Gartner Research

When Knowledge-Based Authentication Fails, and What You Can Do About It

Published: 25 September 2012

ID: G00237377

Analyst(s): Avivah Litan

Summary

Verifying identities using knowledge-based authentication based on public data often results in high failure rates and customer inconvenience, and sometimes does not stop the fraud. Put complementary layered solutions in place.

Table Of Contents
  • Impacts

Analysis

Impacts and Recommendations

  • U.S. Gartner clients report an average of 10% to 15% failure rate on knowledge-based authentication (KBA) that relies on users answering personal questions based on public data, such as credit bureau or driver's license records — driving up customer service costs and customer dissatisfaction.
  • Most KBA failures are experienced by legitimate users who cannot answer the questions because they cannot remember the answers, or because the public records are lacking or incorrect
  • Criminals have circumvented KBA used on high-risk transactions by stealing or culling information from public aggregators or social networks

Recommended Reading

©2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Purchase this Document

To purchase this document, you will need to register or sign in above

Become a client