a risk-based CIP to form a reasonable belief that you know the true identity of each customer. These processes are often called:
- KYC — Know Your Customer, for individual consumers
- KYB — Know Your Business, for business entities
At a minimum, your program must include procedures to:
- Collect information — Obtain identifying information from each customer (such as name, date of birth, address, and a national identification number such as SSN/ITIN/EIN).
- Verify identity — Use documents, non-documentary methods, or a combination of both
- Maintain records — Maintain a record of all information and verification methods used.
- Check against government lists — Determine whether a customer appears on any list of known or suspected terrorists.
Note
Galileo sometimes uses the term "CIP" to refer to the whole ID verification process.
The details of KYC and KYB requirements are specific to each country and regulatory environment, and may vary according to a financial institution's risk appetite. Galileo and your sponsoring bank can help you identify the requirements for your particular program.
Choosing an ID verification solution
You have these options for performing ID verification:
- Use Galileo's Identity Verification Service (IVS).
- Provides KYC, KYB, and CIP. You can use this service as a standalone solution, or you can integrate it with the Create Account workflow.
- Use a third-party ID verification provider.
- Combine Galileo's processes with a third-party process.
When deciding how to perform ID verification, remember to prioritize the customer experience during the onboarding phase. When a legitimate customer does not initially pass verification, for example, the customer might decide not to take the extra step to supply additional documentation or call customer support. If your verification solution has a low pass rate for your target demographic, you can lose customers to onboarding friction.
Work with Galileo to determine which solution best addresses your use case. Maybe your target demographic is likely to possess ID documents from outside the United States. Some ID verification solutions use biometric technology or artificial intelligence to screen out likely bad actors, and others are integrated with blockchain technology.
Note
See KYC in Mexico if Galileo is your BIN sponsor in Mexico.
Regardless of which solution you choose, your app or website must collect identifying information from your prospective customers and submit the information for verification. Required information is:
- Legal name — First, middle (sometimes), last
- Address — Cannot be a P.O. box in the U.S. and Canada. Must include street address, city, state, postal code, and country.
- Date of birth
- Customer ID — The types of customer identifiers to accept are determined by your bank and specified in your product settings. Consult the Customer ID Types enumeration for possible ID types. The Galileo account-creation process can store 1–3 identifiers per customer.
Implementing ID verification
ID verification must be performed prior to account creation.
Using a standalone ID verification process
If you are using your own ID verification provider or if you're using the IVS endpoints without Program API integration, follow these steps:
- Send customer information to your provider.
- If you're using the IVS endpoints, use Verify Customer.
- After ID verification is successful, send a request to Create Account with these parameters populated:
- First, middle, and last names
- Date of birth
- Primary address
- Optional — Physical cards only. Ship-to address (if different from the primary address, where to mail the card)
- Optional — Customer ID:
id/idType,id2/idType2, and/orid3/idType3, as required by your bank or for record-keeping. See Using the id and idType parameters for additional information. cipStatus— Do not include
You do not need to inform Galileo whether a customer passed ID verification; however, you should create accounts only for those customers who pass.
Note
See Create Account without integrated ID verification in the Creating an Account guide for the account-creation workflow.
Using Galileo's integrated ID verification process
If you have decided to integrate IVS with the Program API (Create Account endpoint), you will need to make the following decisions in cooperation with your bank:
- Which IDs to require, request, or accept:
- IVS accepts only U.S. SSNs and ITINs as primary IDs.
- You can request one or two additional forms of ID for your own purposes, but they will not be passed to IVS. Consult the Customer ID Types enumeration for the complete list of ID types.
- Whether minors will be using the product, and what the minimum age is
- Whether the same government ID must be unique across all of your offerings or only within the same program or product
When you use the Create Account endpoint to collect and submit customer information Galileo, Galileo sends it through IVS, which returns one of four results:
Pass— The prospective customer information was verified.Fail— The prospective customer information could not be verified.Refer— The prospective customer information needs manual review.In Progress— Needs more documentation. Galileo sends an SMS with a secure URL for the customer to upload documentation.
If ID verification is still unsuccessful after the additional verification steps, the account is never activated.
