Verification methods
Age verification is a critical component of digital compliance, ensuring users meet minimum age requirements for accessing certain content, features, or services. OpenAge's age verification methods serve the primary purpose of verifying a user's age to determine access to age-appropriate features or content.
OpenAge provides a comprehensive suite of age verification methods that balance security, user experience, and regulatory compliance. By leveraging multiple verification providers and technologies, OpenAge automatically selects the most appropriate verification methods based on jurisdiction requirements and user circumstances.
How OpenAge verification worksβ
The age verification system is flexible and intelligent, incorporating various verification techniques automatically selected based on jurisdiction requirements, user demographics, and assurance levels needed. You can configure which verification methods are enabled through the Compliance Studio.
The system is privacy focused. OpenAge doesn't store private data or images from the verification process. It simply confirms whether users meet defined age thresholds (adult or digital youth) according to their jurisdiction's requirements, minimizing data collection while maintaining robust verification capabilities.
By default, a product has AgeKey, ID scan verification, and facial age estimation scan enabled. For users in Australia, ConnectID is also enabled by default. Other verification methods can incur additional costs. To enable additional methods, contact your OpenAge representative.
In the Compliance Studio, under the Assurance and Verification tab, you can set any verification method to Fallback only. The same Enabled, Disabled, and Fallback only options apply to every verification method shown under that tab. A Fallback only method is offered only after the user has tried another method and that attempt didn't yield an age signal (no conclusive age determination). See Product configuration for the UI and related settings.
Universal age verification methodsβ
These verification methods are available across multiple jurisdictions and provide broad coverage for age verification requirements.
π ID scan verificationβ
ID scan verification uses advanced document verification technology to authenticate government-issued identification documents including passports, driver's licenses, and national ID cards.
Users simply photograph their ID document with their device's camera. The system analyzes the document to verify authenticity and extract age information. Enhanced security implementations can also require a face scan to confirm the user's face matches the photo in the ID document.
This method is highly effective because government-issued IDs undergo rigorous verification processes before being issued, making them reliable age sources. The technology detects security features and tampering signs, providing strong fraud protection.
πΈ Facial age estimation scanβ
Facial age estimation provides a user-friendly verification method where users verify their age by scanning their face with their device's camera. This privacy-preserving technology uses AI to estimate age categories without storing biometric data.
Users look into their camera and the system provides an age estimate within seconds. The technology provides an estimate of a user's age, and it's recommended to use age categories (adult or digital youth) as the criteria, rather than a precise age.
OpenAge offers two facial age estimation providers to choose from, each with distinct advantages. Rank One processes facial scans on secure servers before immediately deleting the data, potentially offering slightly higher accuracy at the cost of transmitting biometric information. Privately performs all facial analysis directly on the user's device, ensuring maximum privacy by keeping biometric data local. You can configure which provider best fits your privacy and accuracy requirements.
π AgeKeyβ
AgeKey provides the lowest friction experience for repeat users. After successfully completing any other verification method, users can create an AgeKey that serves as a reusable age credential for future verifications. Users can also create an AgeKey directly at AgeKey.org.
Once generated, this secure credential allows users to verify their age in subsequent interactions simply by sharing their AgeKey rather than repeating the full verification process. Your AgeKey is stored locally on your device and protected by your biometrics (Face ID, fingerprint, or device passcode). This significantly reduces friction while maintaining security and privacy for users who have already been verified once.
π³ Credit card verificationβ
Credit card verification provides age verification through secure payment processing, particularly in jurisdictions where card ownership is restricted to adults. Users provide credit card information, and a small charge might be made to validate their card is real. If charged, this amount is refunded within 14 business days.
The system uses established payment infrastructure, ensuring financial data is handled with the highest security standards. This method only allows verification with a credit card, as debit cards and pre-paid gift cards are available to younger users.
π§ Email address age estimationβ
Email address age estimation uses only an email address to estimate a user's age. Users provide their email and complete a one-time password verification to confirm ownership. The system analyzes the digital footprint associated with the email address to estimate age categories.
