Applying a Risk-Based Approach to Age-Restricted Content

Many types of organizations verify identities for age compliance purposes. But how should they verify ages? Should organizations apply a prescriptive, rule-based approach? Or should they adopt a more flexible approach, based upon the risks of each service? Organizations implementing age compliance solutions should follow the lessons learned from the financial industry.

Rule-based Approaches Are Ineffective

In a 2016 article entitled “Risk-based approach to KYC” (Know Your Customer), Thomson Reuters examined the early history of KYC legislation in the early 1990s. The purpose of KYC and related regulations is to ensure that the people opening financial accounts are who they say they are. If a person is a convicted fraudster or a funder of terrorists, a financial institution needs to know this before allowing them to open an account.

However, the early KYC legislation was prescriptive, rule-based, and developed for one type of financial institution only. The result was a beautiful checklist that was inapplicable to most institutions.

These regulations originally based on the risks and controls related to retail banking simply didn’t fit other business models, such as private, institutional, or investment banking and wealth management. But because compliance isn’t optional, all businesses had to comply as best they could – even if that meant shoehorning retail AML control concepts to fit their own business models, while potentially missing the real risks to which they were exposed. The end result was that compliance efforts frequently failed to meet regulatory expectations.

As we previously observed, “Rules-based ID solutions can no longer keep up.”

The financial world moved away from rule-based approaches to risk-based approaches, in which each organization applied KYC concepts based upon the specific risk. While there is a clear risk in providing a gift card to a fraudster, it is much less than the risk of providing that same fraudster with access to high-value international bank loans.

Risk-based Approaches Address Different Age Verification Applications

In the same manner that financial organizations adopt risk-based decision-making, organizations can apply risk-based approaches to age verification. Aristotle suggested this in 2017:

In financial markets, risk is assessed and Integrity’s customers apply different compliance measures and Integrity products to differing financial and money laundering risks to meet financial compliance guidelines for a specific country or financial situation….It is therefore suggested that adult entertainment companies follow a parallel risk-based approach for age verification…

There are many types of in-person and online services that require verification of ages. The impact of underage access to each service varies. Consider the different risks of an underage person performing each of the following age-controlled activities:

  • Driving an automobile.
  • Gambling (in-person or online).
  • Online access to a social media service that features adult content, such as Pornhub.
  • Online access to a social media service that prohibits adult content, such as Facebook.
  • Purchasing alcohol (in-person or online).
  • Purchasing firearms (in person or online).
  • Purchasing marijuana (in-person or online).
  • Purchasing spray paint (in-person or online).
  • Purchasing tobacco (in-person or online).

Risks can also vary by jurisdiction. The risk of underage access to adult websites in certain states with age verification laws, such as Texas and Utah, is legally higher than the risk of underage access in states without age verification laws.

The effect of underage access can also vary based on the age of the person.

Whether access to such content impacts a 13- or 16-year-old as greatly as a younger child might be a matter of debate and perhaps therefore be considered a lesser risk.

Integrity Implements Risk-based Approaches for Age-restricted Content

One possible drawback of a risk-based approach is its complexity. It takes effort to tune age verification to meet the needs of different applications in different jurisdictions. How much risk is there in opening a Facebook account in California? What about a Pornhub account in Utah? What about firearm purchases in New York?

The Aristotle Integrity Suite addresses this array of risk levels by offering a variety of solutions.

  • For less risky implementations, Integrity ID-Direct may be sufficient. This solution allows you to quickly authenticate individuals online against a comprehensive database of government-issued ID’s for citizens of 135 countries.
  • For implementations with higher risk, you can choose Integrity AutoDoc. This solution requires the user to possess a government-issued ID which AutoDoc reads and checks against the comprehensive database listed above to ensure that the ID exists and is not fraudulent.
  • For the highest-risk implementations Aristotle offers additional options, including Integrity Document for expert analysis of submitted documents, and Integrity Face-to-Face video verification.

Which level of risk applies to your age verification needs? How can the Aristotle Integrity Suite help you address the proper level of risk? Click the “FREE DEMO” button in the upper right corner and an Aristotle representative will suggest the proper solution to meet your age verification requirements.

Recent Posts



Recent Posts

Recent Comments