In an increasingly digital world, ensuring the security and authenticity of electronic transactions is paramount.
At PandaDoc, we’re excited to announce the early access add-on of Knowledge-Based Authentication (KBA) for our platform.
With this new multi-factor authentication, document management takes a significant step forward, providing enhanced cybersecurity for various industries and use cases with KBA engineering.
Let’s cover what KBA verification is, why we built it, and why our customers will love it.
What is KBA verification?
KBA stands for Knowledge-Based Authentication.
KBA identity verification is a security technique that verifies a person’s identity by asking them a set of secret questions only they should be able to answer.
The questions are generated using trustworthy sources, such as public records and credit reports.
By validating the identity of individuals accessing or signing documents, dynamic KBA deters fraudulent activities and unauthorized entry.
KBA also plays a crucial role in enhancing user confidence and trust in digital services.
When users know that their service providers employ rigorous authentication methods, they feel more secure in conducting transactions and sharing sensitive information online.
KBA engineering allows for the mitigation of data breaches.
This trust is vital for the growth of e-commerce, online banking, and other digital services.
KBA verification is useful in scenarios where physical verification methods are not possible.
For example, remote workers, online shoppers, and users accessing services from various geographical locations cannot always utilize in-person identity verification.
KBA verification provides a practical and scalable security solution for confirming identities from anywhere in the world with ease.
The difference between static KBA and dynamic KBA
Dynamic Knowledge-Based Authentication (KBA) and Static Knowledge-Based Authentication (KBA) are methods used to verify the identity of an individual based on their knowledge. However, they differ significantly in how they function and their level of security.
Here are the key differences between the two:
Static Knowledge-Based Authentication (Static KBA)
- Pre-set questions: Static KBA relies on answers to pre-set questions that the user provides during account setup. Common examples include “What is your mother’s maiden name?” or “What was the name of your first pet?”
- Fixed answers: The answers to these questions do not change over time.
- Security concerns: Static KBA is less secure because the answers can often be found or guessed by someone else. Information can be gleaned from social media, data breaches, or public records.
- Ease of use: It is easier to implement and use but at the cost of security. Users might also forget their answers over time.
Dynamic Knowledge-Based Authentication (Dynamic KBA)
- Real-time questions: Dynamic KBA generates questions in real-time based on information from public and private data sources. These questions are typically about recent transactions or other up-to-date, personal information.
- Variable answers: The answers change over time, making it harder for unauthorized users to guess or find the correct answers.
- Enhanced security: Dynamic KBA is more secure because it uses up-to-date information that is less likely to be known or accessible to others. The dynamic nature of the questions means they are more difficult to predict.
- Complexity: It is more complex to implement and can sometimes lead to user frustration if the questions are too difficult or seem intrusive.
Why we built it
Meeting industry standards
We’re adding dynamic KBA to PandaDoc so we can meet industry-specific requirements.
As an example, KBA identity verification is required when electronically signing IRS tax documents like Form 8879 and Form 8878.
The dynamic KBA security feature allows accountants and tax professionals to safely manage these forms, guaranteeing compliance with federal regulations.
Unlocking opportunities across industries
KBA verification is not just limited to tax documents; it has a broad range of applications across industries.
From banking and finance to real estate and legal services, many sectors require a reliable way to verify identities.
Mortgage lenders and financial institutions often mandate dynamic KBA security questions as a verification option, making it vital for businesses in these fields.
Why our customers love it
Unmatched recipient experience
We have refined the recipient experience to be the best on the market, thanks to our extensive experience and over 50,000 completed static KBA verifications through the KBA provider portal on the notary product.
Our user flow is designed to prioritize even the tiniest details, guaranteeing a smooth and effortless verification process.
Completing the KBA authentication through biometrics is seamless thanks to its intuitive design and easy-to-follow instructions.
Customization options
One of the highlights of our KBA identity verification is the range of customization options. Senders can adjust the time allowed for answering questions, set the number of correct answers required for the provided security questions, and determine the number of attempts the recipient has to pass the authentication.
These settings can be customized to fit your needs and security preferences, giving you more flexibility and control.
Transparent preview
Once KBA multi-factor authentication settings are configured, senders can preview exactly how the process will appear to their recipients.
Transparency allows businesses to fine-tune the verification process to ensure everything matches their branding and user experience standards, boosting trust and satisfaction through the added layer of fraud prevention.
How it works
Sender experience
To get started, you’ll need to purchase a KBA identity verification package.
We offer flexible options of 10, 50, 100, and 500 verifications, available through self-service or with assistance from our sales team.
Once you have KBA identity verification in your balance, setting up static KBA questions to verify your user’s identity is as straightforward as setting up any other verification method when preparing or sending a document.
Recipient experience
For recipients, the authentication process is simple and secure.
Before opening or signing a document, KBA will need to verify the user’s identity.
To complete this process, individuals must disclose personal information and credentials like their Social Security Number and answer five tailored questions.
Depending on the settings, recipients might have multiple attempts to complete the identity verification.
This functionality guarantees that only authorized individuals can access confidential documents, giving both senders and recipients peace of mind.
Developer integration
For developers, setting up KBA identity verification via our Public API is straightforward.
By utilizing two endpoints, developers can seamlessly integrate KBA into their workflows.
This enables their applications to benefit from the same level of security and authentication as PandaDoc.
Conclusion
Our decision to include KBA identity verification in PandaDoc showcases our commitment to strengthening security and compliance for our clients.
With dynamic KBA and static KBA, we ask all the right questions to keep your online transactions super secure.
No matter what industry you’re in, the KBA add-on is here to meet and exceed your secure document verification needs.
For more information on how to protect documents with recipient verification and enable verification via our API, please visit our support pages:
Embrace the future of secure digital transactions with PandaDoc’s KBA verification today!
Disclaimer
PandaDoc is not a law firm, or a substitute for an attorney or law firm. This page is not intended to and does not provide legal advice. Should you have legal questions on the validity of e-signatures or digital signatures and the enforceability thereof, please consult with an attorney or law firm. Use of PandaDoc services are governed by our Terms of Use and Privacy Policy.
