Overview of MobileMatch to KBA

An overview of the MobileMatch to KBA workflow.


MobileMatch Only is one of five standardized, best practice workflows that ID DataWeb offers. MobileMatch utilizes a two-step process to 1) verify a person's identity based on mobile carrier data attached to a provided phone number and 2) verify possession of that phone number via a one-time password challenge. Additionally, it screens each verification session for indicators of risk and nefarious behavior.

MobileMatch is an available verification method for the United States, Canada, and the United Kingdom.

KBA Only (short for "Knowledge Based Authentication") is one of five standardized, best practice workflows that ID DataWeb offers. Knowledge based authentication utilizes challenge questions that require highly personalized knowledge to verify a person's identity in real-time. Additionally, it screens each verification session for indicators of risk and nefarious behavior.

Knowledge based authentication is an available verification method for the United States and is not available internationally at this time.

MobileMatch to KBA Process

  • 0 - Country Selection. The user is asked to select the country which they live in.
    • If they select US, UK or Canada - they will proceed to MobileMatch. For any other countries, they will proceed directly to BioGovID (step 2.)
    • Passive risk analysis is also performed at this step - if the user is deemed high risk (TOR browser, bot behavior, blacklisted IP address) - they will be immediately denied and prevented from proceeding.
  • 1a - PII validation. The user will complete the PII form, which includes Full name, Home Address, and Personal Phone Number. Upon completion, the system will analyze the correlation between the PII and the phone number using 3rd party data sources. If a link is established, they will proceed to step 1b - (OTP phone possession check.)
  • 1b - MobileMatch Verification. If the user's PII is correlated to their phone number, the last step is to confirm possession of the device. The user can choose between a voice or SMS based one-time passcode to be sent to their phone. Once they receive it, they type it into the screen. This confirms they are in possession of a device registered to who they are claiming to be, with no risk detected, leading to a verified identity.
  • 2a - Additional PII collection. The user will be asked to enter their date of birth. This is necessary to resolve their specific identity to generate accurate questions.
  • 2b - Knowledge Based Authentication question challenge. In this step, the user is asked 3 multiple choice questions which are specific to their banking, education, employment, and/or property history. The user completes the questions, and submits. If the user gets 2/3 correct or more, they are approved. If they do not, they are asked to retry, and new questions are generated. If the questions are correctly answered, the user is approved. If not, the user is denied.

Integration and Testing

  • If your workflow is set to use test data, please follow the instructions here to test this workflow.
  • Standalone testing - If this is a pilot, use the link sent to you in the Pilot kick off email. To signup for a pilot, click here.
  • If you've created a workflow yourself, you can use the "Copy Link" feature to get a test link.
  • If you are looking to do a OpenID connect integration with your application, add your workflow's client id, secret, and scopes to your OpenID connect client, OR follow the process outlined here. Note, you'll need to register your application's redirect URL on your workflow.
  • If you are looking to do an API integration, review the steps outlined here: MobileMatch and Dynamic KBA.
  • If you are looking to hook a verification workflow into one of your existing IAM tools, we more than likely have an integration or package waiting for you! Reach out to your Solutions Architect or account rep for more details.