Knowledge-based authentication (KBA) remains a fixture in the lender identity verification toolkit. Yet, it's notoriously cumbersome for consumers and vulnerable to common fraudster tactics. A multilayered approach using unique, thorough and continuously refreshed digital, offline, and device identity data is far more effective at stopping fraud and delivering a friction-right customer experience.
Knowledge-based authentication is a hassle for customers. Thinking of questions other people probably don't know the answers to and that a customer is likely to remember can be challenging and stressful. Customers worry they'll forget and get locked out of vital accounts, just as they're going online or calling a customer service center to perform an important, time-sensitive transaction.
Moreover, KBA is often ineffective as a security measure. People close to an accountholder often know a wide assortment of their personal information - pet's names, elementary schools, mother's maiden name - so the system is vulnerable to fraud by family members, former friends and associates. Personal information is also often widely available to strangers on social media or shady websites that compile it for no-questions-asked purposes. There are also massive caches of highly sensitive personal data — Social Security numbers, credit card numbers, passwords, and even answers to "secret questions" — circulating illicitly as a result of data breaches at companies like Equifax and Yahoo! that have affected literally billions of people.