There are several means of proofing identities during digital interactions, and there is often not a one-size-fits-all solution for every use case. Applying the right type of identity verification at the right time can give businesses a strategic advantage. For example, knowledge-based authentication (KBA) has several effective use cases. However, the types of KBA often get lumped together (static shared secrets are not nearly as effective or useful as advanced, dynamic KBA questions). KBA is also frequently placed in the same bucket as other forms of authentication, such as biometrics, which incorrectly assumes that the use cases for each are the same. In the same way that identity verification for new accounts is very different for pre-existing account authentication, there are important differences in the use cases and where dynamic KBA can be most effectively applied.
For example, when onboarding prospective customers, there is no pre-existing relationship with the customer or their devices to leverage – so biometrics isn’t an option for new customers. In this case, dynamic KBA is effective as a means of online identification. Additionally, due to its prevalence and usage, consumers have come to view KBA as a more secure form of digital identification. Data from IDology’s 1st Annual Consumer Digital Identity Study showed that 79% of consumers think KBA questions are “extremely, very, or moderately” easy.
Given the proliferation of personal information online coupled with the FFIEC recommendation to transition away from static KBA, organizations have turned to dynamic KBA as a means of identity proofing for out-of-wallet questions. To learn more about if and when KBA can be effective for your business, download this recent research overview.