Knowledge-based authentication (KBA) is an identity verification method that empowers you to verify a customer’s identity using highly personalized “out of wallet” challenge questions.
.webp)
Knowledge-based authentication, or “KBA,” is an identity verification method in which users are asked one or more personalized questions that are known only to them.
KBA is a form of “out-of-wallet” authentication that is often used to lend additional surety to IDV processes that leverage other methods of verification, such as identity data or documents.
Static KBA employs questions based on personal information regarding static details such as addresses or phone numbers, with users required to provide correct answers during the authentication process.
However, static KBA’s effectiveness has diminished due to security vulnerabilities such as data breaches and the ease with which bad actors can obtain a user’s answers to static KBA questions.
.png)
To address the limitations of static KBA, Veratad leverages dynamic KBA, which incorporates context-specific questions that are harder for fraudsters to figure out.
Dynamic KBA questions are AI-generated from public and private records collected using the signer’s social security number. They may range from demographic questions to questions related to credit transactions.
While KBA has faced criticisms and limitations in recent years, it is not accurate to say that knowledge-based authentication is dead or that businesses no longer have use for it.
In fact, when employed as part of a multi-layered age and identity verification strategy, KBA can add tremendous value, enhancing assurance and security.
Knowledge-based authentication can be used as one factor in a 2FA setup. After the user provides something they know (e.g., a password), they can be prompted with KBA questions to further validate their identity. This combination adds an extra layer of assurance.
KBA can add an additional layer of security after identification documents have been verified. This combination reduces reliance on documents alone, balances security with user experience, and helps prevent fraud attempts based on stolen or counterfeit documents.
KBA can be used in conjunction with data-based verification methods as an added step. Data verification involves validating an individual’s identity by cross-referencing their provided information against a variety of reliable data sources.
Biometric authentication, such as fingerprint or facial recognition, can be combined with out-of-wallet knowledge-based authentication. Users first provide their biometric data, which is compared to a stored template. If the biometric match is successful, they can be asked KBA questions as an additional layer of assurance.
KBA questions offer an ideal way to reduce friction in processes that can sometimes frustrate customers, such as those associated with onboarding, transactions, and account login.
This is primarily because KBA allows users to cycle complete verification steps without needing to reach into their wallet to produce specific documents.
This is also what makes KBA easy to deploy as an additional escalation layer when further identity assurance is needed.
Implementing a KBA solution can be complicated without an experienced identity verification provider to help you integrate and deploy it effectively. That said, a typical implementation will include the following steps.
A business identifies its specific use case for KBA and determines where it will be integrated, such as during user onboarding or transactional processes.
Next, they select a reliable KBA provider that offers a robust set of questions and answers based on relevant personal information.
The KBA solution is then integrated, often via an API, into the business’s existing system or application.
During the integration, businesses configure their desired KBA settings, including the types of questions to be asked and the level of security required.
The KBA solution is tested and validated to ensure accuracy and effectiveness.
Then the solution provider uses this data to verify that the phone number of the device belongs to the user.
Every business is unique and sometimes KBA isn’t the most appropriate method for a given verification need.
There are several alternatives to KBA that can offer enhanced security and help mitigate some of the limitations associated with KBA, particularly the static variety. Here are a few examples.
.png)
Effective KBA questions provide an added layer of security, especially when combined with data verification, possession-based document verification, or multifactor authentication.
Let Veratad show you how our data validation solution can help your business improve customer engagement.
.png)
The cost of a KBA solution can vary depending on several factors, including the verification provider, the level of customization and integration required, the volume of transactions, and the specific features and capabilities of the KBA age or identity solution.
Pricing models for KBA solutions can differ, such as per transaction, tiered pricing based on usage levels, or subscription-based models.
Age Verification: Frequently Asked Questions
While there has been a shift in the popularity of KBA, it is still regarded as a secure form of ID verification if the personal information used is secure and the connected databases are also properly safeguarded.
Knowledge-based authentication challenge questions come from data associated with an individual. This can be from a credit bureau, a DMV or government entity, a mobile carrier or another secure source. Reputable KBA providers never share data or results with non-authorized individuals.
KBA is used as all or part of an identity verification workflow for user onboarding, a purchase, or another event that requires certainty that an individual is who they say they are. KBA is often used upon escalation after another verification method returns an unclear or negative response, or to provide an additional layer or surety and security.
As is the case for all Veratad’s data verification services, upon completion of a KBA verification transaction, Veratad only stores a “footprint” of each transaction for audit, reporting and compliance purposes. This means that Veratad does not store any sensitive personal information associated with a knowledge-based authentication transaction.
KBA is among the most common identity verification methods deployed by leading companies. It is an effective way to gain or add certainty that an individual is who they say they are, as it relies upon knowledge that only one or a few people would have.
Like any verification method, KBA can add friction to an onboarding or purchase process. When properly deployed, however, KBA represents only a few seconds of a user’s time.
Let Veratad show you what rapid, flexible and integrated identity verification can do for your business.
Request your personalized demo today!