This method works by examining the digital history linked to an email address, which can indicate age ranges. The process typically completes within seconds and includes fraud prevention measures. It requires no ID scans, selfies, or credit card information, making it a simple alternative for age verification.
Region-specific verification methodsβ
Some age verification methods are tailored to specific jurisdictions, taking advantage of unique digital identity infrastructure and regulatory frameworks in those regions.
π¦πΊ ConnectID (Australia)β
ConnectID is Australia's digital identity exchange operated by Australian Payments Plus. The service enables age verification by connecting users with identity providers they already have relationships with, such as their banks.
Users select their preferred identity provider (typically their bank) and authenticate using their existing banking credentials. They then consent to share specific information, such as confirmation that they're over 18, without revealing additional personal details.
ConnectID is accredited by the Australian Government as an identity exchange and operates within Australia's Trusted Digital Identity Framework. The service is supported by major Australian banks and functions as a data bridge without storing personal information.
πΊπΈ Social Security number verification (United States)β
For users in the United States, Social Security number verification provides robust age verification by using government data systems. Users provide the last four digits of their Social Security number along with their birth date, which is cross-referenced with authoritative government databases to confirm both age.
This method is valuable for users who might not have driver's licenses or photo identification, providing an inclusive verification option that relies on widely held government-issued credentials.
πΈπ¬ Singpass (Singapore)β
Singpass is Singapore's national digital identity system that enables users to authenticate and consent to share verified attributes with relying parties. For age verification, users authenticate with Singpass and consent to share their date of birth (DOB). OpenAge uses the DOB to determine whether the user meets the configured age threshold, avoiding the need to store unnecessary personal data. This leverages the trusted government-backed ecosystem and strong security controls of Singpass.
π°π· KISA identity verification (South Korea)β
South Korea supports real-name and age verification through methods designated by the Korea Internet & Security Agency (KISA). Platforms can request user verification via one of several options: mobile phone (carrier) verification, credit card, or public certificate. For age checks, the provider returns the user's date of birth (DOB), which OpenAge uses to determine whether the user meets the required age threshold. These methods are standardized under South Korea's real-name verification regime and are widely used across online services.
π§π· CPF verification (Brazil)β
CPF (Cadastro de Pessoas FΓsicas) is Brazil's national taxpayer registry, issued by the Federal Revenue Service (Receita Federal). Every Brazilian citizen and resident has a unique CPF number tied to their identity. For age verification, users provide their CPF number, which is validated against the government registry to confirm the individual's identity and age. The verified date of birth is then used to determine whether the user meets the configured age threshold. This leverages Brazil's widely adopted national identification system, providing a reliable and familiar verification method for Brazilian users.
Testing CPF verification integrationβ
While using a test mode, you can use the following test data to trigger a successful or failed verification
- Enter the credentials and submit.
- CPF number: (see credential options below)
- At the end, test data for the verification session is presented.
| CPF Number | CPF Status | Verification Result |
|---|---|---|
| 40442820135 | Regular | β Success |
| 07691852312 | Pending Regularization | β Success |
| 12345678909 | Regular (Age 12) | β Success (Under 18) |
| 40532176871 | Suspended | β Failure |
| 01648527949 | Canceled | β Failure |
| 98302514705 | Nullified | β Failure |
| 05137518743 | Deceased | β Failure |
Testing and development considerationsβ
OpenAge provides two modes for building and operating your integration:
- Test mode: Use provider test credentials (for example, test cards and test IDs) to simulate outcomes such as PASS, FAIL, and specific failure reasons. Because inputs and provider responses are simulated, test mode can't yield real, verified results for real users and must not be used with production traffic.
- Live mode: Verify real users against real providers and authoritative data sources. Users must supply real credentials, and results reflect the user's actual date of birth or age outcome from the provider.
Test mode mirrors the live user experience and response shapes (including webhooks and client events), so you can safely build, exercise error paths, and validate end-to-end handling. When you switch to live mode, simulation features are turned off and only genuine verification methods are available to end users.
Mock and real providersβ
When your product is using a Test Mode API key, the OpenAge verification widget displays a TEST MODE toolbar at the top. The toolbar is never shown in Live Mode and isn't visible to real end users.
