Rising Know Your Customer and other risk mitigation regulations have the financial services world eyeing digital identity technology. Already seeping into the consumer services world, digital identity technology is expected to hit a $12.8 billion valuation by 2024, according to the latest PYMNTS Digital Identity Tracker.
Though financial services players may be excited about the prospect of cutting costs and improving automation through the adoption of digital identities (as opposed to physical identity documents), more traditional identity verification tools continue to dominate. Knowledge-based authentication (KBA) tools, including passwords and security questions, tend to be the primary strategy for verifying identity, and this is true for areas of financial services beyond the consumer world.
As the October Digital Identity Tracker explores, the small business (SMB) lending and financial services industries have begun to dip their toes into more sophisticated identity validation tools. Yet, as small business financial management company Nav told PYMNTS in the Tracker, KBA still reigns supreme.
According to Nav Co-founder and Chief Legal Officer Caton Hanson, the shortcomings of KBA cannot be ignored. As a company that enables small business owners to monitor their credit scores and performance, Nav holds a significant volume of sensitive information about its SMB clients.
“You can’t be negligent in trying to verify or determine the authenticity of users before they access consumer credit,” Hanson told PYMNTS. The same goes for small business users, too.
However, Nav relies on KBA authentication technology provided by Experian‘s Precise ID platform to verify its small business users. Hanson said that, so far, all attempts by fraudsters to infiltrate its system have failed, but it’s not foolproof.
KBA methods may ask users to answer complicated, difficult-to-remember questions. Though a user may be legitimate, answering authentication questions incorrectly leads to false positives and users locked out of their own accounts. The strategy for KBA questionnaires to include “none of the above” as an option in multiple choice questions can also trip up users, Hanson said. On the other hand, many of these questions might be known not only by the users themselves, but by people close to them.
The Struggle To Change
Due to these shortcomings, Hanson told PYMNTS, Nav plans to shift away from the KBA strategy in favor of Experian technology that uses IP addresses and location data to provide real-time user authentication. Until then, however, KBA methods will continue, with Hanson pointing to the challenge of overhauling authentication processes as a major hurdle to making the change.
The financial services industry as a whole continues to shift toward more sophisticated authentication strategies, both the result of enhanced technological capabilities and shifts in consumer behavior. The iPhone’s adoption of passcodes, thumbprints and Face ID to unlock the device, for instance, led to online and mobile banking solutions embracing Face ID to sign into their systems, too.
Though this trend is sure to impact the small business banking, lending and financial services spaces as well, that struggle to shift to more sophisticated authentication methods is felt throughout the small business lending arena.
In 2017, Wells Fargo published a blog post on best practices for small business authentication, a guide that emphasizes ways to strengthen KBA strategies. In its four-step outline, Wells Fargo noted that requiring small businesses to regularly update passwords, and requiring complex passwords from users, are two effective ways to strengthen authentication. The financial institution also recommended multi-factor authentication methods, including one-time codes sent to mobile devices or the use of a token, as well as employee training to more effectively recognize threats.
Separate analysis from Valley National Bank, however, anticipates that artificial intelligence and biometrics are on the side in banks’ small business authentication strategies. Artificial intelligence and learning algorithms “increase security by automating and improving processes for fraud detection and prevention,” while biometric authentication “can help manage corporate account users, and increase visibility” via fingerprint or facial recognition, the bank said.