Data for KBA Questions Matters

laptop2

News about data breaches seems to be never-ending over the past few years. One of the latest is the major customer identities hack of Adobe Software and news that 38 million customer accounts were exposed.  Along with other high profile breaches, the exposure of so much data that can be used to impersonate someone invites the question “what are the best ways of protecting against fraudsters coming right in the front door?”

As we’ve discussed in the past, the sources of correlated, verified information for identity proofing and authentication matter.  Not all data is equivalent for understanding if an identity is being misused – the original source of the data, how closely it connects to an identity and how old it is all matter. Equally, the analytics used to understand the data and create the Knowledge Based Authentication (KBA) questions matter. Questions that are too obtuse or difficult to answer may stymie the actual person more than the fraudster. Questions based on only public or easily available data won’t stop the fraudsters.

Using a combination of data from proprietary sources, including data owned by the business itself, and tested analytics is the best way to create KBA questions that work to stop fraudsters, but let good customers through without undue hassle.  The target user base will dictate which sources of data and which formulations of questions will work the best to accomplish that goal.

Read more about data sources and how to select the best data for identity proofing at Breaching the Front Door.