Knowledge Based Authentication (KBA) has been Compromised

Knowledge Based Authentication (KBA) has been Compromised

by Sean Cope 09/27/13

Everyone needs to be concerned, real concerned. No matter who you are your public records information, which is used to verify your identity when dealing with your mortgage provider, bank, and credit lines is at risk of being used against you.

A hacker service is in play that provides very low cost access to your personal information. This information can be leveraged by an unauthorized third party to cause catastrophic damage to your personal finances. Gov Info Security article by Eric Chabrow reveals that the hacker organization SSNDOB is behind the data breaches of known KBA data warehouses and is selling personal information for pennies on the dollar.

Recently I needed to change my mailing address at a financial institution and was required to answer security questions to prove my identity. Having just gone through the Knowledge-Based Authentication process, it is easy to imagine how an attacker could successfully change a mailing address and order a new credit card. You might not never know that an account was opened only until a credit check to apply for a new mortgage reveals your destroyed credit.

How do you protect yourself against Knowledge Based Authentication (KBA) attacks?

One of the easiest ways to protect yourself is to Freeze your credit. This tactic will not eliminate the threat entirely, but will provide protection against unauthorized credit being opened up in your name. Think about it, an attacker would have a very easy time opening up a credit line, maxing out the cards limit and leave you with a destroyed credit history. You might be paying for a monthly credit monitoring service that will notify you that an additional line of credit has been opened up in your name, but why expose yourself to such activities?

Experian, Trans Union, and Equifax have credit freeze sites that are easy to navigate, and when it’s time to unlock your credit, it too is an easy fill in the form process. Just make sure not to store your Personal Identification Number (PIN) on your computer. Print out a few copies and keep it with your important documents.