Not only is e-commerce being radically changed due the mobilization of shoppers, but it's disproportionately happening with younger consumers. At the same time, law enforcement and government regulatory attention is being focused on age violations. And yet, the vast majority of companies have age-verification systems that provide almost no legal protections.

Consider Facebook's recent age verification approach, which amounts to little more than a Web declaration. After all, whoever heard of someone lying in an Internet post? In the Facebook case, the people are adults trying to get access to participants in a high school discussion forum. What are the chances that the people that they are trying to block—including potential abductors and molesters—would have no moral problem with lying on a Web form? Especially a Web form with no legal consequence for lying (unlike, for example, an IRS document)?

But what does age verification have to do with mobile? Quite a bit. Mobile devices deliver a steady stream of identification clues, many of which can make a likely imposter detectable.

Let's first clarify what age verification involves. For many products and services, it involves proving that a shopper is at least XX years old, such as with alcohol, cigarettes, adult-themed videos or publications, prescriptions, etc. For others—such as the Facebook example—it's about establishing a "no older than age," such as with children-themed discussion forums. Both present challenges and very different challenges.

From a logistical perspective, it's hard to prove a negative. Therefore, the task of proving that someone is younger than 16 can be tricky. It's not like they can take a picture of a driver's license. And passports and other legal documents are not omnipresent at that age. Not every school issued IDs and, even if they did, the site would need access to a huge updated database to know what a valid ID from each school looks like. And even then, a potential molester could easily fake one.

Then there are sensitivity issues. Some years back, 7-Eleven ran a program to collect mobile phone numbers. As an act of sensitivity, they chose to not ask customers how old they were. The problem is that they then found themselves in a legal conundrum. Because they didn't ask age, they had no idea which of the numbers collected belonged to minors. And given that advertising to minors can cause huge legal difficulties, they were stuck with numbers that were risky to use.

It's also important to note that the goal of "proving" an age is close to impossible. The best a site can get is to establish a decent probability of an age likelihood. And for that, data again comes to the rescue. Online document authentication is not known for reliability and nowhere is this more true than when confronted with a focused and intent fraudster. A 15-year-old trying to get alcohol ordered online is going to be nothing if not persistent and resourceful.

The idea is necessarily to erect a foolproof age-verifying fortress. It's about the attempt. It's about having procedures in place that you can later show an investigator for the FTC or a state or local law enforcement. The problem with Facebook's attempt is that if anything goes wrong, their process looks every bit as anemic as it is.

Not only is document verification fraught with issues, but it also puts the onus on the shopper to do something time-consuming (the word "hassle" seems appropriate) so that they can give you money. Hardly an optimal marketing strategy.

This gets us back to our friend, Mr. Data. Data analytics can generate a substantial profile of your visitors, exploring prior sites visited, history of activity, their IP address, payment card details (in the same name as typically used?) and particularly social media activity and analysis of images posted. People who post group voters where no one appears older than 13 are typically not in college. Friends are often in a similar age range.

The best part is that all of this can be done without asking your shopper to do anything other than shop. You can ask for an age declaration, but as long as it's just for show—as long as the real age assessment is done with as much data as possible behind the scene—it's a good thing.

Another advantage of a data approach is that the shoppers will not know precisely what data is being examined. Without knowing, it would be far more difficult for a fraudster to outsmart the system. Also, age authentication is by definition aimed at the young. Data verification that looks at data points over an extended period means that a fraudster must keep up the con for a long time, something that the typical teen seeking forbidden items often won't have the patience to do.

About Evan Schuman

Evan Schuman has covered IT issues for a lot longer than he'll ever admit. The founding editor of retail technology site StorefrontBacktalk, he's been a columnist for, RetailWeek, Computerworld and eWeek and his byline has appeared in titles ranging from BusinessWeek, VentureBeat and Fortune to The New York Times, USA Today, Reuters, The Philadelphia Inquirer, The Baltimore Sun, The Detroit News and The Atlanta Journal-Constitution. 

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.