Not long ago, I spoke at the eSign Records conference in NYC. During Q&A, someone asked a question that comes up often: What is the future of knowledge-based authentication (KBA)?
It is no secret that there are people in the industry who believe the usefulness of KBA has run its course; however, I have to respectfully disagree. Industry guidance such as the FFIEC Guidance of Authentication in an Internet Banking Environment is a solid foundational direction that calls out the need for institutions to move beyond simple device to more complex device intelligence and more complex out-of-wallet identity verification procedures. Institutions across all markets, both private and public sectors, should be exploring all available services and technologies in an effort to reduce reliance on one or only a few methods of authentication and identity management. Particularly, again, assuming that the one method an institution may rely on could be greatly weakened or without value if subject to mass compromise.
KBA continues to be a valuable component in a layered authentication strategy as it effectively reduces both false positives and false negatives in the fast majority of authentication processes, leaving improved customer experience and better use of limited resources to treat true fraud risk.
Experian has been hosting the Future of Fraud and Identity events discussing current fraud and authentication trends aimed at helping the industry. Make sure to download our fraud prevention protect whitepaper to gain more insight on regulations affecting financial institutions and how you can prepare your business.