What Is KBA and Why Does Your Firm Need to Use It?

Editor's note: An IRS policy that loosens restrictions and allows eSignatures for certain forms has been extended to Oct. 31, 2023. This temporary policy could impact the use of KBA on certain forms. For more information on the temporary IRS policy, click here. 

With the rise of modern technology, more businesses than ever are working with clients online instead of face to face. Tax accountants are not alone in their desire to offer their clients a few different options when it comes to how they access services online or even sign documents digitally.

Canopy offers eSign, a signature verification process that meets the rigorous standards of the IRS. But what is it about Canopy’s eSign that makes it so powerful? Knowledge-Based Authentication, or KBA, is an essential component of a multi-layer security strategy within eSign that ensures tax firms have the ability to both protect and serve their clients.

What exactly is KBA?

Embracing technology is important for tax accountants, and there’s always security and privacy to think of. Knowledge-Based Authentication, or KBA, helps businesses prove a client’s identity before granting them access to certain digital services.

Most people have encountered KBA at some point in their online interactions, usually when setting up an account. During the process, they must answer certain personal questions. These questions may be supplied by the user when setting up an account, or they may be generated from certain institutional information about the client.

It is commonly used for bank accounts, bill payments, credit card accounts, and more. This high-tech method of authentication brings peace of mind to both businesses and their clients, so they can work together in digital spaces.

How does KBA work?

With KBA, information is heavily encrypted until the user identifies themselves by providing information that is private and exclusive to them. After a person’s identity has been confirmed, they have access to the service, documents or information. This type of authentication is growing more sophisticated each year to prevent information from falling into the wrong hands. The benefits of KBA are impressive and it is considered one of the best types of identity authentication available, because the process is quite secure. These two types of KBA are known as static KBA and dynamic KBA.

Static KBA

Static KBA is the method that allows the client to select certain security questions during the setup of the account that they supply the answers to. Most people have experienced this with question choices such as “What is your mother’s maiden name,” or “What was your high school mascot?” Users usually have to answer up to three of these questions to prove their identity and move forward toward full access. Static KBA is just one method that maximizes security and increases the confidence of both the company and the user.

Dynamic KBA

Dynamic KBA presents unique questions for the user to answer generated from data sources in real time. These questions go beyond the information that may be found online and dig deeper into the user’s experience. Proper questions should not be easy for a stranger to guess but not so difficult for the intended user to remember.

Examples of the types of questions that may be presented are “What date was your last bank deposit,” or “What model of car was registered in your name in California in 2012?” Usually, this method includes a time feature that requires an answer within a set period. Failing to answer the question in the time frame is treated as a wrong answer and access is denied. The dynamic KBA is a multilayered approach that requires maximum security.

How KBA helps tax accountants

There are so many ways that KBA helps tax accountants. In order to handle the volume of paper that comes with serving accounting clients, tax professionals often turn to online communication and even conduct business with clients without being face to face. Instead of risking their client’s personal financial information, tax firms can turn to KBA for high-security digital interactions.

KBA can also extend into monitoring and tracking interactions with tax firms and their clients. Not only does KBA authenticate the user’s identity, but it can track the history of any signature processes needed for tax documents. Because of the high levels of fraud that takes place with income taxes, accurate identification verification of signatures is a critical part of good business management and protecting clients.

Tax professionals can’t use just any KBA system, as there are certain conditions required by government entities when it comes to certain tax forms. Proper KBA is especially critical because in 2014 the IRS released a strict set of standards that would allow electronic signatures, or e-signatures, to be used on income tax forms 8878 and 8879. Part of the high standards set forth by the IRS includes extremely strict KBA methods. The signature process also needs to capture certain details that include IP addresses, timestamps, and client logins.

Canopy now offers eSign, our premiere, IRS-compliant e-signature option that uses KBA, which meets the government’s strictest standards. With great technological advancements, and the ability for tax accountants to conduct business online with their clients, they need that vital information to remain secure. Because of the possibilities for false identification, fraud, and hacking, eSign takes the worry out of the equation.

Learn more about Canopy's eSign with KBA here.

Canopy is a one-stop-shop for all of your accounting firm's needs. Sign up for free to see how our full suite of services can help you today.