Complete Story
 

08/22/2018

Why It’s Time To Retire

Knowledge-Based Authentication

What was the make and model of your first car? What was your elementary school? What is your mother’s maiden name?

These are all questions that consumers have probably answered more times in the last 5-10 years than in every year of their life combined. Because in the era of digital services, one of the most common and accepted ways to validate a customer’s identity is simply to ask them questions that presumably only they could answer. Old addresses, schools, pet names, cars — all data points consumers are comfortable coughing up in case of an identity check during digital interaction.

And not just comfortable — extremely comfortable.  According to Philipp Pointner, chief product officer at Jumio, a full 90 percent of consumers are comfortable with simply answering knowledge-based questions when it comes to proving their identity.

But they really shouldn’t be.

Because as of this day in 2018, around 1.4 billion consumer records are exposed on the black market — and that’s just a tally from the past year.

And they’re more than exposed — the records are for sale on the black market. And because demand is high on the black market for consumer data, the trend of large institutions being hacked and looted for their consumer data cache is not on the decline.

“As an individual, you have to assume your data is already compromised,” Pointner said. In fact, consumers should assume their data is so compromised at this point that it is almost useless to use knowledge as an identity source. Said simply, the hackers at this point likely know a consumer’s data better than the consumer knows it. Consumers are complacent about this, he stated, because they trust that the institution has done its homework and is applying state-of-the-art security.

Which, Pointner noted, institutions are, because they are looking for alternatives to knowledge-based authentication (KBA). The industry agrees, he believes, that it has absolutely no future.

So if KBA is dead — or at least should be — what’s next? According to Pointner, a holistic approach to identity that looks at an entire consumer lifestyle instead of tying authentication to single moments and data points.

PYMNTS.com 8/21/18 https://www.pymnts.com/news/security-and-risk/2018/retire-knowledge-based-authentication/

Printer-Friendly Version


Back to Top