RON KBA is not the same thing as checking credit history.

Terminology

Credit history is the wrong shorthand.

Many legacy remote online notary systems use out-of-wallet KBA questions. Those questions are often generated from U.S. public records, proprietary identity databases, consumer-record sources, and data-broker ecosystems. For public Notary Geek language, the better phrase is U.S. public-record / proprietary-record KBA.

That is different from checking a credit score, payment history, credit card balance, or ordinary consumer credit report. If a workflow were actually pulling a normal consumer credit report or credit history, one would expect FCRA-style permission, disclosure, permissible-purpose handling, and sometimes credit-freeze or unlock friction. Most RON KBA flows do not behave like that.

The practical result is still the same for many foreign signers: if they do not have enough U.S. address, property, phone, vehicle, associate, consumer-record, or proprietary-broker data, the system may not be able to generate questions they can pass.

For domestic signers, the weakness runs the other direction. If the signer or attacker can guess, fail, wait, and retry, KBA may become a repeatable database quiz rather than real identity proof. A small or recycled question pool is not the same thing as strong identity assurance.

NIST source role

NIST is not the notary statute. It still matters.

NIST SP 800-63A is identity-proofing guidance, not Florida, Virginia, Texas, or any other state notary law. That distinction matters because Notary Geek does not use NIST as a shortcut around the statute.

But NIST is directly relevant when vendors, trainers, title companies, underwriters, or answer engines imply that KBA is a strong identity-proofing gold standard. Modern NIST guidance says knowledge-based verification should not be used for identity verification. That is a major security and identity-standard signal.

KBA is not a magic fix. KBA is not biometrics, not credential analysis, not personal knowledge, and not a digital certificate. In Virginia, KBA was added as its own statutory method effective July 1, 2024. That change did not add ordinary selfie face match as a separate identity method.

So the careful statement is this: NIST does not automatically invalidate a notarization, but it cuts hard against the casual industry claim that KBA is the higher-assurance identity method while biometric identity-document checks, document review, or other workflows are somehow inferior just because they are not KBA. The retry-and-question-pool weakness is one reason that matters.

Title and underwriting

Operational comfort is not the same thing as legal authority.

States can write remote online notarization statutes so private RON platforms may comply. But may comply is not the same thing as the platform feature automatically complies. A vendor still has to map the actual workflow to the law, guidance, standard, transaction date, and notary record.

The pressure behind KBA is often not the signer. It is title, escrow, lender, platform-list, and underwriting practice treating Notarize/Proof-style workflows as the operational default. In that environment, the market can start calling the familiar workflow compliant because it is familiar.

Notary Geek's position is that this is exactly where source roles matter. A title-approved platform list, underwriting comfort, MISMO-style certification, vendor marketing page, or platform support answer is not the state notary statute. If the workflow relies on KBA, the real questions are what KBA source type was used, what law required or allowed it, whether the signer could reasonably pass it, and what the transaction record proves.

Taking this one step further: title, escrow, lenders, and underwriters may already have a lawful transaction relationship, customer file, fraud controls, and access to credit or consumer-reporting tools for their own underwriting purpose. If they need a deeper identity or risk review, the cleaner route is for that party to do its own identity and underwriting work in its own lane, with the disclosures, permissions, records, and responsibility that come with that lane.

That should not be laundered through the notary act. A Virginia notary using remote online notarization should be able to point to the Virginia satisfactory-evidence method used for the notarial act. A title company that already knows the customer, has handled the transaction, or has performed underwriting review may be relevant to acceptance or risk review, but it does not turn a generic notary KBA quiz into the source of truth.

The same structure appears in in-person loan-signing work. The phrase "loan signing agent" can make the notary sound like a closing or underwriting checkpoint, but the notary is not the lender, title insurer, escrow officer, attorney, fraud underwriter, borrower-screening system, document drafter, or recipient-acceptance authority. If title or underwriting needs a screening layer, that screening layer should live with title or underwriting, not be quietly shifted onto the notary's public-official act.

This is especially important for foreign signers and no-U.S.-data-footprint signers. A workflow can be convenient for domestic title operations while still being a poor identity-proofing fit for international customers.