Knowledge Based Authentication (KBA) best practices, Part 2

–by Andrew Gulledge

Where does Knowledge Based Authenticationfit into my decisioning strategy?

Knowledge Based Authentication can fit into various parts of your authentication process. Some folks choose to put every consumer through KBA, while others only send their riskier transactions through the out-of-wallet questions. Some people useKnowledge Based Authenticationto feed a manual review process, while others use a KBA failure as a hard-decline. Uses for KBA are as sundry and varied as the questions themselves.

Decision Matrix– As discussed by prior bloggers, a well-engineered fraud score can provide considerable lift to any fraud risk strategy. When possible, it is a good idea to combine both score and questions into the decisioning process. This can be done with a matrixed approach—where you are more lenient on the questions if the applicant has a good fraud score, and more lenient on the score if the applicant did well on the questions. In a decision matrix, a set decision code is placed within various cells, based on fraud risk.

Decision Overrides– These provide a nice complement to your standard fraud decisioning strategy. Different fraud solution vendors provide different indicators or flagswith which decisioning rules can be created. For example, you might decide to fail a consumer who provides a social security number that is recorded as deceased. These rules can help to provide additional lift to the standard decisioning strategy, whether it is in addition to KnowledgeBased Authenticationquestions alone, questions and score, etc. The overrides can be along the lines of both auto-pass and auto-fail.