Conventional knowledge-based authentication (KBA) involves deriving questions regarding a particular user from facts in a publicly available database, and asking that user one or more of the derived questions to verify the authenticity of the user. For example, conventional KBA accesses facts such as addresses, mortgage payments, and driving records from a LexisNexis® server, a credit bureau or a motor vehicle registry.
Suppose that a user wishes to make a purchase at a store using a store account. In conventional KBA, the store may ask the user a set of questions derived from a set of facts concerning the user in order to complete the purchase. Such questions may include “when were you married?”, “what was the make and model of your first car?”, and “what was the name of your first pet?”. If the user answers the questions correctly, the store completes the purchase. On the other hand, if the user answers questions incorrectly, the store may take remedial steps to verify the authenticity of the user. For example, the store may ask for further proof of identity such as a driver's license.