Search Icon

Think about trying to log into your online bank account, but forgetting your password. You may try to reset the password online, but perhaps you don’t remember the answers to the security questions you provided while opening the account.

After a few minutes banging your head against the keyboard trying to guess the right answer, you dial the customer service number—only to find out that there is no option to reset the password using the automated phone system. You could try dialing 0 to reach a live human being, only to hear an agent ask, “Would you please answer these three questions so that we can authenticate you?”

What is Knowledge-Based Authentication (KBA)?

Knowledge-based authentication, or KBA, is a type of authentication that looks to prove that the person providing identity information is truly that person. As its name suggests, KBA is based on some sort of knowledge the individual has—and fraudsters shouldn’t.

Once considered the industry standard for financial services, KBA is now considered a lackluster approach to verifying identity online. This ‘ancient’ process is inconvenient and causes frustration for good customers who may have forgotten the quiz answer. Not to mention, fraudsters can easily circumvent the KBA process using compromised personally identifiable information (PII).

An example of how KBA has fallen into disfavor is the NIST statement in June 2017, “Knowledge-based authentication, where the claimant is prompted to answer questions that are presumably known only by the claimant, also does not constitute an acceptable secret for digital authentication.”

The chart below is from a 2021 Aite-Novarica research report, and it shows that most financial institutions (FI) are decreasing their reliance on KBA.

Figure 1: “Contact Center Authentication: A Mystery Shopper’s Journey ”Aite-Novarica, May 2021

A Better Way: Instantly Verify Identities Online without Friction

Socure Sigma Identity Fraud provides a path to instant, passive, and accurate assessment of identities to optimize user experience, security, accuracy, and customer conversion.

Whether at account opening, profile changes, account login, or high-value transactions, identity verification with Socure enables you to improve your business operations and your customer experience by:

  • Removing Friction – Verify identities throughout the customer lifecycle while minimizing friction.
  • Maximizing Conversion – Achieve up to a 60% increase in auto-approval rates, without expensive and burdensome manual reviews.
  • Achieving Greater Accuracy – Capture up to 90% of fraud just in the riskiest 3% of users.
  • Using the #1 Identity Verification Solution – Used by 4 out of the top 5 banks and 7 of the top 10 card issuers with the most stringent compliance regulations.

Moving Beyond KBA

Socure has helped 1,000+ top enterprises improve their identity verification and risk operations, and to move beyond outdated KBA to streamline their onboarding processes.

We recently worked with the digital banking arm of a leading investment bank to compare the effectiveness of Sigma Identity Fraud against the bank’s incumbent KBA system. Socure rank-ordered a set of records for individuals that had passed quizzes presented by the banks’ KBA legacy process.

Sigma Identity Fraud identified fraud in the top 16% of quiz completions with no fraud in the bottom 84%. For this population, Sigma Identity Fraud could be used to provide a passive identity verification with Sigma Identity Fraud and Sigma Synthetic Fraud, then escalate only the top 16% to Socure Predictive DocV for a more in-depth ID document verification method. This approach would significantly reduce friction in the vast majority of the population by quickly and accurately verifying their identities in the background.

For the riskier demographics, DocV would quickly authenticate users, separate good from bad, and provide compliance documentation for those who fail.

Avoid the Pitfalls of Knowledge-based Authentication (KBA)Screen Shot 2022-02-04 at 4.30.55 PM

Read our white paper, The Pitfalls of KBA, to learn more about the consequences associated with outdated processes like KBA, and request a personalized demo to see how you can implement the best practices for digital onboarding with Socure.

Posted by

Todd Thiemann

Todd Thiemann

Todd is Senior Director for Product Marketing at Socure, where he manages marketing for Socure’s Fraud suite of offerings. Prior to Socure, Todd worked in cybersecurity and identity at companies including Arctic Wolf Networks, Nok Nok Labs, Vormetric/Thales, and Trend Micro.