Conventional knowledge-based authentication (KBA) involves deriving questions regarding a particular user from facts in a publicly available database, and asking that user one or more of the derived questions to verify the authenticity of the user. For example, conventional KBA accesses facts such as addresses, mortgage payments, and driving records from a LexisNexis® server, a credit bureau or a motor vehicle registry.
Suppose that a user wishes to make a purchase at a store using a store account. In conventional KBA, the store may ask the user a set of questions derived from a set of facts concerning the user in order to complete the purchase. Such questions may include “where did you live in September, 1998?”, “what is your current mortgage payment to within 20 dollars?”, and “what make and model car did you drive in February, 2001?”. If the user answers the questions correctly, the store completes the purchase. On the other hand, if the user answers questions incorrectly, the store may take remedial steps to verify the authenticity of the user. For example, the store may ask for further proof of identity such as a driver's license.
In many scenarios, the questions used in conventional KBA take the form of multiple-choice questions. Such multiple-choice questions include a correct choice and a set of wrong choices. In conventional KBA, software packages such as IBM Smart Analytics System provides the set of wrong choices for a KBA question from data in the publicly available database.