Knowledge-Based Authentication is the identity verification gold standard for Remote Online Notarization — required by law in 40+ states. Zignature's KBA generates real, out-of-wallet questions from credit bureau and public records data in real time, verifies answers in under 60 seconds, and produces a MISMO-compliant audit trail that stands up in court.
Legally required for RON — satisfies identity proofing statutes in 40+ states
Credit bureau sourced — Equifax + LexisNexis data, not self-reported answers
Under 60 seconds — no friction for real signers, real-time scoring
Zero PII stored — question content and answers are never persisted
Address History
Which of the following street names is associated with an address where you have lived?
Running score: 85/100
2 of 3 answered correctly · Passing threshold: 70
40+
States requiring KBA for RON
<60s
Average verification time
5
Questions per session
0
PII stored by Zignature
Knowledge-Based Authentication (KBA) is a remote identity verification technique that confirms a signer's real-world identity by asking questions drawn from their financial and residential history — data sourced from credit bureaus and public records that the real person would know, but a fraudster using stolen credentials would not.
Unlike password-based authentication or email OTPs, KBA is an out-of-wallet verification method. The questions are never shared in advance, can't be Googled, and are generated dynamically for each session. Even if a bad actor had the signer's name, address, and Social Security Number, they would still need to know which apartment building the signer lived in three years ago, or which credit card issuer they used in 2021.
This makes KBA the gold standard for Remote Online Notarization identity proofing — and the reason 40+ states specifically require it in their RON statutes.
KBA vs. other methods
Questions from credit bureau + public records. Cannot be answered from a data breach alone.
Confirms access to a device or inbox — not identity. SIM swap and phishing trivially bypass OTP.
User-configured questions are discoverable via social media, data breaches, and social engineering.
Biometric + document verification. Higher assurance, requires camera access. Stack with KBA for RON.
Zignature's KBA is embedded directly in the signing flow. Signers never leave the document to a third-party verification portal — it's all inline, instant, and seamless.
The notary or workflow sends the document. The signer clicks the signing link — no account creation, no app download. The document opens directly in their browser.
The signer enters basic identifying information: first and last name, date of birth, last 4 digits of SSN, and current ZIP code. This data is transmitted over TLS 1.3 directly to the KBA provider — Zignature never stores it.
The KBA engine (powered by Authenticate.com, sourcing Equifax and LexisNexis data) generates 5 multiple-choice questions unique to this signer's identity. Questions rotate with each attempt — no reuse.
Each question has a time limit. The signer selects their answer from 4 options. A genuine identity owner typically completes all 5 questions in under 90 seconds. Fraudsters, who need time to look up answers, run out of time.
Answers are evaluated against the verified data source in real time. A score of 70+ out of 100 is a pass. The score, attempt number, timestamp, and IP address are logged. A fail triggers attempt 2 with new questions — two fails lock the session.
The KBA result — pass/fail, score, attempt count, timestamp, IP address — is cryptographically sealed into the document's audit trail. This trail is attached to the final PDF and retained for 10 years. Admissible under ESIGN Act and UETA.
KBA Data Flow — What Goes Where
Signer
Enters name, DOB, SSN4, ZIP
Authenticate.com
Generates questions, evaluates answers
Zignature
Stores only: pass/fail, score, timestamp, IP
Zero PII retained by Zignature. Question content, answer choices, and the signer's responses are evaluated and discarded by Authenticate.com. Only the final scored result reaches Zignature's systems — and only the audit-trail metadata is stored.
Questions are generated from multiple data categories to build a multi-dimensional identity portrait that's hard to spoof from a single data source.
Questions about previous street names, ZIP codes, cities, or apartment numbers associated with the signer's residential history — sourced from credit bureau files and utility records.
"Which of the following street names is associated with a previous address?"
Questions about past lenders, credit card issuers, loan types, or approximate loan amounts from the signer's credit history — information that's on a credit report but not typically searchable online.
"Which company previously held a mortgage for you?"
Questions about vehicle make, model, year, or color from DMV and insurance records associated with the identity — cross-referenced with address history to further confirm identity.
"Which of the following vehicles have you owned?"
Questions about names of relatives or people who have shared an address — sourced from public records and credit bureau data. These questions are cross-checked to prevent identity confusion with family members.
"Which of the following names is associated with a relative of yours?"
Questions about past employers, industry, or approximate employment dates from payroll and insurance records. This data source is particularly effective for mid-career professionals with established employment records.
"Which of the following companies have you worked for?"
Questions about property ownership, assessed value ranges, or county of record for real property associated with the identity. Particularly valuable for mortgage and real estate RON workflows.
"In which county did you own property as of 2022?"
Every state with a Remote Online Notarization statute that mandates identity proofing requires at minimum credential analysis + KBA. Zignature's KBA implementation satisfies the statutory requirements of all major RON states.
MISMO-compliant identity proofing
Satisfies the MISMO Remote Online Notarization standards adopted by most states as the technical benchmark for KBA quality.
Tamper-evident journal + video recording
RON sessions include journal logging and recorded video — both required by most state statutes and retained for the statutory minimum period.
2-attempt limit enforced at platform level
State RON statutes prohibit unlimited KBA retries. Zignature enforces the 2-attempt maximum at the session level with no override available.
KBA Required — Key State Statutes
Florida
§117.265 — KBA + credential analysis required
Texas
Gov. Code §406.110 — MISMO-standard KBA
Virginia
Code §47.1-6.1 — Identity proofing with KBA
Ohio
ORC §147.60 — KBA for remote notarization
Nevada
NRS §240.181 — Credential analysis + KBA
Pennsylvania
57 Pa. C.S. §312 — Identity verification + KBA
KBA failure is rare for genuine identity owners — but it happens. Thin credit files, people who haven't used credit in years, or individuals who've moved frequently may not have enough data in the credit bureau system for questions to be generated, or may struggle to remember distant financial history.
Zignature handles failure cases gracefully — protecting the security of the workflow while offering genuine users a clear path forward.
First failure → Second attempt
A fresh set of questions is generated from a different data category. Score and timestamp are logged for the failed attempt. The notary can see attempt status in real time.
Second failure → Session locked
The session is locked. No further KBA attempts are possible for this session. The notary is notified. Fraud deterrence is preserved — brute-force is impossible within the 2-attempt window.
Thin file? → Automatic ID + Liveness fallback
When the KBA provider cannot generate sufficient questions (thin credit file), Zignature automatically routes the signer to Government ID + Liveness verification via Stripe Identity — no friction, no dead end.
Notary Panel — KBA Status View
Sarah M.
Passed on attempt 1 · Score: 90/100
James T.
Passed on attempt 2 · Score: 75/100
Unknown signer
Failed both attempts · Session locked
Maria L.
KBA unavailable — routed to ID + Liveness
Detailed answers to the questions notaries, legal teams, and compliance officers ask most.
Related features & resources
MISMO-compliant, NIST IAL2, tamper-evident audit trail, automatic thin-file fallback — and it takes under 60 seconds for the signer. Start in minutes.
Trusted by notaries, mortgage lenders, healthcare operators, and legal teams in 40+ states.