Note
See Create Account using IVS Integration in the Creating an Account guide for the account-creation workflow.
Using the id and idType parameters
id and idType parametersCreate Account has three sets of parameters for identifier inputs:
id,id2,id3— Contain the actual identifieridType,idType2,idType3— Specify the type of ID that is inid,id2, orid3
When one of the id parameters is populated, the corresponding idType parameter is required. The format for id is determined by the value in its idType field, as shown in the Customer ID Types enumeration. For example, if you set idType: 2 (SSN), then id must contain nine numerals.
id and idType
id and idTypeWhen you are using Galileo's integrated IVS, you must populate id and idType at minimum. IVS supports only two idType values:
2— U.S. Social Security Number15— U.S. Individual Tax Identification Number
When you are using your own ID verification, and your bank requires an SSN (U.S.) or SIN (Canada) for verification, you must populate id with the SSN/SIN. Do not put it in id2 or id3:
- In the RDFs, an SSN/SIN that is entered in the
idfield is masked, whereas an SSN/SIN inid2orid3is not masked. Because the SSN/SIN is PII, inputting the SSN/SIN inidavoids mishandling that information. - The value in the
idparameter is sometimes called the "customer ID," such as when using the Get Account by ID endpoint. Galileo also calls it the "government ID" in some contexts or GID.
Other id and idType fields
id and idType fieldsPopulating id2/idType2 or id3/idType3 depends on the requirements of your program.
- If you are using Galileo's integrated IVS, only the
id/idTypevalues are sent to IVS. If you populate the other two ID fields, those values are written to the customer record but are not sent for verification. - Alternatively, you can use the
id2/idType2parameters to pass card-art information to your embosser. See Specifying a card design in the Design a Card guide for details. - If you populate
id2orid3but notid(not supported for IVS integration), you must set these product parameters; otherwise, you must populateidwith unique values such as the account holder's phone number:- VLDLV —
nullor not set - VALID —
0or not set
- VLDLV —
Duplicate ID values
During product setup, you determine whether a customer can sign up more than once for the same product. Galileo can verify that an id value is unique per product (prod_id), per program (prog_id), or across your entire product line. See Partners, Programs and Products for an explanation of these levels. The VLDLV parameter controls the level.
- Galileo checks the value in
idfor duplicate entries when VLDLV is set. It does not check the value inid2orid3for duplicates. - If you attempt to submit a duplicate
id, Create Account returnsstatus_code: 407-02.
Running ID verification on minors
Minor persons are not required to fulfill ID verification requirements but they do need to fulfill minimum age requirements. Determine the minimum age for minor customers and Galileo will set it in the DOB product parameter. The dateOfBirth endpoint parameter is then verified against the age limit.
- If the minor's account is to be a secondary account to a parent's account, pass the parent's PRN for
primaryAccount. See Primary and secondary account scenarios in the About Accounts guide for more information.
Testing ID verification
When testing in CV or Production, the following will result in status_code: 2 (invalid parameter) from the Create Account endpoint. This error prevents Create Account from sending the information to IVS:
- Year of birth before 1900
- Missing required values
- The SSN (
idType: 2) has one or more of these characteristics:- Begins with
9,000, or666 - Middle two digits are
00 - Last four digits are
0000
- Begins with
Events API
You can arrange with Galileo to receive these events related to customer ID verification:
| Event | Description |
|---|---|
BFID: failed_id | The customer failed ID verification. |
CAPP:app_completed | The account has been successfully created. |
Galileo setup
These are the product parameters to be configured at Galileo to control ID verification. See the Onboarding (KYC/CIP) table on the Parameters page for details on these parameters.
| Parameter | Description |
|---|---|
| CIPAP | Which applications can run ID verification when onboarding customers: CST or Program API or both. |
| CIPGT | Which government ID types are required for Galileo’s integrated ID verification process, either SSN or ITIN or both. |
| EIVS | Whether to integrate IVS |
| TIDST | Status for an account that does not pass IVS. Default: F |
| VALID | Whether the product requires a unique government ID, such as SSN for the U.S. or SIN for Canada |
| VLDLV | At what level a government ID must be unique: across the product, program, or provider |

