NEW: 2022 Market Guide for Identity Proofing and Affirmation
Get the Guide
X
Skip to content
X
jumio-black-logo jumio-black-logo
search jumio
  • Solutions
    • Platform
    • Products
    • Integrations
    • Use Cases
    • Industries
    • Features
    • Compliance
  • Technology
  • About
    • Company
    • News
    • Partners
    • Careers
    • Events
  • Resources
    • Library
    • Identity and Beyond Blog
    • Technical Blog
    • Webinars
    • TCO Calculator
  • Contact
    • Support
    • Sales
    • More
  • Request a Demo
  • s
  • English
    • English
    • Spanish (Español)
    • Portuguese (Português)
    • French (Français)
    • German (Deutsch)
  • Request Sales Info
High Contrast
Back to the Identity and Beyond Blog

Why Online Identity Verification is Essential to CCPA Compliance

By Loryll DeNamur | July 24, 2019

The California Consumer Privacy Act, or CCPA, is an unprecedented privacy law going into effect January 1, 2020. CCPA is expected to be the strictest data privacy law in the U.S. and will accomplish three major objectives, giving California residents the right to:

  1. Know what information businesses are collecting about them
  2. Tell a business not to share or sell their personal information
  3. Protections against businesses that do not uphold the value of their privacy.

CCPA compliance is a fast-approaching reality for organizations around the world. If they receive personal data from California residents, then they must implement a number of procedures including:

  • Right to Access: Organizations subject to the CCPA must honor consumers’ requests regarding the right to access their personal information. The disclosure process of the information requested must be free of charge for a consumer and sent by physical mail or electronically.
  • Right to Delete: Organizations subject to the CCPA have an obligation to honor consumers’ requests regarding the right to delete their personal information.

Verifiable Consumer Requests

When a consumer requests a copy of their personal information (or requests its deletion), your organization can only comply if it’s a verifiable request — in other words, you need to verify a person’s identity before disclosing the requested information or deleting it.

But how does a business or organization know that the consumer attempting to exercise these rights is who they claim to be?

This is where online identity verification comes into play. The role of online identity verification is to tie the digital identities of your online customers and users (who they claim to be) to their real-world identities (who they are in real life).

Large-scale data breaches, phishing and social engineering attacks have made it easier for fraudsters to assume the online identities of legitimate account owners through account takeover fraud, which involves a criminal gaining unauthorized access to a user’s account and using it for some type of personal gain.

This means when a consumer requests to know what information has been collected about them, the business or organization must ensure that they do not inadvertently divulge personal information to a would-be fraudster.

The most reliable way to ensure that data is securely shared is via biometric authentication. Face-based biometrics are far more convenient for consumers than traditional methods of online verification. They’re also much more secure and cannot be hacked or duplicated. The data can be kept on the device, rather than on a server or in the cloud, and can remain secure even if the device is stolen. Just as important, face-based biometrics offers a simple one-step solution to the problem of remembering a vast array of PINs and passwords.

How face-based authentication works

Jumio’s biometrics-based approach starts when a new user creates an online account. Users are asked to use their smartphone or webcam to capture a picture of their government-issued ID (such as a driver’s license, passport or ID card) and a selfie, which are then compared to each other to deliver a definitive match/no match decision. As part of the identity proofing process, Jumio creates a 3D face map of the user, which is then stored and bound to the new customer during the initial enrollment process.

3D face-mapping contains 100 times more data points than a 2D photo, and is required to accurately recognize the correct user’s face while concurrently verifying their human liveness.

Spoofing attacks by fraudsters are on the rise in an attempt to fool the selfie requirement. Spoofing attempts generally use a photo, video or a different substitute for an authorized person’s face in order to acquire someone else’s privileges or access rights. To foil these attempts, modern identity verification companies leverage certified liveness detection that captures biometric data through a smartphone’s front-facing selfie camera or a desktop computer’s webcam.

