KBA…Cool or Creepy?

Usually when I explain what KBA (knowledge-based authentication) is most people think it’s really cool. Even though KBA solutions have been around since early 2000, the reality is businesses using this technology are considered early adopters – mainly because consumers (and the media) are only starting to become aware of KBA and how it works.

Recently identity proofing has caught the attention of industry analysts. Perhaps this is because most verifications are seamless to the customer and only focus on verifying that the identity is valid or real – not that the person is this claimed identity. But now with more synthetic identities being created, businesses need (and want) a way to determine that the person is who they claim and not a fraudster. Gartner stated in its recent research note on the subject:

Identityproofing services will become increasingly important for fighting fraud and building online reputations. Personal identity frameworks, such as Microsoft’s CardSpace and OpenID, will also spur adoption, because these frameworks will be used for high-assurance applications.

But what about the creepy factor…are KBA questions an invasion of your privacy? At IDology we believe KBA in fact protects your privacy by limiting what data is being exposed to businesses. Instead of having multiple companies and employees access and review all of your data records, we shield your information and ask non-invasive questions that link you to your history. Based on the fact that our clients see an increase in customer satisfaction when using KBA, I’d say most consumers find it cool too. After all, wouldn’t you rather answer a few questions about old addresses or cars than provide your social security number or driver’s license number?

1 Comment

Filed under Digital identity, identity proofing, Identity verification, knowledge based authentication

One response to “KBA…Cool or Creepy?

  1. Wondering Aloud

    Just a comment about the Gartner report. Open ID does not provide identity proofing. An Open ID credential represents little more than the fact that another website has the same visitor as a registrant. Any organization that allows access and authorization based on an Open ID credential should be prepared for an INCREASE in fraud, not a decrease in one.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s