Knowledge-based authentication (KBA) is a security process that verifies a user's identity by asking them to answer specific questions that only they should know the answer to. This process is often used in situations where a user needs to verify their identity before accessing sensitive information, such as when logging into a bank account, accessing medical records, or performing a remote online notarization.
The goal of KBA is to prevent unauthorized access to sensitive information by verifying that the user is who they claim to be. The process works by asking the user a series of questions that only they should know the answer to, such as their mother's maiden name or the name of their first pet. The answers to these questions are often used to verify the user's identity and grant them access to the requested information.
While KBA can be effective in verifying a user's identity, it is not without its limitations. One of the biggest challenges with KBA is that the answers to the questions can sometimes be guessed or obtained through social engineering tactics. For example, an attacker might be able to obtain the answers to KBA questions by researching the user's social media profiles or contacting them directly and pretending to be a legitimate source.
KBA has a drawback where the questions asked may be too intricate or hard to answer, causing inconvenience for users who may forget the answer. This can lead to frustration and prevent users from accessing the information they require. However, despite these limitations, KBA continues to be an essential security measure for safeguarding sensitive information. In real estate transactions, KBA is still the most accepted form of ID proofing (adding to the ID Credential Analysis), even though some notaries have other legally available methods at their disposal.
During remote online notarization, the signer is required to answer a 5-question quiz with a passing score of 80% within a two-minute window. The standard protocol in most states is that signers are permitted to attempt the KBA quiz twice within a 24-hour period. If the client fails both attempts, the notary is required to wait 24 hours before attempting to verify the signer again. In case the signer is unable to wait for the mandated 24-hour period, they can opt for a different notary. Alternatively, if the current notary is legally permitted to do so, they can use the oath of credible witness. It is illegal for the current notary to switch to a different platform and have the signer redo the KBA quiz before the mandated 24-hour period is over.
In addition, it is important for notaries to be aware that certain RON platforms may require signers to provide their social security number to access KBA questions, even though KBA can be generated from sources other than credit history. Keeping this in mind is essential for ensuring a smooth transaction for the notary's potential client base.
In conclusion, knowledge-based authentication is an important security measure for protecting sensitive information. While it is not perfect, it can be effective in verifying a user's identity and preventing unauthorized access. Apart from KBA, the client is also required to undergo ID credential analysis (further details on this will follow).
If you enjoyed this newsletter and are interested in learning more about KBA, be sure to check out my Virtual Notarization series available on Amazon.
Comments