2020 Market Guide for Identity Proofing and Affirmation
Get the Guide
X
Skip to content
X
jumio-black-logo jumio-black-logo
search jumio
  • Home
  • Solutions
    • Platform
    • Products
    • Use Cases
    • Industries
    • Features
    • Compliance
  • Technology
    • Informed AI
    • OCR
    • Certified Liveness Detection
    • Face-Based Biometrics
  • About
    • Company
    • News
    • Partners
    • Careers
    • COVID Relief
  • Resources
    • Library
    • Trusted Identity Blog
    • Technical Blog
    • Webinars
    • TCO Calculator
  • Contact
    • Support
    • Sales
    • More
  • English
    • English
    • Spanish (Español)
    • Portuguese (Português)
    • French (Français)
  • s
  • Request Sales Info
  • Request a Demo
Back to Trusted Identity Blog

Why Online Identity Verification is Essential to CCPA Compliance

By Loryll DeNamur | July 24, 2019

The California Consumer Privacy Act, or CCPA, is an unprecedented privacy law going into effect January 1, 2020. CCPA is expected to be the strictest data privacy law in the U.S. and will accomplish three major objectives, giving California residents the right to:

  1. Know what information businesses are collecting about them
  2. Tell a business not to share or sell their personal information
  3. Protections against businesses that do not uphold the value of their privacy.

CCPA compliance is a fast-approaching reality for organizations around the world. If they receive personal data from California residents, then they must implement a number of procedures including:

  • Right to Access: Organizations subject to the CCPA must honor consumers’ requests regarding the right to access their personal information. The disclosure process of the information requested must be free of charge for a consumer and sent by physical mail or electronically.
  • Right to Delete: Organizations subject to the CCPA have an obligation to honor consumers’ requests regarding the right to delete their personal information.

Verifiable Consumer Requests

When a consumer requests a copy of their personal information (or requests its deletion), your organization can only comply if it’s a verifiable request — in other words, you need to verify a person’s identity before disclosing the requested information or deleting it.

But how does a business or organization know that the consumer attempting to exercise these rights is who they claim to be?

This is where online identity verification comes into play. The role of online identity verification is to tie the digital identities of your online customers and users (who they claim to be) to their real-world identities (who they are in real life).

Large-scale data breaches, phishing and social engineering attacks have made it easier for fraudsters to assume the online identities of legitimate account owners through account takeover fraud, which involves a criminal gaining unauthorized access to a user’s account and using it for some type of personal gain.

This means when a consumer requests to know what information has been collected about them, the business or organization must ensure that they do not inadvertently divulge personal information to a would-be fraudster.

The most reliable way to ensure that data is securely shared is via biometric authentication. Face-based biometrics are far more convenient for consumers than traditional methods of online verification. They’re also much more secure and cannot be hacked or duplicated. The data can be kept on the device, rather than on a server or in the cloud, and can remain secure even if the device is stolen. Just as important, face-based biometrics offers a simple one-step solution to the problem of remembering a vast array of PINs and passwords.

How face-based authentication works

Jumio’s biometrics-based approach starts when a new user creates an online account. Users are asked to use their smartphone or webcam to capture a picture of their government-issued ID (such as a driver’s license, passport or ID card) and a selfie, which are then compared to each other to deliver a definitive match/no match decision. As part of the identity proofing process, Jumio creates a 3D face map of the user, which is then stored and bound to the new customer during the initial enrollment process.

3D face-mapping contains 100 times more data points than a 2D photo, and is required to accurately recognize the correct user’s face while concurrently verifying their human liveness.

Spoofing attacks by fraudsters are on the rise in an attempt to fool the selfie requirement. Spoofing attempts generally use a photo, video or a different substitute for an authorized person’s face in order to acquire someone else’s privileges or access rights. To foil these attempts, modern identity verification companies leverage certified liveness detection that captures biometric data through a smartphone’s front-facing selfie camera or a desktop computer’s webcam.

