To be fair, there was a point in time where knowledge based authentication questions (KBAs) were an effective form of identification. But that time is gone. It’s likely that more personal information about each and every one of us is available on the web than anytime before in history, and the growing amount of cybersecurity incidents each year aren’t helping.
Due to the data breaches we read about in the headlines, your social security number, phone number, address, and even personal health habits can be purchased by fraudsters with little to no back alley dealing needed. The internet has many marketplaces that are willing to sell databases full of personal information, that double as answers to KBAs.
So what is the solution when someone can’t answer these questions accurately? Ask more questions. Step-up authentication often involves more of the same, or alternatively, results in refusing to provide any information to the caller. This is usually presented in the form of “our system is down” or “you need to come into one of our physical locations,” which is not the most ideal customer service experience. Loyalty is not derived from treating your customers like criminals.
Additionally, this notion goes beyond KBAs, but to anything you “know.” Information is easily transferred or stolen in the digital age, and passwords and PINs also fall under the category of secrets as security. For the same reason you shouldn’t force customers to maintain their own key to your brick and mortar storefront, you shouldn’t have to ask them to create and maintain their own secret word, PINs, or password as part of their identity verification.
Tune into our on-demand webinar to find out more about balancing authentication and customer experience here.