Knowledge-Based Authentication: What You Need to Know
There are numerous tools you can use to protect your clients’ personal and financial data and safeguard your business against a devastating cyberattack. One of these is KBA, or knowledge-based authentication. Below, we’ll answer some common FAQs about KBA so you can use them to bolster your accounting firm’s cybersecurity plan.
What is Knowledge-Based Authentication (KBA)?
Knowledge-based authentication (KBA) for e-signatures is a security measure that’s used to verify the identity of the person signing the document. Once a signer inputs their information, like their name, a 3rd party generates a series of questions based on their public records. These questions ask about personal and financial information, such as their current or previous home addresses, date of birth, car(s) they’ve owned, or the last four digits of their Social Security number. If the signer’s answers are correct, their identity is verified, and they can sign the document.
What Tax Forms Require KBA?
The IRS requires a KBA for Form 8879 and Form 8878 – this allows the signer to electronically sign their Form 1040 and submit it to their Electronic Return Originator (ERO), which is an "Authorized IRS e-file Provider who originates the electronic submission of a return to the IRS."
An ERO "must use a software that includes identity verification," according to the IRS. And, they must maintain a tamper-proof record in a "secure, access-controlled storage system" so they can easily retrieve and reproduce the signed forms.
A KBA is required every time someone signs one of these forms, unless the ERO is physically present to witness the signing or the taxpayer and the ERO have a multi-year business relationship.
How Many Types of KBA Are There?
There are two types of KBA: static and dynamic KBA.
The former is a straightforward approach that requires the signer—in this case, the client—to select three security questions and corresponding answers that they’ll use to prove it’s them.
The second is a multilayered approach in which clients must answer questions that are generated in real-time. Examples might include "Which model of car was registered to your name in 2010?" or "Which are the last four digits of your SSN?" Often, users are only given a certain amount of time to type in the answer. If they get it wrong or don’t respond in the time window, they fail the verification.
What Are the Benefits of KBA For Accountants?
Knowledge-based authentication has many positive implications for accountants, especially tax professionals, who are so often targeted by thieves.
The IRS indicated earlier this year that it had flagged over one million tax returns for possible identity fraud—and that, indeed, more than 12,000 of those turned out to be fraudulent. This is an increase of approximately 3,000 tax returns from 2022. This increase, combined with the fact that these days, most accountants are communicating with clients remotely more than ever, makes having a cybersecurity plan and using tools that maximize security, including KBA, paramount.
KBA provides a crucial layer of security. It makes your remote interactions with your clients much safer, which, in turn, safeguards your reputation and that of your accounting firm.
It will also help minimize the chances you’ll be an easy target for hackers and protect you from the potentially financially ruinous consequences of a cyberattack. Furthermore, it’s an extra tool that will ensure you comply with the cybersecurity standards required of all accountants by the IRS and the FTC’s Graham-Leach-Billey Act.
Who Should Use KBAs?
If you share sensitive documents with your clients online, you should absolutely be using knowledge-based authentication. This is particularly true for businesses that do tax preparation work. Regardless of whether you run a high-volume tax practice or only do a few tax returns each year, KBAs are a high-quality way to ensure it’s harder for hackers to steal your clients’ data.
And as we saw above, it’s required on multiple IRS forms.
What Software Helps Tax and Accounting Pros Implement KBAs?
It’s easy to request, track, and receive digital signatures in compliance with IRS requirements with SmartVault eSignature. It provides unlimited eSignatures and KBAs so you can be confident the correct person is signing the documents. And, SmartVault’s document management system and client portal is a secure, access-controlled system that helps EROs comply with the IRS’s requirements for document storage and retention.
With SmartVault’s Accounting Unlimited Plan, you can grow your business without worrying about surprise charges or caps. The subscription includes unlimited:
- eSignatures and envelopes
- Knowledge-based authentications (KBAs)
- Proposals, quotes, contracts, and forms
- Storage, users, and more!
To learn more and see SmartVault in action, schedule a demo today!