Knowledge-Based Authentication: What Was Your High School Mascot?
What was your high school mascot? What is your mother’s maiden name? What is your favorite color? We’ve all been there. When opening a new account, or making profile changes to an existing account, we’re often asked a series of questions to help ensure we are who we say we are.
Knowledge-based authentication (KBA) is commonly used by organizations to confirm the identity of an individual, but it isn’t foolproof and can result in a poor customer experience.
KBA requires consumers to provide answers to questions that, theoretically, only the actual customer knows the answers to. Unfortunately, many KBA questions are based on information that criminals can easily find on social media sites or through other sources of publicly available information that they can then use to pass these security tests and access consumers’ accounts.
It’s not uncommon for a consumer to fail their own KBA quiz, resulting in a negative customer experience.
It can also be difficult to authenticate young adults, newly banked, and other emerging market segments due to the lack of public record information available about them.
Balancing KBA and the Customer Experience
A knowledge-based authentication quiz that helps ensure you know who you’re dealing with at the most critical moments, such as account originations, profile changes, and high-risk transactions is essential. However, KBA should be as seamless as possible to allow for a great customer experience that balances ease of doing business with risk mitigation—easy for consumers, challenging for fraudsters.
Guidelines from the Federal Financial Institutions Examination Council (FFIEC) call for the use of robust KBA as part of a layered security program to manage identity risk. The FFIEC encourages the use of challenge questions during authentication that do not rely on information that is publicly available.
These guidelines promote higher security, but what about the customer experience?
Sophisticated KBA must be able to manage the process flow to ensure that real consumers move through the authentication process quickly, while fraudsters are stopped in their tracks.
Knowledge-Based Authentication to Meet Your Business Requirements
Using dynamic KBA to generate a series of targeted questions imposters can’t easily obtain through public record searches, is a more secure approach to authentication.
These questions are commonly referred to as “out of wallet” and unlike KBA questions that rely on “shared secrets,” or answers a consumer has set up ahead of time, they are generated on the spot.
Dynamic KBA questions are unique to an individual with answers that are composed of information that is not publicly accessible or easy to guess — What make/model of car have you owned? What is your mortgage payment? At which of the following addresses have you lived?
The most sophisticated KBA solution will include multiple questions, including a “red herring” designed to throw fraudsters off, but obvious to legitimate customers.
These questions, generated by tapping into data from a wide range of industries including telecommunications and online lending, can help authenticate even the toughest market segments KBA solutions struggle to support — young adults, newly banked, immigrants and others.
Design your KBA quiz to best fit your business needs and optimize the customer experience. An effective solution includes the ability to:
- Configure pass/fail requirements
- Specify the number of questions asked and the number of multiple choice answers presented
- Prioritize or suppress the question types generated
- Determine a challenge quiz strategy
- Set quiz time limits to prevent fraudsters from researching answers
- Limit the number of times an individual can request a quiz in a specified time period
Authentication is an important business practice. Don’t let KBA be a burden to your organization or your customers. Learn more about ID Analytics identity authentication solutions.