Imperium®, already an industry heavyweight when it comes to identity verification, received approval on December 23, 2013 from the Federal Trade Commission (FTC) for its knowledge-based authentication mechanism, which can be used to obtain verifiable parental consent for children. The Children’s Online Privacy Protection Act (COPPA) Rule requires operators of websites or online services directed to kids under 13 to provide notice and obtain verifiable parental consent before collecting, using or disclosing personal information from children.
In addition to the methods COPPA lays out in the rule, it also includes a provision allowing companies to submit new verifiable parental consent methods for approval from the FTC. This gives the rule some flexibility so the industry has a chance to create mechanisms that work for them. .
Knowledge-based identification allows verification of a user’s identity by asking a series of questions that rely on “out-of-wallet” information. “Out-of-wallet” information is information that is difficult for someone other than the individual to answer--in other words, facts that cannot be determined by looking in an individual’s wallet.
The FTC approved Imperium’s® knowledge-based authentication as an acceptable method of obtaining parental consent as long as it uses dynamic, multiple-choice questions that include enough options to ensure that the chances of a child guessing the correct answer is low. Imperium® provided a couple of examples of knowledge-based authentication questions in its application like asking about old phone numbers, addresses, etc. Knowledge-based authentication has been used by financial and credit institutions for years, as the FTC noted in its approval letter.
To read the FTC’s press release about Imperium® click here.