Based on an application submitted by Connecticut-based Imperium, the FTC has approved the use of knowledge-based authentication as a method to verify that the person providing consent for a child to use an online service is in fact the child’s parent.
Under the COPPA Rule, online sites and services directed at children must obtain permission from a child’s parents before collecting personal information from that child. The rule lays out a number of acceptable methods for gaining parental consent, but also includes a provision allowing interested parties to submit new verifiable parental consent methods to the Commission for approval.
Knowledge-based identification is a way to verify the identity of a user by asking a series of challenge questions, typically that rely on so-called “out-of-wallet” information; that is, information that cannot be determined by looking at an individual’s wallet and are difficult for someone other than the individual to answer. This authentication method has been used by financial institutions and credit bureaus for a number of years, and has been acknowledged by the Commission and other government agencies as effective for that purpose.
http://www.ftc.gov/news-events/press-releases/2013/12/ftc-grants-approval-new-coppa-verifiable-parental-consent-method