Let’s assume that a California-based consumer makes a CCPA request to know what data has been captured by the organization. Companies want to ensure that the CCPA requestor is the legitimate account owner. Instead of relying on a username and password, the user only needs to capture a new selfie. Because a complete face map was captured when the account was created, the user just needs to take a fresh selfie. A new face map is then compared to the original 3D face map captured during enrollment and a match/no match decision is made. This authentication process takes just seconds to complete.

This type of authentication enables online companies to reliably authenticate CCPA requests and ensure that information is only shared with legitimate customers, not bad actors posing as customers to secure personal information. It also nullifies the risk of account takeover since it does not rely on a username and password which could have easily been stolen from the dark web, phishing or social engineering.

Download the Guide to CCPA Readiness for Online Identity Verification to learn how Jumio can help your business comply with the CCPA.

Related Posts

CCPA 2020: What Businesses Need to Know About the California Consumer Privacy Act

CCPA 2020: What Businesses Need to Know About the California Consumer Privacy Act [Infographic]

September 05, 2019
Our digital and physical worlds are becoming increasingly inseparable, with 81% of American adults going online on a daily basis, according to a recent Pew Research Center survey. Consumers can do everything from renting a vacation home to opening a new bank account with just a few clicks and swipes. In the process they’re leaving...
CCPA

CCPA: Making Sense of California’s Strict New Data Privacy Law

June 06, 2019
Is your business ready for January 1, 2020? This is the date when the California Consumer Privacy Act, or CCPA, is slated to take effect. It’s expected to be the strictest data privacy law in the U.S., and will require data privacy protections and requirements similar to or broader than those imposed by GDPR. The...
GDPR with Online Identity Verification

The Massive Intersection of GDPR with Online Identity Verification

May 09, 2018
GDPR is upon us. The General Data Protection Regulation goes into effect this month and I have a few pretty big concerns based on some cursory conversations with my colleagues at US-based organizations. Concern 1: Most U.S. Companies Still Unprepared for the GDPR The first concern is their apparent ignorance just how much GDPR impacts...

Latest Posts

  • How Identity Verification Can Help U.S. Colleges Weather the COVID Pandemic
  • Beyond Simple Case Management: How to Choose an AML Investigation Management Solution
  • 2021: New Age Restrictions Come Into Play in Europe
  • Innovation is the Key to Future-Proofing Traditional Banks
  • Enterprises Step Up Identity Verification to Combat Rising Account Takeover, Identity Fraud and Credential Stuffing Attacks in 2021
  • 5 Surprising Findings from the 2020 Holiday Fraud Report

This content from Jumio is for general information purposes only. Please consult your legal team for advice regarding your particular situation.

social-media
social-media
social-media
social-media
social-media
  • Solutions
    • KYX Platform
    • ID Verification
    • Identity Verification
    • Jumio Go
    • Transaction Monitoring
    • Document Verification
    • Authentication
    • Screening
    • Address Services
    • Video Verification
    • BAM
    • Fastfill
  • Use Cases
    • User Onboarding
    • KBA Replacement
    • Fraud Detection
    • KYC & AML Compliance
    • Biometric Authentication
    • Going Passwordless
    • Age Verification
    • New Account Onboarding
  • Industries
    • Financial Services
    • Retail
    • Travel
    • Sharing Economy
    • Gaming
    • Telcos
    • Mobility Services
    • Healthcare
    • Education
  • Features
    • Features
    • Compliance
    • KBA Alternatives
    • Compare
  • Technology
    • Informed AI
    • OCR
    • Face-Based Biometrics
    • Certified Liveness Detection
  • About
    • Company
    • Security
    • News
    • Global Coverage
    • Media Resources
    • Brand Guide
    • Partner Program
    • Partner Login
    • Events
    • Awards
    • COVID Relief
    • Fintech Equality Coalition
  • Resources
    • Library
    • Blog
    • Technical Blog
    • Webinars
    • TCO Calculator
  • Contact
    • Support
    • Sales
    • Careers
  • Login
    • Privacy
    • Legal Information
    • © 2021 Jumio All rights reserved. US Patent App.
  • Languages
    • English
    • Spanish (Español)
    • Portuguese (Português)
    • French (Français)