Imperium®, already
an industry heavyweight when it comes to identity verification, received
approval on December 23, 2013 from the Federal Trade Commission (FTC) for its
knowledge-based authentication mechanism, which can be used to obtain verifiable
parental consent for children. The Children’s Online Privacy Protection Act (COPPA) Rule
requires operators of websites or online services directed to kids under 13 to
provide notice and obtain verifiable parental consent before collecting, using
or disclosing personal information from children.
In addition to the methods COPPA lays
out in the rule, it also includes a provision allowing companies to submit new
verifiable parental consent methods for approval from the FTC. This gives the rule
some flexibility so the industry has a chance to create mechanisms that work
for them. .
Knowledge-based identification allows verification
of a user’s identity by asking a series of questions that rely on “out-of-wallet”
information. “Out-of-wallet” information is information that is difficult for someone
other than the individual to answer--in other words, facts that cannot be
determined by looking in an individual’s wallet.
The FTC approved Imperium’s® knowledge-based authentication as an acceptable method
of obtaining parental consent as long as it uses dynamic, multiple-choice
questions that include enough options to ensure that the chances of a child
guessing the correct answer is low. Imperium®
provided a couple of examples of knowledge-based authentication questions in
its application like asking about old phone numbers, addresses, etc. Knowledge-based
authentication has been used by financial and credit institutions for years, as
the FTC noted in its approval letter.
To read the FTC’s press release about Imperium® click here.