Recipient authentication via Dynamic Knowledge-Based Authentication (KBA)
Recipient authentication via Dynamic Knowledge-Based Authentication (KBA)
Available only in US datacenter on all paid plans and requires Zoho Sign credits
Knowledge-based authentication (KBA) is a type of authentication where signers are identified by asking them to answer specific security questions to ensure that the signer hasn't been impersonated. As the name suggests, KBA selects questions to which only the signer would know the answers, the system then verifies if the signer is the legitimate owner.
Some popular use cases where this authentication method can be used include: banking and finance, real estate, government agencies, and other departments that handle the transactional financial or sensible information and belong to regulated industries.
Key benefits of Knowledge-Based Authentication
Prevents unauthorized access by adding an extra layer of security for sensitive documents.
Real-time identity verification
Why Dynamic Knowledge-Based Authentication (KBA)?
Dynamic KBA is preferred in scenarios when there are high chances for a user's information to change over a period of time. The questions asked in Dynamic KBA aren't predefined and are generated in real-time. An advantage of this method is that dynamic KBA is more fraud-resistant than static KBA.
Dynamic Knowledge-based authentication involves verifying the signer's identity by requesting signer's information such as first name, last name, year of birth, last four digits of their social security number and their address. The KBA method requires the recipient to answer questions about themselves, and it is matched with information available in credit bureau and public demographic data.
KBA is only valid for verifying the identity of signers who hold the US social security number.
How Dynamic Knowledge-Based Authentication (KBA) work in Zoho Sign
Our technology partner, IDology requires the signer's information such as their first name, last name, year of birth, last four digits of their social security number, and their address, which will be verified against public database, and a list of five out-of-wallet questions about the signer will be generated. If the answers are wrong but the signer has scored the minimum required for challenge, and also if the sender has enabled the challenge option, then the signer will be informed they are eligible to challenge previous outcome and additional questions will be shown if they agree to challenge. The signer is granted access if the answers are correct. If the answers are incorrect, the signer's access is denied.
Flow of the authentication
Example questions
What are the first two digits of your social security number?
In which country have you lived?
Between 1989 and 1994, in which state did you live?
At which of the following addresses have you lived?
Enabling Dynamic Knowledge-Based Authentication
This action can only be performed by administrators. If you're an administrator, follow these steps:
From the left navigation pane, click Settings > Integration, and toggle the Dynamic Knowledge-Based Authentication (KBA) via IDology to ON.
Once toggled, click Configure.
You can set the number of attempts permitted, number of correct responses to clear, also allow signers to challenge for a reattempt and set the number of correct responses to proceed with the challenge.
The signer will be shown a set of out-of-wallet questions to which they must pick the correct responses. You can specify a minimum score for the signers to clear the authentication procedure.
When the signer scores below the minimum, you may show them a few more questions as a challenge for them to attempt to clear the authentication procedure again. The minimum score required for signers to take the challenge can also be specified.
These thresholds for clearing the Knowledge Based Authentication procedure, with or without the challenge, can be set entirely at your discretion.
Click Apply.
How to select identity verification via Dynamic Knowledge-Based Authentication
Upload the document, create a new template, or select an existing template and enter the recipient details under the Add recipients section.
To set recipient identity verification via KBA, click Customize and select Dynamic Knowledge-Based Authentication (KBA) from the Authentication type dropdown.
Click Save.
Note:
The signer's first name and last name must match those present in their social security number.
If there is insufficient information about the signer, IDology won't be able to generate questions. In such instances, the sender could proceed by choosing alternate signer authentication method (email, SMS, or offline).
The number of questions shown to signers shown to the signer (5) and the number of additional questions shown to signers during the challenge (2) cannot be edited
Checking documents signed with Dynamic Knowledge-Based Authentication enabled
From the navigation pane, click Documents > Completed and select the document.
Download the completion certificate, in which you can find the signer's info, authentication mode, authentication result, and service provider.
Credits consumed
Every time the signer attempts answering the main set of questions, 15 Zoho Sign credits will be consumed. If the signer challenges the attempt, an additional 5 Zoho Sign credits will be consumed.
FAQ's
If the recipient closes the agreement for any reason before completing their authentication process, will they have to reauthenticate?
Yes. The recipient has to verify themselves to access the document.
How can I secure against brute force attempts to authenticate?
The sender can set the number of attempts permitted. (Maximum 5 attempts can be set)
My signer failed to clear the questions that were asked. Will they get the same questions again?
No. The questions change based on the signer's information present in the public dataset.
My signer has exceeded the number of attempts. How can they access the document?
If the signer has exceeded the maximum number of allowed attempt threshold, the signer has to contact the sender for assistance. The sender will have the option to unblock the access and once done, appropriate Zoho Sign credits will be consumed when the signer reattempts.
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
Install the PageSense code snippet on your site in a matter of minutes and start collecting in-depth data about the website visitors to grow your business.
Set up goals in PageSense to measure every single action performed by visitors on your website like button or link clicks, form submissions, and page engagements.
Create funnels in PageSense to quickly see which pages visitors use to enter your website, where they navigate to next, and which pages they decide to leave without converting.
Visualize your visitor's behavior with color codes
Set up heatmaps in PageSense to see where users have clicked more, how far they've scrolled, and on which parts of a page they've spent the most time using color-coded patterns in reports.
Use form analytics in PageSense to see how people interact with different fields in your form, whether they complete the form successfully or not, and where exactly they drop out on your form.
Use session recordings in PageSense to watch a video of all the visitor actions performed on your website including the pages they navigate, the buttons they click, the UX issues they face, and more.
Run A/B or Split URL tests in PageSense to figure out which version of your web page works best for your business and results in the best conversion rate.
Use personalization in PageSense to deliver customized versions of your website for every individual customer based on their demographics, local weather, browsing history, and more.
Run polls on your website using PageSense to understand what your customers think about your products/services and what needs improvement on your site.
Use web push notifications in PageSense to schedule and notify your customers about an upcoming flash sale, product releases, promotional coupons, and a lot more that can spark conversions on your website.
Use pop-ups in PageSense to instantly grab the attention of visitors by showing attractive signup offers, coupon code discounts, or email newsletters that can eventually convert them into subscribers.
Use PageSense's advanced features like creating mutually exclusive groups, enabling cross-domain tracking, configuring customized project JS, and more to get deeper insights about your website.
Download the PageSense extension app available for your web browser with a few clicks and start collecting all of your required website metrics in real time.
Discover your favorite integrations with PageSense
Get a deeper look at your website's data by seamlessly integrating PageSense with a host of popular third-party apps like Google Analytics, Mixpanel, Intercom, and more.
The identity of the recipient can be verified within Zoho Sign via several modes. This provides an added layer of security to further fortify the signing process. SMS Knowledge-Based Authentication (KBA) European eID (EU eID) Email Offline SMS The ...
Set the authentication code delivery mode for the recipient to authenticate the signing process. Hover over Settings and click Account settings. Click Sending options and navigate to the Recipient authentication section. Enable the Enforce ...
Available only in Enterprise Edition Setting recipient identity verification via European Union eID (EU eID) Most of us have validated our identity with a driver's license, national ID cards, or other IDs while creating our bank account or when ...
All paid plans and data centers What is NOM 151? NOM 151 or Normativa 151, a Mexican standard that guarantees that digitally signed documents cannot be altered, can be used for any legal transaction by providing a data retention certificate that ...
Zoho Sign offers powerful identity and access management via Zoho Directory. Administrators can configure advance security settings for single sign-on (SSO), user imports, app provisioning based on roles, security policy enforcement, and multi-factor ...