Skip to main content

KBA vs KBV – What is the Difference?

By May 13, 2020September 15th, 2020Article, Identity

KBA vs KBV – What is the Difference?

Knowledge Based Authentication versus Knowledge Based Verification

The terms Knowledge Based Authentication (KBA) and Knowledge Based Verification (KBV) are often used interchangeably.  Both KBA and KBV test a user’s knowledge by asking a series of multiple choice questions about their life history before granting access to an account with sensitive data or that initiates financial transactions.

Abstract image of knowledge

KBV is typically used with new accounts.  It is a means of identity verification.  KBA is typically used with existing accounts.  It is a means of confirming that the person logging in is the same person that originally created the account.  Sometimes the words “dynamic’” and “static” are used to differentiate the two approaches.

What is Knowledge Based Verification (KBV)?

Dynamic KBV

KBV is typically used to verify someone’s identity before granting access to an account that safeguards personal data or initiates financial transactions.  Although it is most often used as a fraud prevention strategy with new accounts, identity verification may be required with existing accounts requesting access to higher risk transactions.  For example, an existing bank account user applying for a mortgage or credit card. In these scenarios, a series of multiple-choice questions are generated dynamically from public and financial records then presented to the user. 

Common examples of knowledge-based verification questions include:

  • Which of the following retail credit cards do you have?
  • What state did you reside in during 2015?
  • What is your approximate monthly mortgage payment?

What is Knowledge Based Authentication (KBA)?

Static KBA

KBA is typically used to confirm that someone logging into an online account is the same person that originally created the account.  It is used as a fraud prevention strategy to prevent account takeover in the case that an authorized person has obtained another user’s id and password.  In these scenarios, the user selects 3-5 questions about themselves from a pre-defined list of options. 

Examples might include:

  • What is your favorite food?
  • What middle school did you attend?
  • What is your favorite book?

The user supplies their answers to these secret questions, which are stored on file.  Each time the user attempts to login, they must answer one or more of these questions to authenticate.

Shiloh Paul

Shiloh Paul

Shiloh Paul is a Marketing Manager at She has authored a number of articles and quantitative research studies. Her work has appeared in articles published in the Wall Street Journal, MarketWatch, Accounting Today, and various other industry newsletters. She's also published a children's book. Shiloh lives in the Northern Virginia area where she is active in local charity efforts to support pet adoption, community cleanup, and ending childhood hunger. In her spare time, she enjoys science fiction and fantasy, oxford commas, and acting. Shiloh is hard at work writing her first novel.