Knowledge-Based Authentication for Reconciliation

Published: January 2, 2009 by Keir Breitenfeld

I’ve talked (sorry, blogged) previously about taking a risk-based approach to reconciling initial Red Flag Rule conditions in your applications, transactions, or accounts. In short, that risk-based approach incorporates a more holistic view of a consumer in determining overall risk associated with that identity. This risk can be assessed via an authentication score, alternate data sources and/or verification results. I also want to point out the potential value of knowledge-based authentication (a.k.a. out-of-wallet questions) in providing an extra level of confidence in progressing a consumer transaction or application in light of an initially detected Red Flag condition.

In Experian’s Fraud and Identity Solutions business, we have some clients who are effectively embedding the use of knowledge-based authentication into their overall Red Flags Identity Theft Prevention Program. In doing so, they are able to identify the majority of higher risk conditions and transactions and positively authenticate those initiating consumers via a series of interactive questions designed to be more easily answered by a legitimate individual — and more difficult for a fraudster. Using knowledge-based authentication can provide the following values to your overall process:

1.Consistency: Utilizing a hosted and standard process can reduce potential subjectivity in decisioning. Subjectivity is not a friend to examiners or to your bottom line.

2.Measurability: Question performance and reporting allows for ongoing monitoring and optimization of decisioning strategies. Plus, examiners will appreciate the metrics.

3.Customer Experience: This is a buzzword these days for sure. Better to place a customer through a handful of interactive questions, than to ask them to fax in documentation –or to take part in a face-to-face authentication.

4.Cost: See the three values above…Plus, a typical knowledge-based authentication session may well be more cost effective from an FTE/manual review perspective.

Now, keep in mind that the use of knowledge-based authentication is certainly a process that should be approved by your internal compliance and legal teams for use in your Red Flags Identity Theft Prevention Program. That said, with sound decisioning strategies based on authentication question performance in combination with overall authentication results and scores, you can be well-positioned to positively progress the vast majority of consumers into profitable accounts and transactions without incurring undue costs.