“In light of the increasing ubiquity of data breaches, Government Accountability Office (GAO) released a report today recommending that Federal agencies should discontinue knowledge-based verification to strengthen their remote identity proofing processes and that the National Institute of Standards and Technology (NIST) should provide guidance in creating alternative identity proofing methods.”
“When Federal agencies that issue benefits conduct remote identity proofing – a process agencies and organizations use to verify individuals’ identities when they apply online for benefits and services – they often use knowledge-based verification to compare applicants’ identifying information with electronic records consumer reporting agencies (CRAs) hold to confirm their identities.”
“But with the rise of data breaches, such as with Equifax, a CRA, in 2017, GAO said that hackers could use the stolen data to respond to knowledge-based verification…” Read the full article here.
Source: GAO: Agencies Should Discontinue Knowledge-Based Verification – June 14, 2019. MeriTalk.