Age Assurance - Age Check Providers

What are Age Check Providers?

Age Check Providers are organisations that supply the results of checks on a citizen’s identity attributes or biometric features to provide a relying party with age assurance about that citizen.

Age Check Providers will provide at least one of the following services:

Age determination – an indication established that a citizen has a particular age stated to a specified level of confidence and by reference to information related to that citizen
Age categorisation – an indication established that a citizen is of an age that is within a category of ages, over a certain age or under a certain age to a specified level of confidence and by reference to information or factors related to that citizen
Age estimation – an indication by the estimation that a citizen is likely to fall within a category of ages, over a certain age or under a certain age to a specified level of confidence by reference to inherent features or behaviours related to that citizen

How do we test or check Age Check Providers?

We apply PAS 1296:2018 as the framework for assessing the various types of age verification providers, brokers and exchanges. If you are involved in supplying age assurance systems for retailers, entertainment providers or online platforms, then our independent 3^rd party certification will help build client confidence that your systems actually work.

Our audit process for Age Check Providers is split into three parts:

Policy Evaluation - Our auditors will conduct an evaluation of your age check policies by building a detailed understanding of your approach to age checks, your practice statements, your approach to data privacy, protection and security, your approach to age validation, your commercial model(s) and your management of age attributes. Our policy evaluation will explore the approach you take to the provision of age check services and the decisions that you have made on the application of your age check policies and procedures.
Quality Evaluation - Our auditors will conduct an evaluation of how you manage and control your business. This means that we will check your approach to quality assurance, control of records, policies and documents, how you handle internal audit, control of non-conformity, customer/user complaints and stakeholder feedback. We will assess the ‘top management’ commitment to quality control, review and implementation of preventative measures.
Technical Evaluation - Our auditors will conduct a technical evaluation of your systems to ensure that their programming and performance are in accordance with your policies. The technical evaluation is undertaken by a technical specialist and is subsequent to the policy and quality evaluation. The Technical Evaluation includes, where applicable:
- Bona Fide Test Crew Presentation – we can utilise a test crew of 18 – 21 year olds (currently – in future this will be broader) for bona fide presentation to age estimation AI. Through this we can assess the various false/accurate accept rates; skin tone analysis; gender; age grouping; disfigurement; etc.
- Presentation Attack Detection – we can assess PAD for both human-likeness, but not liveness analysis and also for identity assets presentation (both genuine and false identity assets). We can utilise different presentation attack instruments, PAI species, and PAI series. We can test for 2D and 3D presentation objects. This is sometimes more commonly known as anti-spoofing testing.
- Detection Device Analysis – we can assess performance on multiple forms of detection devices – webcams, tablets, cameras, mobile telephones – different operating systems (such as Android, ios, etc.) and at different presentation intensity, distance and angles. We can also test device integrated equipment, such as gaming machines or till systems, subject to them being made available to us at the testing studio.
- Ambient and Directed Lighting Analysis – this is testing system capabilities under different types of ambient light, either presented at the presentation object or at the detection device. This includes for different light levels from supermarket-style overhead LED lighting, to pub-style sodium lighting, to casino-style multi coloured lighting, to strobe lighting and anything in between. We also have the capability for internal and outdoor lighting. The lighting can be directed ambient to the presentation object (i.e. the person being age estimated) or the detection device (i.e. the camera) or both.
- Electronic Identity Document Validation Technologies – this is testing system capabilities on identifying ID documents (such as Passports, Driving Licences or other official ID Cards), being able to extract relevant data from those documents (such as through Machine Readable Zones (MRZ) or Near Field Communication (NFC)) and present that data accurately to enable effective Age Determination.
- Social Proofing – is analysis, with a user’s consent, of their digital footprint and the related social graphs, which can be interrogated to determine the veracity of a self-asserted This is the ability of systems to gain proof of age through analysis of the social contacts a citizen has and asking those social contacts to verify or confirm the age attributes of the citizen.
- Parental Consent – this is the process of identifying and verifying a digital parent or capable guardian related to or responsible for a citizen and gaining verification of the age group of the citizen through information provided by that parent or capable guardian.
- Biometric Subject Behaviours – We can assess systems deployed for identifying and analysing subject behaviours (such as squeezing together one's fingers in hand geometry and a biometric presentation in response to a directive cue which are both voluntary reactions)
- In situ Testing – this is the testing of deployed units in real world scenarios. Typically, this comes after the initial certification and is part of the certification monitoring that is put in place to make sure that systems continue to perform as expected.

What jurisdictions are Age Check Providers applicable to?

Age Check Providers operate throughout the world, although some are limited by access to attributes about citizens in some countries.

What standards, laws or regulations apply to Age Check Providers?

There are currently very few laws or regulations applicable to Age Check Providers. Although standards are developing, they are not yet fully in place.

How do I get our Age Check Service tested?

The first stage of gaining certification for your Age Check System is for us to undertaken an Application Review (LINK: Services > Contact Us > Apply for Certification) in accordance with the requirements of ISO/IEC 17065:2012 (LINK: Services > About Us > ISO 17065). There is no fee for the completion of an application review.

During the application review: