By Philipp Pointner, Chief of Digital Identity, Jumio
As we reflect on 2021, the internet has proven to be an invaluable resource for our children and young people. Not only did it keep them entertained and connected to family and friends, but it also helped facilitate learning. However, the internet was not designed with children in mind and it has become a potentially dangerous place. For instance, last year, global technology companies identified and reported21 million instances of child sexual abuse.
As we see the first draft of theOnline Safety Bill published, it’s clear that more needs to be done when it comes to protecting children from all manner of harms online and we’re hopeful that the new year will signal a change in how we address these risks.
But to do this, organisations must start at the very beginning – the point of access. Our research found that54% of UK age-restricted websites have been unable to prevent minors from accessing their products or services, showing that this is a clear blind spot.
Much needs to change, but access is a clear hurdle for online businesses and something that can be very easily addressed. While solving this issue alone won’t protect minors from every kind of online harm, it provides a piece of the puzzle to protect the underage from at least some of the areas they shouldn’t be accessing – whether that’s pornography or gambling.
Finding a solution
One way in which organisations can begin to solve this problem is by employing robust and appropriate age verification technologies at the account opening stage. It needs to be done by adopting a risk-based approach to age verification which considers the industry the organisation operates in and the likely harm of onboarding a bad actor. The greater the likelihood of social harm, the greater the need for more robust forms of less anonymous methods of age verification.
While this is all well and good, our research showed that organisations are reluctant when it comes to enforcing robust forms of age verification, with 46% fearing it would negatively impact conversion rates for valid customers. A further 36% think it would create a disjointed customer experience. This perhaps explains why we’ve seen manydigital services almost exclusively use self-declaration to verify age. This is a method that can be easily circumvented and, therefore, provides an insufficient level of assurance. However, in 2022 such outdated age verification methods will no longer be acceptable.
More effective age verification checks are needed, but they will need to be efficient and easy to use. The most rational way to do this is by starting with a government-issued ID, like a passport. The user takes a picture of it when creating an online account and online identity verification solutions can extract personal information, like date of birth, to determine the person’s age and know whether the ID has been manipulated. Then, the user takes a corroborating selfie that will be matched with the picture on the ID – this prevents minors from trying to use another person’s ID such as their parent’s or an older friend. The strongest forms of online verification will also leverage liveness detection to ensure the person creating the account is physically present.
After a legitimate customer has been verified online, ongoing biometric-based authentication will ensure that the original account owner makes all future logins and purchases on an ongoing basis.
Of course, this process might not work for sectors where anonymity is important to users. For example, dating sites and social media platforms use some sort of verification badge instead so that users know the account is authentic. More age-restricted sites, namely in the dating sector, could use this optional badge of authenticity so that users of the platform can then decide whether or not they wish to engage with people unwilling to verify their identities.
Outdated and inadequate methods of age verification, like asking a user to enter their date of birth or asking them to confirm they are of age by ticking a checkbox, need to be left behind in 2021. Of course, age verification doesn’t solve the entire issue of online harms, but it does help protect minors from those that can easily be made inaccessible, without impacting the user experience for legitimate users. After all, it is completely appropriate to hold any organisation that profits from selling age-restricted products and services accountable for the potential harms caused by their platform.