The FTC has announced (press release) that it has unanimously approved the knowledge-based authentication method proposed by Imperium, LLC (“Imperium”) as a COPPA-compliant method of obtaining verifiable parental consent (“VPC”). Knowledge-based authentication has been used by entities in the financial services industry to authenticate users for several years. For more information regarding the Imperium VPC solution called ChildGuardOnline™ please see our prior blog post.
As noted in its letter to Imperium, under the Voluntary Commission Approval Process of the COPPA Rule, the FTC will consider for approval new verifiable parental consent methods that not currently enumerated in Section § 312.5(b) of the COPPA Rule, and not a party’s specific implementation of such methods. In fact, if a VPC method is approved by the FTC, the method can be used by any party, not just by the applicant. In its letter to Imperium, the Commission has therefore approved knowledge-based authentication as a method that satisfies Section 312.5(b)(1) of the COPPA Rule when “appropriately implemented based on factors including: 1) the use of dynamic, multiple-choice questions, where there are a reasonable number of questions with an adequate number of possible answers such that the probability of correctly guessing the answers is low; and 2) the use of questions of sufficient difficulty that a child age 12 or under in the parent’s household could not reasonably ascertain the answers.”