The infographic depicts the various potential workflows between California requestor type, channel, and verification method. Analysis by IDology found hundreds of potential combinations between the types of customer requestors, the request submission channel, the sensitivity of the data to be shared or deleted, and the method of identity verification.
While most verification requests will be made online by Californians with a password-protected account, businesses must also serve non-customers and customers without password-protected accounts in a variety of channels (e.g., phone, postal mail, or in-person) that will require other forms of identity verification.
If the requestor’s identity can’t be verified on the first attempt, the business needs access to alternative, “step-up” escalation methods of identity verification.
Ultimately, businesses implementing identity verification tools for CCPA compliance face two distinct hurdles:
Neither scenario is ideal, of course, so companies must strike a delicate balance between adequate security and great customer experience. A robust, multi-layered identity verification software product that relies on both machine and human intelligence is essential to deterring fraud and preserving customer experience at the same time.