Market Guide for Identity Verification
Gartner® Magic Quadrant™ for Identity Verification
Get the Report
X

KBA Alternatives

Discover a better way to establish the identity of your online users with The Identity Verification Solution Buyer's Guide.
Get the Guide

Knowledge-Based Authentication (KBA): Promises vs. Reality

KBA identifies users by asking them to answer specific security questions in order to verify their identity for account opening, login, or other online activities. The promise of KBA is, unfortunately, met by some harsh realities. That’s why organizations are looking for alternatives.
“The promises of knowledge-based authentication have given way to some harsher realities.”
Forbes Technology Council

The Promise of KBA

The Harsh Reality of KBA

The Promise of KBA

KBA was thought to be effective because only the individual knows all the details needed to verify their own identity.

The Harsh Reality of KBA

KBA often relies on the same personal information exposed in most data breaches.

High-profile data breaches regularly make headlines, which means KBA data is regularly exposed and openly sold on the dark web.

“Knowledge-based authentication, based on questions derived from PII, is no longer reliable.”

BankInfoSecurity.com

The Promise of KBA

KBA was supposed to be secure because it emphasized answers to personal questions only the individual would know.

The Harsh Reality of KBA

Information used to craft KBA questions can also often be found online — a quick social media search can reveal the name of your pet or the name of your oldest nephew.

“16 percent of security questions had answers routinely listed publicly in online social networking profiles.”

Secrets, Lies, and Account Recovery, Google Survey

The Promise of KBA

KBA was accepted by regulators as a secure method of identity authentication for AML/KYC compliance.

The Harsh Reality of KBA

Regulators are now increasingly calling for stronger, more robust methods of authentication.

The National Institute of Standards and Technology (NIST) no longer endorses security questions and answers as a secure authentication method.

The Promise of KBA

KBA was considered a secure authentication method because it relies on information only the user would purportedly know and remember.

The Harsh Reality of KBA

20 percent of users forget the answers to their security questions within six months. This creates the need for re-verification and results in user frustration.

“Businesses must assume that fraudsters have the exact same knowledge of personal information as their customers.” Pindrop

There is a better way to verify online identity.

Learn how to choose the right solution with the Identity Verification Solution Buyer’s Guide.
Get the Guide
identity verification buyer's guide

Get Started

Let a Jumio expert show you how easy it can be to integrate our automated solutions into your existing processes.
Request a Conversation
image of man with facial hair smiling wearing a suit.