The Ins and Outs of Knowledge-Based Authentication for Verifying Identities


Customer Onboarding With Knowledge-Based Authentication

Knowledge-based authentication is the mainstay backup for banking and business passwords. Its security is closely linked to the uniqueness of  knowledge-based authentication (KBA) answers. The more secret your answers, the more secure your account should be. According to Mordor Intelligence:

  • The global identity verification industry had a value of $7.66 Billion in 2020.
  • By 2026, the sector is projected to hit $16.65 Billion.
  • The  compound annual growth rate (CAGR) is projected to be 13.29% from 2021 to 2026.
  • 72% of online businesses adopted more ID verification solutions because of the COVID-19 lockdowns.
  •  In 2020, there were 1,387,615 identity-theft-related claims.

The worldwide pandemic certainly accelerated the need for digital ID technology. However, with tightening compliance regulations for Know Your Customer (KYC) and Anti-Money Laundering (AML), cybersecurity needs and widespread digital versus analog spending, that acceleration is almost guaranteed to continue indefinitely.

Additionally, the whole business of passwords and authentication can be quite stressful. According to NordPass research of U.S. and U.K. respondents:

  • Getting hacked or losing a password generates the same stress as losing a wallet or facing an illness
  • More than 30% of the survey respondents found resetting passwords as tiring.
  • 8 out of 10 respondents found password management difficult due to having too many accounts and confusing which passwords match which account.

The Basics of Knowledge-Based Authentication

Knowledge-based authentication (KBA) is an alternate method of verifying the user by answering at least one unique, personal and/or secret question. The questions are generally broad enough to encompass large parts of your target demographics, easily recalled, but with specific enough answers to not be easily guessed by anyone other than the customer.

There are three primary types of KBA:

  1. Static KBA

    This is where your user will pre-select the questions and answers and will be stored in your database to be matched against future user responses.

    Ex: “What was your first car?”

  2. Dynamic KBA

    In this method, the system generates questions and answers based on public records or some other shared database such as marketing data and/or credit reports regarding the user. Typically, a time limit is also set to help prevent unauthorized individuals from researching any given answer. This is considered more streamlined because it does not require the potential customer to provide the information to be verified, as in the case with static KBA. It is verified using independent sources.

    Ex: “What was your address when you were 12 years old?”

  3. Enhanced KBA

    This method is similar to dynamic KBA, but it adds multiple choice questions for the user to choose from, generated from existing databases. If the user inputs the correct information during the allotted time frame, then the customer is granted access. If the information doesn’t match, then they are restricted from entering and potentially flagged as a security threat.

    Ex: “Who did you work for before Microsoft?”

    A: Google

    B: Metropolitan Credit Union

    C: Apple

    D: Amazon

Sometimes, KBA is used as a secondary verification point even after a correct password has been inputted. When KBA is added as an additional layer of verification it technically also becomes a part of the multi-factor authentication method, where users authenticate themselves two or three times — each using a different method. KBA increases the security of any given account without having to require the user to remember one more unique password.

How To Onboard Your Customers with KBA

KBA is one of many identity verification methods. Other methods include:

  • Biometrics: fingerprints or facial recognition.
  • Hardware tokens: USB keys or similar physical tokens are required to authenticate the user.
  • Software tokens: SMS passcodes and text prompts to support multi-factor authentication. 

While not the perfect security solution, the advantage of KBA is, according to the National Institute of Standards and Technology: “The addition of metrics to dynamic KBA may allow organizations to make well-informed decisions that reduce the risk of unauthorized disclosure, while increasing the overall trustworthiness and efficacy of the Identity Ecosystem. Additionally, they could give a greater level of control to the organization making the risk decision.”

Using KBA to onboard your customers can add another level of security and convenience to your process. According to Signicat, 40% of would-be customers abandon bank applications and leave them in an incomplete state. And, they do so on average, within 14 minutes and 20 seconds. Further, 93% of applicants will abandon after 60 minutes. KBA helps to leverage those statistics by shortening and streamlining your process. The faster your user is verified to your standards, the faster you can alleviate one of the most common frustration points for a new customer: the personal information gathering stage.

For example, using dynamic KBA will allow your team to help verify the user by using existing digital databases in seconds without having to know the answers in advance. First impressions are crucial to digital customer onboarding. According to a Deloitte report, “Digital banking — perhaps for the first time — may be contributing to overall satisfaction with banks, which still remains quite overall robust.” Furthermore, at-risk consumers, or the demographic most likely to switch from their primary bank, are “more open to a relationship with digital-only banks and megatechs that partner with banks.” This is especially attractive to younger users likely because they care much more about personalized and superior digital user experiences.

Customer Acceptance Made Easy With KBA

Knowledge-based authentication helps improve these digital experiences by bringing additional security layers while potentially speeding up your KYC and AML onboarding processes. This presents a worthwhile opportunity for your organization to upgrade your customers’ digital experience, reduce false positives and strengthen customer loyalty at the same time. 

Work with a trusted strategic partner like Instnt to upgrade your customer onboarding process and help limit your fraud losses. See how Instnt Accept™ works and request a free demo today!


About the Author

Instnt's fraud loss indemnification technology provides coverage of up to $100M for fraud losses stemming from synthetic, third-party, and first-party fraud. With Instnt's comprehensive fraud loss protection, businesses can confidently extend their services to a wider customer base, enabling them to embrace more opportunities and enhance revenue streams while maintaining a secure, fraud-free environment.