Click me
Transcribed

Knowledge Base Authentication

****** KNOWLEDGE BASED AUTHENTICATION What is KBA? Knowledge based authentication is a security measure that is utilized in order to identify end users for accurate authorization of online activities. ??? QUESTION VERIFIED The idea behind KBA is that by selecting questions that only the target individual would know the answers to, systems can verify whether a user is the legitimate owner of a password-protected area. KBA has become ubiquitous among a wide variety of networks across the internet, utilized when companies are in need of a feature to verify end-users for personal data in order to receive access to protected areas of a website. KBA questions can be factual, such as: -What address are you associated with? V Q&A or What color is your 2002 Honda CRV? Contrarily, KBA questions can be subjective e.g. What is your favorite animal? Static Knowledge Based Authentication In a static knowledge based authentication scheme, the end user selects the security questions he/she would like to be asked. Users themselves then input answers to these pre-selected security questions when they set up a password-protected profile or system. MAJOR CONCERNS WITH STATIC KBA • Useless security measure for identity thieves opening accounts with stolen legitimate identities. The question/answer pairs are stored by the host in secured databases. Later, if the end-user needs to renew their password or provide proof of their identity, they are responsible for remembering the answers provided. • Questions are too generic. LOGIN Static KBA is commonly used by banks and other financial institutions as an identity verification method, prior to logging into one's personal account. Organizations are moving away from this method. What is your mother's maiden name? Dynamic Knowledge Based Authentication Dynamic KBA generates questions in real-time from an individual's data records. Unlike static KBA, dynamic KBA does not require a company to have had prior contact with their customer. PUBLIC RECORDS MARKETING DATA CREDIT REPORTS AND OTHER RECORDED FACTS Dynamic KBA systems generate questions in real time based on information in a consumer's aggregated data file, which could include: public records, marketing data, credit reports, and other recorded facts. 121.001.0.1 121.001.0.2 121.001.0.3 121.001.0.4 In a dynamic scheme, the end user has no idea what question will be asked. Instead, the question/answer pairs are determined by harvesting data in public records. In many cases, knowledge-based authentication is used as part of multi-factor authentication, where other types of security processes like IP checking may also be used. Dynamic KBA is considered superior to static KBA, mainly due to the fact that that it does not require an existing relationship with the customer. However, dynamic KBA should be coupled with a comprehensive fraud prevention platform that provides insight into an ID so that you can quickly pinpoint suspicious behavior and escalate to a higher level of verification based on risk. Enhanced Dynamic KBA Enhanced KBA is like dynamic KBA, in that it presents multiple-choice questions to users. The main difference is in what data is used to generate these questions. ?? Ability to provide unique, relevant questions to your consumers. ?? Provides complete privacy protection on your consumer data. Use internal proprietary data behind your firewall to generate questions. Replaces shared secret questions with a safer authentication method. Leverage the technology benefits of a Saas KBA solution. You are able to use your proprietary data that is secured behind your firewall to create custom questions. Gives a complete end-to-end authentication solution to verify new and existing customers when combined with dynamic KBA. KBA approval under COPPA (by Federal Trade Commission) On December 23, 2013, the Federal Trade Commission issued a letter approving the use of knowledge-based authentication as a method of obtaining prior verifiable parental consent under its new Children's Online Privacy Protection Act Rule, 16 C.F.R. Part 312. RICA MCMXN* Sources: http://www.techopedia.com/definition/13897/knowledge-based-authentication-kba http://searchsecurity.techtarget.com/definition/knowledge-based-authentication http://www.iverifly.com/knowledge-based-authentication-dynamic-vs-static/ http://www.jdsupra.com/legalnews/coppa-knowledge-based-authentication-18134/ http://www.infolawgroup.com/2014/01/articles/childrens-privacy/knowledge-based-authentication-approved-as-method-to-verify-parental-consent-under-coppa/ Infographic Designed by: IDOLOGY ENationalPositions INC.

Knowledge Base Authentication

shared by bhonma on Sep 10
214 views
0 shares
0 comments
Knowledge Based Authentication is used when a users authorization is needed for online activities. Not only to for legitimacy, KBA is useful when a user enters a protected area of a website.

Publisher

Brock Honma

Designer


Source

Unknown. Add a source

Category

Computers
Did you work on this visual? Claim credit!

Get a Quote

Embed Code

For hosted site:

Click the code to copy

For wordpress.com:

Click the code to copy
Customize size