Let’s face it – not all knowledge based authentication (KBA) is created equal. I, too, have read horror stories of consumers forced to answer questions about a deceased relative or ex-spouse, or KBA sessions that went on far too long for anyone’s benefit. I have to attribute this to vendor inexperience and a lack of consulting with clients.
An experienced vendor will use a fraud best practice such as a fraud analytics model to determine that some consumers do not even need questions and then a “Progressive Question” feature, which uses consumer performance on an initial question set to determine if it is necessary for the consumer to answer additional questions. This way, the true consumer completes the process quickly, improving the customer experience.
The product of choice should also use a question mix that balances three factors:
· how easily the true consumer can answer the question;
· the fraud separation of the question (effectively the measured delta over time between how well true consumers answer the question vs. how well fraudsters do);
· how many consumers overall the question can be generated.
A list of hundreds of possible questions doesn’t mean much if the questions can only be generated for one quarter of one percent of the population, as is the case for something like airplane ownership or pilot’s license. Ultimately, out of wallet questions should be generated for a large part of the population, easily answered by the true consumer but difficult for a fraudster; and not offensive or what a consumer would consider “creepy” (such as their child’s birthday or name). Well designed questions will be personal but not intrusive and mindful of personal relationships that may have changed.
The purpose of a knowledge based authentication session is risk management and/or consumer authentication for fraud prevention and compliance purposes – not to cause the loss of business because the fraud tool crossed the line in the mind of your customer.