Knowledge-Based Authentication (KBA) is a process in which Identity verification is achieved by asking a series of questions that only a legitimate user is expected to know. KBA acts as an extra level of protection; it is commonly used during a digital onboarding process in several different industries, including banking and finance, insurance, and health care.
Examples of KBA questions include reviewing publicly available information found through credit reports, financial records, previous addresses, financial history, etc. There are two forms of KBA: static KBA uses a series of preselected security questions; dynamic KBA requires the use of time-sensitive questions created from already existing data at the moment of identification verification.
KBA is a method used by companies to reduce the chances of fraud, improve customer authentication processes, and limit access to the company’s systems by individuals without the proper credentials. KBA will continue to be an effective security method for organizations; however, many companies have begun to augment KBA with biometric, document verification, multiple-factor authentication, and liveness detection as they move into more sophisticated identity rights management processes to accommodate the changing environment of digital fraud attacks.