Articles in this section

FAQs : Knowledge-Based Authentication (KBA) in BoldSign

Published:

This article answers common questions about knowledge-based authentication (KBA) in BoldSign.

What is KBA in BoldSign?

Knowledge-based authentication (KBA) is a signer authentication method that verifies a signer’s identity using legal identity information and security questions based on public record information.

Who can use KBA?

KBA is available only for U.S.-based recipients.

When does a signer complete KBA?

The signer completes KBA before accessing or signing a document that has KBA authentication enabled. The exact timing depends on the configured KBA frequency.

What information does the signer need to provide?

The signer may need to provide:

  • First name
  • Last name
  • Address
  • City
  • State
  • ZIP code
  • Last four digits of SSN

This information is used to generate KBA security questions.

Does the signer need to upload an ID document?

No. KBA does not require the signer to upload an identity document. KBA verifies the signer through identity details and security questions.

How is KBA different from ID verification?

ID verification requires the signer to submit an identity document, such as a passport or driver’s license. KBA asks the signer to provide legal identity information and answer security questions.

What are the available KBA frequency options?

BoldSign supports these KBA frequency options:

  • Every access
  • Every access until signed
  • Once per document

What is the KBA retry limit?

KBA supports retry values from 1 to 3. If the signer reaches the maximum number of allowed attempts, access to the document is restricted until the sender takes action.

What happens if the signer fails KBA?

If retry attempts are still available, the signer can try again. If the maximum number of attempts is reached, the signer must contact the sender. The sender can reset KBA authentication or remove authentication from the signer.

Can the sender reset KBA?

Yes. The sender can reset KBA authentication for a failed or locked signer. Resetting KBA keeps KBA enabled and allows the signer to try again.

Does resetting KBA remove authentication?

No. Resetting KBA does not remove KBA authentication. It only clears the failed or locked state so the signer can retry KBA.

Can the sender remove KBA authentication?

Yes. If KBA is no longer required, the sender can remove authentication from the signer. After KBA is removed, the signer can continue without completing KBA.

What is KBA name-match tolerance?

KBA name-match tolerance controls how BoldSign compares the signer’s name in BoldSign with the identity details provided during KBA.

Available options are:

  • None
  • Strict
  • Moderate
  • Lenient

We recommend keeping name matching enabled to avoid potential issues where the person attempting KBA provides identity details that do not match the signer added to the document.

When is KBA charged?

KBA usage is recorded when a signer starts a billable KBA challenge and security questions are generated. KBA can be charged even if the signer later fails the verification.

Does adding KBA to a document create a charge?

No. Adding KBA to a signer does not create KBA usage by itself. KBA usage is recorded when the signer starts a billable KBA challenge.

Do retries count as additional KBA usage?

They can. If a signer starts another billable KBA challenge during a retry, that retry may count as additional KBA usage.

Where can admins track KBA usage?

Admins can track KBA usage from the subscription or transaction pages. KBA transactions are shown separately from ID verification transactions.

Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Access denied
Access denied