The toolbar includes a switch between two paths:
- Mock Providers (the default): the widget replaces each provider UI with a built-in simulator, letting you drive verification outcomes without contacting the real provider.
- Real Providers: each verification method opens its real sandbox integration (for example, Stripe for credit card, ConnectID Mock Bank, Veratad test records). Use this path to validate the end-to-end integration against a live provider sandbox.
The switch is locked once a verification method is in progress, so you can't swap mid-flow.
Using mock providersβ
Selecting a method while Mock Providers is active opens a simulator screen with three groups of controls:
- Context card: summarizes the target age, jurisdiction, civil age, digital consent age, and, for age-estimation methods, the FAE pass/fail thresholds.
- Simulate Attempt presets: one-click personas derived from the product's real jurisdiction thresholds:
Adult,Teen,Childfor methods that return exact or estimated ages, orPasses Age Check/Fails Age Checkfor threshold-only methods such as ConnectID and AgeKey. - Advanced panel: expandable inputs for a custom age range (estimation methods) or a custom date of birth (exact and threshold methods). Submitted status is computed with the same logic real providers use.
- Simulate Failed Attempt presets:
Inconclusiverecords an incomplete attempt (counts toward the method's max attempts), andFraudulentrecords a failure that disables the method for the current verification.
After any submission, a result pill is displayed under the matching group so you can confirm what was recorded.
Using real providersβ
Switch the toolbar to Real Providers when you need to exercise the actual provider integration. Each method opens its vendor sandbox. Use this path together with the provider-specific test data referenced earlier on this page (for example, the Stripe test cards for Credit Card, ConnectID Mock Bank credentials, and the CPF test numbers in the CPF verification testing table).
How mock results are processedβ
A Mock Providers submission isn't a separate code path: the result is routed through the same service that records a real provider's result. Webhooks, DOM events, and session updates fire identically to a production verification. Only the provider UI is swapped out.
For server-to-server test scenarios without the widget, the Set age verification status endpoint offers a programmatic equivalent that's also available only in Test Mode.
Choosing the right verification methodsβ
OpenAge's intelligent system automatically selects appropriate verification methods based on several factors including jurisdiction requirements, user demographics, and the level of assurance required. However, understanding the strengths of each method can help you optimize your age verification strategy.
For maximum coverage and user convenience, implementing multiple verification methods provides the best user experience. Users can choose the method that works best for their circumstances, whether they prefer the convenience of facial scanning, the security of document verification, or the simplicity of leveraging existing digital identity relationships.
The system's automatic selection ensures that users in different jurisdictions see methods that are both legally compliant and technically supported in their regions. For example, users in Australia might be offered ConnectID, while users in other regions might see widely available methods such as ID scanning or facial age estimation.
Privacy and securityβ
Throughout all verification methods, OpenAge maintains a strong commitment to user privacy and data security. The system is designed to collect only the minimum information necessary to meet age verification requirements. Personal data and images aren't permanently stored, and verification results focus on age category determination rather than collecting detailed personal information.
This privacy-preserving approach aligns with global data protection regulations while providing businesses with the assurance they need to meet age verification requirements. By leveraging trusted third-party verification providers and established digital identity infrastructure, OpenAge can provide robust verification capabilities without compromising user privacy.
The verification system also includes strong fraud prevention measures, using advanced technologies to detect manipulation attempts and ensure the integrity of the verification process. These security measures help protect both businesses and users from fraudulent activities while maintaining a smooth user experience.
Integration and Implementationβ
OpenAge's age verification methods integrate seamlessly into existing applications and workflows through standardized APIs. The system handles the complexity of managing multiple verification providers and methods, presenting a consistent interface to developers while leveraging the most appropriate verification techniques behind the scenes.
The verification process is designed to be embedded naturally into user journeys, whether as part of account creation, feature activation, or content access. Results are delivered through both webhooks and JavaScript events, allowing applications to respond appropriately to verification outcomes and provide immediate feedback to users.
By understanding these various age verification methods and their appropriate use cases, developers can create more inclusive, secure, and compliant applications that meet the diverse needs of users across different jurisdictions and circumstances.