The National Institute for Standards (NIST) is changing the suggested guidelines for identity proofing. Knowledge Based Verification (KBV) replaces Knowledge Based Authentication (KBA) in the guidelines. The security protocol formerly referred to as “KBA” has been relabeled as “KBV.”  

What is NIST?

NIST is a U.S. government agency under the Commerce Department whose mission is to set several types of standards, including security standards. 

Some NIST data security standards include NIST 800-53. This offers security controls and privacy controls in application security, mobile, cloud computing, and supply chain security. There is also the standard NIST 800-53/FI. It establishes standards to implement the Federal Information Security Management Act (FISMA). Lastly, the standard NIST 800-30 provides guidelines for conducting risk assessments, and NIST 800-171 pertains to the physical security of data centers. (NIST Special Publication 800-63A)

What is FISMA? 

The Federal Information Security Management Act (FISMA) is a federal law. It requires federal agencies to implement an information security and protection program. FISMA is part of the more significant E-Government Act of 2002 introduced to improve electronic government services and processes management. FISMA requirements apply to state agencies administering federal programs and any private business involved in a contractual relationship with the U.S. government. 

The act requires agencies to develop and implement a program to secure every part of their operations and assets. FISMA increase cybersecurity. 

FISMA increases cybersecurity focus within the federal government. Agency officials, CIOs, and inspector generals must conduct annual reviews of the agency’s information security program and report the results to OMB. 

What was KBA, and is it now KBV? 

Knowledge Based Authentication (KBA), now Knowledge Based Verification (KBV), tests a user’s knowledge by asking a series of questions about their life history before granting access to an account with sensitive digital data. 

Knowledge Based Authentication 

Rather than being stricken from the lexicon of NIST, KBA has been redefined as a security protocol that uses information the signer provides to a platform. The questions are similar to password recovery questions, such as “What street did you grow up on?” or “What was your high school mascot?” The user usually selects three to five questions about themselves from a pre-defined list and provides their answers when setting up their user profile. Users must answer one or more of these questions to authenticate each time they log in.

KBA confirms that the signer logging into an account is the same person who created the account. It is a fraud prevention strategy to prevent account takeover if someone obtains another user’s ID and password.  

Knowledge Based Verification 

KBV involves public information not provided to a platform like eNotaryLog by the signer. The user must verify that information to initiate the online process that contains secure digital data. It is also used as fraud prevention for new accounts and can help secure existing accounts.  

For example, an existing bank account user can apply for a mortgage or credit card at their bank. Security generates questions from public and financial records to verify their identity. This question can range from “Which retail credit cards do you have?” to “What is your approximate monthly mortgage payment?” 

Why is this important? 

We want clients to know that security is constantly evolving and eNotaryLog continues to elevate to meet and exceed security guidelines. Our platform prevents fraud by verifying signer information with KBA and KBV questions. Check out our platform today! 

Subscribe to the eNL blog.

Keep up to date on the latest insights, news and events.

Continue Reading