What is knowledge-based authentication (KBA)?

A method of proving the identity of someone accessing a service such as a financial institution or website, requiring the knowledge of private information of the individual to prove that the person providing the identity information is the actual owner of the identity. KBA is found in two forms: Static and dynamic. Static KBA is commonly used by banks, financial service companies, and email providers to prove a customer’s identity before allowing account access, for example, a ‘shared question’ where the user stores an answer to a question such as, ‘What was the make and model of your first car’ to be asked if he or she forgets their password. Dynamic KBA is a high level of authentication that uses knowledge questions to verify someone’s identity, without requiring the individual to have provided questions and answers beforehand. For example, questions may be compiled from public and private data like credit reports or transaction histories. (See Digital Closings Clear Final Hurdles)