Age Assurance

Confirm whether a user meets an age requirement using RiskOS™ Age Assurance — a layered workflow that starts with passive, low-friction signals and escalates to active selfie or document verification only when required.

What is Age Assurance?

Age Assurance is a RiskOS™-native Enterprise Solution that confirms whether a user meets an age requirement — for example, 18, 21, or 25 and over. It combines low-friction passive signals with higher-assurance active verification in a single, configurable workflow.

Age Assurance uses a layered, progressive approach:

  • Start with passive signals that require no user action, such as device, phone, or email intelligence.
  • Escalate to active verification — a selfie or a government document capture — only when a passive check does not return a result or when your policy requires it.

This approach balances accuracy, privacy, user experience, and regulatory flexibility. Instead of returning a date of birth or an exact age, Age Assurance returns a simple ACCEPT or REJECT decision with a Valid Age tag, backed by privacy-preserving Boolean threshold flags (age18Plus, age21Plus, age25Plus), so your application receives only the eligibility answer it needs.

📘

Socure remains neutral on regulatory policy.

Socure does not determine which ages, states, or methods apply to your use case. You configure the state rules, thresholds, and escalation paths that match your compliance requirements. See Regulatory handling.


Common use cases

  • Age-restricted content and platforms
  • Alcohol, tobacco, vaping, and cannabis commerce
  • Online gaming, gambling, and sports betting
  • Marketplaces and social platforms with minimum-age requirements
  • Any workflow that must confirm an age threshold while minimizing friction and data exposure

Available assurance methods

Age Assurance orchestrates two categories of method. Cherry-pick a single method, run several independently, or chain them into a waterfall that escalates only when a method returns no result.

Passive methods

Passive methods infer an age threshold from signals the user already provides, with no photo or document capture.

MethodInputWhat it doesTypical use
Device-basedDevice session token (SDK)Matches a device to a historical identity in Socure's Identity Graph.First step when a device signal is available and rules allow it.
Phone-basedPhone number (optional name)Resolves an age threshold from an identity linked to the phone number.When a device signal is unavailable.
Email-basedEmail (optional name)Resolves an age threshold from an identity linked to the email address.As an additional passive fallback.

The Digital Intelligence SDK captures the device session token and passes it in the evaluation request — you don't collect it manually.

Phone- and email-based methods can trigger a one-time passcode (OTP) to confirm possession. OTP runs only when RiskOS™ finds an identity.

Active methods

Active methods estimate or read an age from a capture the user provides through the Predictive DocV capture application. They run only when a passive method can't resolve age or your policy requires a capture.

MethodInputWhat it doesTypical use
Selfie-basedSelfie image with consentEstimates an age from a facial image, with liveness and injection checks.Where a document is not required.
Document + selfieGovernment document (± selfie)Reads the age from a verified government document, with the same checks.Where a jurisdiction requires a government document.
🔒

Privacy by design.

Final customer-facing responses never include a date of birth, an exact age, an age range, raw PII, images, or confidence scores. Age Assurance returns Boolean threshold indicators only. See Privacy and data handling.

Age Assurance bills only when a method returns a usable result. For the full billing model, see Billing behavior.


High-level runtime flow

The following diagram shows the conceptual execution flow. When your application submits an Evaluation request, RiskOS™ runs the passive and active methods your workflow configures:

  • The client submits an Evaluation request with the available inputs.
  • RiskOS™ executes the configured passive methods.
  • A method that returns a result ends the evaluation and returns a decision immediately.
  • A method with no hit — or no matching input — falls through to the next configured method.
  • Active verification occurs only when required.
  • The final response returns a privacy-preserving ACCEPT or REJECT decision with a Valid Age tag.
flowchart TB
    A["Evaluation request received"] --> B["Device Age Assurance"]
    B -->|Meets threshold| Z["Return privacy-preserving decision"]
    B -->|No hit or no input| C["Email Age Assurance"]
    C -->|Meets threshold| Z
    C -->|No hit or no input| D["Phone Age Assurance"]
    D -->|Meets threshold| Z
    D -->|No hit or no input| E["Active verification: selfie or document"]
    E --> Z

The exact sequence depends on the workflow configured during implementation. See Configure the Workflow.


Regulatory handling

Age Assurance is fully customer-controlled. Socure remains neutral on regulatory policy and doesn't decide which rules apply to your business. Your workflow defines:

  • State rules — which methods and thresholds apply in each jurisdiction.
  • Thresholds — which Boolean threshold flags (age18Plus, age21Plus, age25Plus, or others) gate your decision.
  • Escalation paths — when to fall through from a passive method to an active one, and which active method to require.

Thresholds are customer-configurable and can evolve over time.


Get started


Related


Did this page help you?