“Free”: the real costs of knowledge-based authentication questions?

Imagine trying to log into your 401k account after a long time and luckily you can’t remember the password. You try to reset the password online but you can’t remember the answers to the security questions you set when you opened the account. After several minutes of a frustrating online experience, you call the customer service number but find out that there is no option to reset the password in the automated menu. As a last resort, you point to the agent. After an eternity of listening to the on-hold music, you finally reach the agent and ask for help. Half an hour has already passed when you hear the agent say “please answer these five randomly generated questions so that we can authenticate you”. You spend another 15 minutes as the agent spells out each letter on five different license plate numbers to identify a car you may have owned ten years ago but have now forgotten. By the time you finally reset your password, you’ve wasted an hour of your productive day.

These experiences vary in their level of frustration but are very common. At the heart of this experience is the identification process which in turn is based on the foundational element of Knowledge Based Authentication or KBA questions. These KBAs can be fixed or dynamic (multiple choice questions generated on the fly like in the license plate example above). But at the end of the day, the answers always depend on something you know, not something you are or something you do.

It is widely accepted that KBAs are frustrating not only for consumers but for contact centers themselves. Pindrop research shows that up to 30% of customers face KBA-based identity questions, while more than half of criminals ignore them. According to a Forrester report¹, a North American bank reported that knowledge-based authentication (KBA) had a false rejection rate of 25%, resulting in an unacceptable level of customer dissatisfaction. The adoption of voice biometrics has enabled the bank to reduce false rejections to less than 3%.

But these observations have been known to the industry for a long time. Steps have already been taken by companies to reduce their reliance on KBAs and adopt smoother biometric and behavioral modalities. However, despite customer dissatisfaction, delays, longer wait times and ongoing data breaches, KBAs continue to persist and are still one of the most common forms of consumer identity and verification. . Why is this so? What do companies lose by sticking to the KBAs? What value can be unlocked by removing KBAs from the ID&V process? We explore these topics in this blog.