Loading...

Knoweldge Based Authentication (KBA) best practices, Part 1

Published: November 23, 2009 by Guest Contributor

–by Andrew Gulledge

Definition and examples
Knowledge Based Authentication (KBA) is when you ask a consumer questions to which only they should know the answer. It is designed to prevent identity theft and other kinds of third-party fraud. Examples of KnowledgeBased Authentication(also known as out-of-wallet) questions include “What is your monthly car payment?:” or “What are the last four digits of your cell number?”KBA –and associated fraud analytics –are an important part of your fraud best practices strategies.

What makes a good KBA question?

High percentage correct

A goodKnowledgeBased Authenticationquestion will be easy to answer for the real consumer. Thus we tend to shy away from questions for which a high percentage of consumers give the wrong answer. Using too many of these questions will contribute to false positives in your authentication process (i.e., failing a good consumer). False positives can be costly to a business, either by losing a good customer outright or by overloading your manual review queue (putting pressure on call centers, mailers, etc.).

High fraud separation

It is appropriate to make an exception,however, if a question with a low percentage correct tends to show good fraud detection. (After all, most people use a handful of KBA questions during an authentication session, so you can leave a little room for error.) Look at the fraudsterswho successfully get through your authentication process andsee which questions they got right and which they got wrong. The Knowledge Based Authentication questions that are your best fraud detectors will have a lower percentage correct in your fraud population, compared to the overall population. This difference is called fraud separation, and is a measure of the question’s capacity to catch the bad guys.

High question generability

A good KnowledgeBased Authenticationquestion will also be generable for a high percentage of consumers. It’s admirable to beat your chest and say your KBA tool offers 150 different questions. But it’s a much better idea to generate a full (and diverse) question set for over 99 percent of your consumers. Some KBA vendors tout a high number of questions, but some of these can only be generated for one or two percent of the population (if that). And, while it’s nice to be able to ask for a consumer’s SCUBA certification number, this kind of question is not likely to have much effect on your overall production.

Related Posts

Learn how you can proactively fight credential stuffing attacks and protect your organization and customers.

Published: December 18, 2024 by Laura Burrows

Bots have been a consistent thorn in fraud teams’ side for years. But since the advent of generative AI...

Published: December 17, 2024 by James Craddick

Learn how background screeners can optimize pre-employment verification processes, reduce fraud risks, and ensure compliance.

Published: December 12, 2024 by Theresa Nguyen