If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.
But, as bad as this breach was, there’s a larger concern. Given how much personally identifiable information (PII) is out in the wild, the fate of KBA is now being openly questioned. Knowledge-based authentication is an authentication process in which the user is asked to answer at least one “secret” question. KBA is often used as a component for self-service password retrieval.
Unfortunately, a large number of enterprises still rely on KBA and depend on the idea that only the individual knows all the details used to verify identity, but that assumption requires ignoring the sheer amount of PII that has been exposed over the past few years.
The hackers behind the Equifax breach presumably now possess a treasure trove of information about individual Americans. This means they can now leverage this information to reset passwords and perform account takeovers to inflict a lot of damage, financial loss, and headaches.
Ironically, this happened back in 2013 when fraudsters bypassed KBA to obtain the credit reports of several celebrities, including Hillary Clinton and other well-known names which were then posted on a Russian website Exposed.su. You can read that story here: http://fraudpractice.com/fraudblog/?page_id=1154.
But, there are other signs that KBA may be reaching its expiration date. That’s why we created this infographic 10 Signs Knowledge-Based Authentication is Going Extinct.
If your organization still relies on KBA, let’s discuss how Jumio can help by providing a more robust, secure and simple form of identity verification.