Principal Financial Group helps millions of people and businesses plan for the future through retirement services, insurance, and asset management. Customers trust Principal with their money, so it’s essential to keep digital channels secure.
But that trust was tested in 2023, when Principal saw a rise in fraudulent online registrations, particularly in its retirement business. Attackers had found a weak spot: unregistered customer accounts already tied to existing investments. Because those accounts didn’t yet have usernames, passwords, or multi-factor authentication (MFA), they became easy targets for takeover.
The culprit was knowledge-based authentication (KBA), a common method for proving identity that asks users to answer personal questions about former home addresses or car models. Unfortunately, that type of data is now easy for fraudsters to buy or steal from breaches, data brokers, and social media.
