What is Age Categorisation?
Age Estimation is a process carried out by an Age Check Provider or an Age Check Decision Maker to establish that a citizen is likely to fall within a category of ages, over a certain age or under a certain age to a specified level of confidence by reference to inherent features or behaviours related to that citizen.
Age Categorisation is different to other types of Age Verification such as Age Determination and Age Estimation because it does not use information about an individual, but rather an assessment of their inherent features or behaviours by that individual – such as what they look like to estimate their age.
How do we test or check Age Categorisation?
We apply PAS 1296:2018 as the framework for assessing the approaches adopted for Age Categorisation. If you check ID documents to find out how old a citizen is and use this information to put them in an age group and make a decision about their eligibility to access goods, content or services, then our independent 3rd party certification will help build client confidence that your systems actually work.
Our audit process for Age Categorisation is split into three parts:
- Policy Evaluation - Our auditors will conduct an evaluation of your age check policies by building a detailed understanding of your approach to age checks, your practice statements, your approach to data privacy, protection and security, your approach to age validation, your commercial model(s) and your management of age attributes. Our policy evaluation will explore the approach you take to the provision of age check services and the decisions that you have made on the application of your age check policies and procedures.
- Quality Evaluation - Our auditors will conduct an evaluation of how you manage and control your business. This means that we will check your approach to quality assurance, control of records, policies and documents, how you handle internal audit, control of non-conformity, customer/user complaints and stakeholder feedback. We will assess the ‘top management’ commitment to quality control, review and implementation of preventative measures.
- Technical Evaluation - Our auditors will conduct a technical evaluation of your systems to ensure that their programming and performance are in accordance with your policies. The technical evaluation is undertaken by a technical specialist and is subsequent to the policy and quality evaluation. The Technical Evaluation includes, where applicable:
- Bona Fide Test Crew Presentation – we can utilise a test crew of 18 – 21 year olds (currently – in future this will be broader) to carry out a test of the accuracy of your Age Categorisation systems. Through this we can assess the false/accurate accept rates.
- Presentation Attack Detection – we can assess PAD for identity assets presentation (both genuine and false identity assets). We can utilise different presentation attack instruments, PAI species, and PAI series. This is sometimes more commonly known as anti-spoofing testing.
- Detection Device Analysis – we can assess performance on multiple forms of detection devices – webcams, tablets, cameras, mobile telephones – different operating systems (such as Android, ios, etc.) and at different presentation intensity, distance and angles. We can also test device integrated equipment, such as gaming machines or till systems, subject to them being made available to us at the testing studio.
- Electronic Identity Document Validation Technologies – this is testing system capabilities on identifying ID documents (such as Passports, Driving Licences or other official ID Cards), being able to extract relevant data from those documents (such as through Machine Readable Zones (MRZ) or Near Field Communication (NFC)) and present that data accurately to enable effective Age Categorisation.
- Social Proofing – is analysis, with a user’s consent, of their digital footprint and the related social graphs, which can be interrogated to determine the veracity of a self-asserted This is the ability of systems to gain proof of age through analysis of the social contacts a citizen has and asking those social contacts to verify or confirm the age attributes of the citizen.
- Parental Consent – this is the process of identifying and verifying a digital parent or capable guardian related to or responsible for a citizen and gaining verification of the age group of the citizen through information provided by that parent or capable guardian.
- In situ Testing – this is the testing of deployed units in real world scenarios. Typically, this comes after the initial certification and is part of the certification monitoring that is put in place to make sure that systems continue to perform as expected.
What jurisdictions are Age Categorisation applicable to?
Age Categorisation can operate throughout the world, although some are limited by access to attributes about citizens in some countries.
What standards, laws or regulations apply to Age Categorisation?
Age Categorisation can initially be quite intrusive as it requires the Age Check Service or Decision Maker to access information held about citizens to verify their identity and be able to extract and present an age attribute to the required level of confidence into a category. Thereafter, however, it is not normally necessary to retain the original identity information or to pass that information on to 3rd parties.
As such, the provisions of data protection legislation are likely to be the most applicable to organisations conducting age categorisation.
It is worth noting that for most age restricted goods, content or services, regulations usually only require Age Categorisation and, in some cases, permit Age Estimation. It is not usually necessary to provide Age Determination.
There are currently very few laws or regulations applicable to Age Categorisation. Although standards are developing, they are not yet fully in place.
How do I get our Age Categorisation tested?
The first stage of gaining certification for your Age Categorisation is for us to undertake an Application Review in accordance with the requirements of ISO/IEC 17065:2012. There is no fee for the completion of an application review.
During the application review:
- Define the scope of certification;
- Confirm the means available to perform all evaluation activities;
- Confirm our competence and ability to perform the certification activity;
- Confirm a plan for audit and evaluation;
- Provide an Estimated Fee for our Certification Services
BECOME A TEST PURCHASER