There are several means of proofing identities to comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) rules, as well as ensuring the identity is real and that of the applicant. One of the most popular methods is Knowledge-Based Authentication (KBA). KBA employs questions that require knowledge of private information of the person to prove their identity. According to the Consumer Digital Identity Study, 57% of consumers have utilized KBA in the last 12 months, and KBAs second behind biometrics in their perceived security.
Like a lot of things in life, there are nuances within categories of goods and services that tend to get overlooked. The same is true for KBA. Not all KBAs are alike nor should they be treated and evaluated alike. The types of KBAs range from static “shared secrets” to higher-level dynamically generated questions, with data sourced from credit bureaus, public sources, and even customer-based transaction history. The employment of different types of KBAs varies by use case (account opening to authentication) and channel (desktop, mobile, or call center). When it comes to KBA there is the full spectrum of solution sets, from the robust and customizable to the less so.
There is no silver bullet for identity verification and authentication. It takes an orchestrated multi-level approach that employs a variety of options that can be determined dynamically to best fit the situation and the applicant or customer. Knowing the available options, including KBAs, and understanding their differences by efficacy, use case, and consumer preference, is imperative in today’s post data breach world.