Kpass contacted us last week to show their verification process that lets children’s web sites meet COPPA rules. Brief refresher: The Children’s Online Privacy Protection requires parental consent before kids thirteen-and-under are allowed to submit personally identifiable information or PII.The question is how do you authenticate that the approval is from a parent and not little Austen or Madison’s best friend?
That’s where Kpass comes in. After the parent receives an email from the web site operator, he or she will then have to prove her parenthood by providing a piece of information that only a parent would know– the sum of the last two-digits of a social security number or credit card number, or perhaps the approximate amount of the last deposit made in a bank account or some other data point that only a parent would know. To do this, it appears Kpass will have hooks into credit reporting agencies (CRAs) or perhaps the new breed of data brokers.
Kpass has set up a sample mythical kiddie web site called chatesque–convincingly done, by the way– where the curious can try out their authentication process.