Article provided by Mira Pancholi, Business Development Manager, Jumio

The saying “old before one’s time” has never been so applicable in today’s digital society.

With easy access to technology, young children now have the ability to engage with individuals from across the world. For this reason, it has never been more important that websites and social media platforms develop airtight age verification processes that protect minors from products and services intended for adults.

Over the last few years, there have been many reports of minors gaining access to social media platforms, gaming and gambling websites, and even sites selling e-cigarettes and vaping equipment without proper measures in place to accurately verify their age. For example, a report from The Gambling Commission at the end of last year found that 450,000 children aged 11 to 16 regularly place bets.

Online, it is naturally harder to determine the age of a user. It is only with the right technology that businesses can protect themselves, and most importantly their users, with thorough yet painless age verification checks and authentication processes. Ultimately, it’s important to ensure a user is old enough to be using the product or solution in the first place, but also verify that they are who they say they are on an ongoing basis to help protect against account takeovers.

Combatting the growing risk to minors online

The temptation would be for businesses to employ very limited measures to confirm a user’s age. For example, pop-up windows that simply ask a user if they are over the age of 18, and websites asking for birth dates to be manually entered. These pose obvious issues, with minors simply providing false dates and pretending to be older than they are.

With a recent study revealing that one in four children under the age of six has a smartphone, and nearly half spend up to 21 hours per week on devices, this rise in online access has increased the demand for age verification (particularly as we have seen huge numbers of underage users being granted access without having to verify their age through adequate checks). These checks include the physical inspection of ID documents, visual checks (i.e. is the customer visually and clearly over the age of 18), a valid credit card transaction, age confirmation using third-party agencies, and a document process combined with customer access to controlled checks.

However, companies are now more than ever being held accountable. Last month, The Gambling Commission’s new rules came into force to ensure operators verify customers’ age and identity details faster. Jeremy Wright, the UK’s Secretary of State for Digital, Media, Culture and Sport said, “online tech firms must do more to protect children” in response to a shocking investigation into the number of children accessing dating sites.

So how can businesses ensure their age verification checks are suitable?

Seek out weaknesses

First, we should consider why the technology that is currently being used has its weaknesses. Previously, too many companies have chosen half-baked solutions to safeguard children online at a minimal cost, and these solutions have a number of inherent limitations.

In order to verify an age, reliance on the customer’s own self-report or government-issued identity documentation is not always reliable. While the latter may seem more so, an ID document, such as a driving license or passport, easily may well be one that is fraudulent.

Some are even in the school of thought that making age verification mandatory could amount to setting businesses up to fail at age verification, as regulations divert attention and resources away from other education and safeguarding efforts and put more pressure on users to falsify their verification.

Take advantage of technology users’ habits to increase security

One way to encourage the reliable use of age verification technology is to tailor it towards the habits of the user — in this case, teens and children.

This is where biometric-based authentication, through the use of selfie technology, can benefit an organisation for security as well as the user experience. The simple act of requiring a selfie will deter many minors from using a fraudulent ID alone. But for those that are of age, the user will naturally understand the technology thanks to Apple and Samsung who use face-based recognition to unlock their phones. Most importantly, the user will not be able to use his or her siblings or parent’s ID, or escape verification altogether.

Liveness detection is an important part of this technology. At enrollment, the selfie is compared to the picture on the user’s government-issued ID uploaded via the smartphone or computer’s camera. Then, it is ensured the ID document is authentic and that the selfie matches the picture on the ID. A 3D face map is created from a live selfie during the account setup and contains 100 times more data points than a simple 2D photo and enables online organisations, to more accurately recognise the correct user’s face while concurrently verifying their human liveness.

Minimum age requirements and potential fraudulent activity can then be checked through fraud detection analytics to help minimise risk, and accounts or purchases can then be approved or denied by the business or organisation.

Ongoing, new 3D face maps can be captured and automatically compared against the original face map created, to continue to authenticate the user. Unfortunately, on the dark web fraudsters can purchase usernames and passwords to takeover accounts by impersonating the original user. Authenticating customers for purchases means that businesses are now ensuring the buyer is in fact the account owner for repeat custom through the use of the 3D face map created when the buyer first created their online account. This is highly beneficial for industries such as vaping and e-cigarette dispensaries selling their products online, as it not only ensures identity proofing (i.e., the person making the purchase online is the original account owner)  but also verifies age.

This approach stamps out simple tick box exercises and fraudulent activity by delivering a significantly more reliable authentication experience. Now, if we enhance this with more education, parental supervision and regulation that enables, rather than penalises, diligent companies, we are on to a winning combination.

Ultimately, enabling young people to enjoy the many advantages that technology has to offer should align with the top priority of keeping users safe in a new and increasingly accessible online world.

Mira PancholiAbout the author

As EMEA Business Development Manager for Jumio, Mira is responsible for consulting on digital fraud prevention, customer acquisition and digital innovation. Mira is uniquely skilled to help infuse KYC and identity verification best practices for corporate processes and software, understanding the nuances of compliance, legal and technological considerations. Mira’s strength is her diversity as a CIPD-accredited law graduate with experience in leading projects and developing solutions through IT channels ranging from e-discovery to cybersecurity. Having helped many organisations through the complex regulatory compliance landscape and staying competitive, she has served as a true advocate for compliance software.