Usually when I explain what KBA (knowledge-based authentication) is most people think it’s really cool. Even though KBA solutions have been around since early 2000, the reality is businesses using this technology are considered early adopters – mainly because consumers (and the media) are only starting to become aware of KBA and how it works.
Recently identity proofing has caught the attention of industry analysts. Perhaps this is because most verifications are seamless to the customer and only focus on verifying that the identity is valid or real – not that the person is this claimed identity. But now with more synthetic identities being created, businesses need (and want) a way to determine that the person is who they claim and not a fraudster. Gartner stated in its recent research note on the subject:
Identity–proofing services will become increasingly important for fighting fraud and building online reputations. Personal identity frameworks, such as Microsoft’s CardSpace and OpenID, will also spur adoption, because these frameworks will be used for high-assurance applications.
But what about the creepy factor…are KBA questions an invasion of your privacy? At IDology we believe KBA in fact protects your privacy by limiting what data is being exposed to businesses. Instead of having multiple companies and employees access and review all of your data records, we shield your information and ask non-invasive questions that link you to your history. Based on the fact that our clients see an increase in customer satisfaction when using KBA, I’d say most consumers find it cool too. After all, wouldn’t you rather answer a few questions about old addresses or cars than provide your social security number or driver’s license number?
Search industry giant Google announced that it will implement age verification for its services in Korea to prevent kids from accessing adult-themed searches. 700 “adult” keywords will be included in this program so that anyone searching and wanting to access content on those keywords will be required to prove they are 19.
I wonder if this will be a prelude of things to come in other countries.
The Presidential Federal Task Force on Identity Theft recently issued its strategic plan to combat identity theft. The recommendations and guidelines suggested, if followed, are definitely a good start to protecting consumers information because they put controls on the use of SSN numbers as universal identifiers (in the public sector) and establish some national standards for responding to breaches of sensitive data without hindering some State’s stricter protection laws.
The report is definitely worth reading when you can find the time. Weaved throughout are victim’s stories from both a business and consumer perspective that will open your eyes to just how damaging identity theft can be. This example shows how identity theft impacts more than your credit history:
When purchasing advertising space in a trade magazine in 2002, a Colorado man wrote his birth date and Social Security number on the payment check. The salesman who received the check then used this information to obtain surgery in the victim’s name. Two years later, the victim received a collection notice demanding payment of over $40,000 for the surgery performed on the identity thief. In addition to the damage this caused to his credit rating, the thief’s medical information was added to the victim’s medical records.
Also included are accounts where businesses were able to prevent significant losses by enacting fraud prevention and identity authentication solutions.
When a major consumer lending institution encountered a problem when the loss ratio on many of its loans —including mortgages and consumer loans—became excessively high due to fraud, the bank hired a leading provider of fraud prevention products to authenticate potential customers during the application process prior to extending credit. The result was immediate: two million dollars of confirmed fraud losses were averted within the first six months of implementation.
Have you heard about the latest scam from the bad guys? It appears they too have learned how much impact marketing has on a “business” and purchased some keywords for Google and Yahoo ads. This article by Byron Acohido and Jon Swartz of USA Today explains it well and will bring you up to speed.
I doubt this scheme will impact the $19.5 billion (and growing) online advertising business too much but it certainly does show you how hackers and fraudsters are always evolving.