KBA and MFA – The Alphabet Soup of Authentication
We talked about the benefits of a fraud model and the bad practices that don’t include them. All of the approaches discussed ended in an authentication solution. Choosing the right authentication solution depends on where in the customer lifecycle authentication is needed. For loan origination fraud solutions, Knowledge Based Authentication (KBA) is king. KBA is a combination of real and synthetic questions designed to challenge fraudsters. Many existing KBA solutions ask questions found on driver’s licenses and other “in wallet” data sources. Javelin Strategy and Research has reported that over 79% of ID fraud is based on a stolen wallet, checkbook, or over the shoulder password theft. If the fraudster has the wallet, the questions need to come from somewhere else. The solution is to find information not stored in public record. Developing a question set that is both predictive and not overly invasive from that data creates the best KBA solution.
KBA is useful at point-of-sale, but what about your existing customers? Imagine they just want to log on to their account and can’t remember their challenge question, or maybe they are trying to make some changes to their account information. Does 5 minutes of questions really seem like a customer-focused approach when they are just trying to get their account back? Multi-factor authentication (MFA) fraud solutions can help. MFA refers to using at least 2 different methods of identifying someone. The recognized practice is to choose at least two of the following three:
• Something you know (a password)
• Something you are (a thumbprint)
• Something you have (a token or cell phone)
Asking someone for two different passwords doesn’t count; that’s just “something you know” asked twice. You can’t really substitute a biometric test because few people can provide that information from their workstation. The traditional multi-factor approach has been “something you have.” Tokens are easy to use but aren’t cost-effective in the mass market. An emerging best practice is a light-weight SMS text. Banks can leverage existing customer data (phone numbers) to allow clients to engage in online activities while still being confident in their client’s identity.
Whichever business problem challenges your fraud solution, make sure you have the right tools to meet the need head on.
If you want to talk to an Equifax specialist about your authentication solution you can e-mail us here
If you are interested in a monthly e-mails about blog updates, sign up for our newsletter
Rich Huffman is VP of Product Management for Equifax Technology and Analytical Services. Rich is responsible for driving the market strategy for Equifax’s portfolio of ID Verification and Authentication products.
Rich brings over 17 years of experience in product management to Equifax. Prior to joining Equifax, Rich created and managed products for the financial services industry at Harbinger, S1, and ADP. Rich is an expert in utilizing ID verification and authentication technologies in addressing Red Flag and other compliance concerns for online banking and online payment related activities.
Rich graduated from Clemson University with a B.S. in business with a concentration in economics.
Recommended For You
Approximately $12 billion has been stolen by identity thieves over the past six years[i], and consumers are increasingly aware of […]
A Two-step Authentication Approach Consumers are always on the go, using digital devices to make purchases, check account balances and […]
The CERCA Spring Conference, held on May 16, capped a broadly successful 2018 filing season that saw tax identity theft reduced by […]
Fraudulent account activity and identity fraud are both significant drains to today’s business resources. In the era of online and mobile commerce, […]