Let’s assume that a California-based consumer makes a CCPA request to know what data has been captured by the organization. Companies want to ensure that the CCPA requestor is the legitimate account owner. Instead of relying on a username and password, the user only needs to capture a new selfie. Because a complete face map was captured when the account was created, the user just needs to take a fresh selfie. A new face map is then compared to the original 3D face map captured during enrollment and a match/no match decision is made. This authentication process takes just seconds to complete.

This type of authentication enables online companies to reliably authenticate CCPA requests and ensure that information is only shared with legitimate customers, not bad actors posing as customers to secure personal information. It also nullifies the risk of account takeover since it does not rely on a username and password which could have easily been stolen from the dark web, phishing or social engineering.

Download the Guide to CCPA Readiness for Online Identity Verification to learn how Jumio can help your business comply with the CCPA.

Related Posts

CCPA 2020: What Businesses Need to Know About the California Consumer Privacy Act

CCPA 2020: What Businesses Need to Know About the California Consumer Privacy Act [Infographic]

September 05, 2019
Our digital and physical worlds are becoming increasingly inseparable, with 81% of American adults going online on a daily basis, according to a recent Pew Research Center survey. Consumers can do everything from renting a vacation home to opening a new bank account with just a few clicks and swipes. In the process they’re leaving...
CCPA

CCPA: Making Sense of California’s Strict New Data Privacy Law

June 06, 2019
Is your business ready for January 1, 2020? This is the date when the California Consumer Privacy Act, or CCPA, is slated to take effect. It’s expected to be the strictest data privacy law in the U.S., and will require data privacy protections and requirements similar to or broader than those imposed by GDPR. The...

Age & Identity Verification for Online Gambling

November 26, 2018
The number of children betting regularly in the UK has quadrupled to 450,000, according to a new study out by the UK Gambling Commission. Alarmingly, the amount of children ages 11-16 with a gambling problem has now climbed to 55,000, according to the report. In fact, more children said they had placed a bet in...

Latest Posts

  • eIDAS 2: Transforming Electronic Identification with Digital Wallets
  • 3 Key Findings from Jumio's Digital Identity 2022 Research [Infographic]
  • What Is Synthetic Identity Fraud?
  • How Does Selfie Identity Verification Work?
  • The Power of Orchestration: Why Businesses are Turning to End-to-End Identity Proofing Platforms
  • How KYC and Blockchain Technology Can Operate Together Successfully

This content from Jumio is for general information purposes only. Please consult your legal team for advice regarding your particular situation.

logo jumio
social-media
social-media
social-media
social-media
social-media
  • Solutions

    • KYX Platform
    • ID Verification
    • Identity Verification
    • Jumio Go
    • Document Verification
    • Authentication
    • Address Services
    • Video Verification
    • AML Solutions
    • Transaction Monitoring
    • Screening
    • Fastfill
  • Integrations

    • Microsoft
    • Okta
    • Oracle
  • Use Cases

    • User Onboarding
    • KBA Replacement
    • Fraud Detection
    • KYC & AML Compliance
    • Biometric Authentication
    • Going Passwordless
    • Age Verification
    • New Account Onboarding
    • Case Management and Investigation
  • Industries

    • Financial Services
    • Retail
    • Travel
    • Sharing Economy
    • Gaming
    • Telcos
    • Mobility Services
    • Healthcare
    • Education
  • Features

    • Features
    • Compliance
    • KBA Alternatives
    • Compare
  • Technology

    • Informed AI
    • Optical Character Recognition (OCR)
    • Face-Based Biometrics
    • Liveness Detection
  • About

    • Company
    • Leadership
    • Security
    • News
    • Global Coverage
    • Media Resources
    • Brand Guide
    • Partner Program
    • Partner Login
    • Events
    • Awards
    • COVID Relief
    • Fintech Equality Coalition
  • Resources

    • Library
    • Blog
    • Technical Blog
    • Webinars
    • TCO Calculator
  • Contact

    • Support
    • Careers
    • Sales
  • Legal

    • Privacy Policies
    • © 2022 Jumio All rights reserved. US Patent App.
  • Languages

    • English
    • Spanish (Español)
    • Portuguese (Português)
    • French (Français)
    • German (Deutsch)