Age Assurance
Confirm whether a user meets an age requirement using RiskOS™ Age Assurance — a layered workflow that starts with passive, low-friction signals and escalates to active selfie or document verification only when required.
What is Age Assurance?
Age Assurance is a RiskOS™-native Enterprise Solution that confirms whether a user meets an age requirement — for example, 18, 21, or 25 and over. It combines low-friction passive signals with higher-assurance active verification in a single, configurable workflow.
Age Assurance uses a layered, progressive approach:
- Start with passive signals that require no user action, such as device, phone, or email intelligence.
- Escalate to active verification — a selfie or a government document capture — only when a passive check does not return a result or when your policy requires it.
This approach balances accuracy, privacy, user experience, and regulatory flexibility. Instead of returning a date of birth or an exact age, Age Assurance returns a simple ACCEPT or REJECT decision with a Valid Age tag, backed by privacy-preserving Boolean threshold flags (age18Plus, age21Plus, age25Plus), so your application receives only the eligibility answer it needs.
Socure remains neutral on regulatory policy.
Socure does not determine which ages, states, or methods apply to your use case. You configure the state rules, thresholds, and escalation paths that match your compliance requirements. See Regulatory handling.
Common use cases
- Age-restricted content and platforms
- Alcohol, tobacco, vaping, and cannabis commerce
- Online gaming, gambling, and sports betting
- Marketplaces and social platforms with minimum-age requirements
- Any workflow that must confirm an age threshold while minimizing friction and data exposure
Available assurance methods
Age Assurance orchestrates two categories of method. Cherry-pick a single method, run several independently, or chain them into a waterfall that escalates only when a method returns no result.
Passive methods
Passive methods infer an age threshold from signals the user already provides, with no photo or document capture.
| Method | Input | What it does | Typical use |
|---|---|---|---|
| Device-based | Device session token (SDK) | Matches a device to a historical identity in Socure's Identity Graph. | First step when a device signal is available and rules allow it. |
| Phone-based | Phone number (optional name) | Resolves an age threshold from an identity linked to the phone number. | When a device signal is unavailable. |
| Email-based | Email (optional name) | Resolves an age threshold from an identity linked to the email address. | As an additional passive fallback. |
The Digital Intelligence SDK captures the device session token and passes it in the evaluation request — you don't collect it manually.
Phone- and email-based methods can trigger a one-time passcode (OTP) to confirm possession. OTP runs only when RiskOS™ finds an identity.
Active methods
Active methods estimate or read an age from a capture the user provides through the Predictive DocV capture application. They run only when a passive method can't resolve age or your policy requires a capture.
| Method | Input | What it does | Typical use |
|---|---|---|---|
| Selfie-based | Selfie image with consent | Estimates an age from a facial image, with liveness and injection checks. | Where a document is not required. |
| Document + selfie | Government document (± selfie) | Reads the age from a verified government document, with the same checks. | Where a jurisdiction requires a government document. |
Privacy by design.
Final customer-facing responses never include a date of birth, an exact age, an age range, raw PII, images, or confidence scores. Age Assurance returns Boolean threshold indicators only. See Privacy and data handling.
Age Assurance bills only when a method returns a usable result. For the full billing model, see Billing behavior.
High-level runtime flow
The following diagram shows the conceptual execution flow. When your application submits an Evaluation request, RiskOS™ runs the passive and active methods your workflow configures:
- The client submits an Evaluation request with the available inputs.
- RiskOS™ executes the configured passive methods.
- A method that returns a result ends the evaluation and returns a decision immediately.
- A method with no hit — or no matching input — falls through to the next configured method.
- Active verification occurs only when required.
- The final response returns a privacy-preserving
ACCEPTorREJECTdecision with aValid Agetag.
flowchart TB
A["Evaluation request received"] --> B["Device Age Assurance"]
B -->|Meets threshold| Z["Return privacy-preserving decision"]
B -->|No hit or no input| C["Email Age Assurance"]
C -->|Meets threshold| Z
C -->|No hit or no input| D["Phone Age Assurance"]
D -->|Meets threshold| Z
D -->|No hit or no input| E["Active verification: selfie or document"]
E --> Z
The exact sequence depends on the workflow configured during implementation. See Configure the Workflow.
Regulatory handling
Age Assurance is fully customer-controlled. Socure remains neutral on regulatory policy and doesn't decide which rules apply to your business. Your workflow defines:
- State rules — which methods and thresholds apply in each jurisdiction.
- Thresholds — which Boolean threshold flags (
age18Plus,age21Plus,age25Plus, or others) gate your decision. - Escalation paths — when to fall through from a passive method to an active one, and which active method to require.
Thresholds are customer-configurable and can evolve over time.
Get started
Related
Updated 9 days ago

