Knowledge-based authentication or commonly known as KBA has been used since the dawn of financial services. KBA questions have been used as a key data point by almost all organizations during customer identification programs. Basically, knowledge-based authentication questions are used to verify a customer by asking them to answer a series of complicated questions. These questions are based on customers’ personal information and historical data. These are the kinds of questions that an attacker can’t answer just by stealing personal information like your driver’s license and more.
Questions are usually generated from public and private data sources, credit reports, and government databases.
Here’s an example of the questions:
While these questions may sound extremely secure, the efficiency of the KBA questions has been failing over time. The reason for that is the greater public availability of information and KBA’s susceptibility to fraudulent actors. This is why strong implementation of KYC compliance is crucial.
At its most basic level, KBA can be easily compromised mainly because of the amount of personal information that is available online. This availability of information can come from two locations such as social media platforms and high-profile data breaches.
According to studies, with enough research cybercriminals can easily get around the KBA questions as almost all the private information is available online. One simple search engine search with the person’s name can provide fraudsters with a plethora of information.
More sophisticated fraudsters use technologies that make it easier for them to access information that is usually buried deep. Plus the data breaches like the Equifax breach in 2017 make things harder for customers.
A better way to mitigate risks of financial crime is to make use of third-party data solutions instead of knowledge-based authentication questions. A criminal can easily guess, research, or spoof KBA questions, it is much more difficult to create synthetic identities to get around third-party data solutions.
It is much easier to build an idea of someone’s identity by collecting names, DOB, SSN, address, phone number, and email ID. Fraudsters have the means to gather other information such as browser type, IP address, linked bank account information, etc. By collecting and comparing this information available in public and private sectors, hackers can easily fool KBA questions.
Unless banks have access to real-time identity and document verification during online account opening, it will be almost impossible for banks to verify all the information during online customer onboarding. By reducing reliance on customers to validate identity through data input, institutions are reducing the weak points that fraudsters can use to exploit. Coupling this strategy with extensive, real-time, third-party cross-referencing is the key to improving compliances and reducing online fraud.
Verifying customer identity is one of the most crucial parts of the customer onboarding process. KYC and AML regulations are changing the way identity verification methods work. Financial Crimes Enforcement Network (FCEN) is one of many regulatory bodies that are responsible for regulating ID verification in the USA.
Two-factor authentication, also known as multi-factor authentication, is a method where the customer has to provide additional information apart from username and password to access their accounts. The additional information is usually a 6 digit numerical code. This code is sent to users once they click on the login button after entering the username and password. Two-factor authentication is a great option for opening accounts and completing impersonation checks whenever a customer tries to access their accounts.
Another method of customer identity verification is using credit bureau information about a potential customer. This method of verification relies on gathering information about the onboarding customer from any of the major credit bureaus. This information includes data like name, address, and social security number. It also uses a score-based system to create a perfect match without having to put customers’ personal information harm.
Database ID methods collect data from a wide range of sources to verify any identity. These sources of information are made up of online databases such as social media and offline databases such as government data.
This method of verifying customers is for assessing the level of risk a user poses. Although this method of verification isn’t exactly secure as it doesn’t ensure that the person providing the information isn’t the one making the transactions, thus this method is susceptible to identity theft.
One of the best ways to verify a customer during the onboarding process and reduce the risk of future financial crime is by verifying all sorts of documents. Using the latest technological features, document verification can be conducted online on all kinds of documents.
DIRO’s award-winning document verification service is the industry standard for verifying documents and reducing the risk of financial crime for banks, financial institutions, and other industries. It even helps in diminishing the risk for human error. Institutions just have to log in to DIRO’s secure browser and verify if a document is original or not.
DIRO’s innovative technology does instant document verification and offers 100% proof of authentication. The proof of authentication itself can be used as an original document by users. By utilizing all the technology has to offer, banks, financial institutions, and FinTechs can improve their chances of fighting financial fraud.