3 - How Age Verification Works

XYZ_Admin

How Age Verification Works

This guide explains the two verification tiers, how the system determines which tier to use, and what the visitor experience looks like.

Overview

When a visitor arrives from an age-gated region, the plugin creates a verification session through the XYZ API. The visitor completes the verification on their phone or desktop, and upon success, a signed cookie is set so they can browse freely for the cookie's lifetime.

The system does not attempt to determine or estimate a visitor's exact age. Instead, it classifies the probability that the visitor is a minor. This approach focuses on regulatory compliance — confirming that a visitor meets the minimum age threshold for the region — without collecting or storing age data.

Tier 1: Face Liveness Check

Tier 1 is the default verification method. It uses a brief face liveness check to determine whether the person is likely a minor.

How it works:

The visitor is presented with a QR code or a direct verification link.
On their phone (or webcam), they complete a short face liveness check — a few seconds of looking at the camera.
The system analyzes the liveness frames to classify the minor probability.
If the probability is below the configured threshold, the visitor passes.
If the probability is above the threshold but below a higher "obvious adult" cutoff, the visitor is escalated to Tier 2.

What Tier 1 does NOT do:

It does not estimate the visitor's age in years
It does not store any face images or biometric data
It does not perform facial recognition or identity matching

Tier 1 is fast (typically under 10 seconds) and non-invasive. Most adult visitors will pass Tier 1 without issue.

Tier 2: Government ID Verification

Tier 2 adds document verification on top of the Tier 1 liveness check. This is used when:

The region's rules require ID verification (configured per-region)
The visitor's Tier 1 result was inconclusive (minor probability was elevated)
The region's minimum age is not 18 (non-standard thresholds require date of birth extraction)

How it works:

The visitor completes the Tier 1 liveness check first.
They are then prompted to photograph their government ID (passport, driver's license, etc.).
The system extracts the date of birth and expiration date from the ID.
The system calculates the visitor's age and confirms the document is not expired.
The system compares the face on the ID to the liveness selfie to confirm the same person is presenting the document.
The system checks for signs of a fraudulent or AI-generated document.
If the visitor's age meets the region's minimum and all checks pass, they are verified.

Privacy protections for Tier 2:

Only the date of birth and document expiration date are extracted from the document. Name, address, and ID number are not extracted or stored.
The date of birth is used for age calculation during the session and then discarded — it is not retained.
The document image is processed in real-time and immediately discarded.
Face comparison is done in-memory and the images are not retained.

How the Tier Is Selected

The tier is determined by a combination of factors:

Region configuration: Each region can require Tier 1 only or Tier 1 + Tier 2 (ID required). This is set in the region settings.
Minimum age: If a region's minimum age is anything other than 18, Tier 2 is automatically required. This is because Tier 1 can only classify minor probability — it cannot determine whether someone is 19 vs. 20. Checking a specific age threshold (like 21) requires the date of birth from an ID document.
Escalation: Even if a region only requires Tier 1, the system may escalate to Tier 2 if the Tier 1 result is inconclusive. This prevents borderline cases from slipping through.

The Visitor Experience

Desktop Visitors

Visitor navigates to an age-gated page.
They are redirected to the age gate page.
They see a QR code and instructions.
They scan the QR code with their phone to start verification.
The desktop page polls for status updates and redirects automatically when verification completes.

Mobile Visitors

Visitor navigates to an age-gated page on their phone.
They are redirected to the age gate page.
They tap a button to start verification directly on their phone (no QR code needed).
After verification, they are redirected back to the original page.

Verification Cookie

After successful verification, the plugin sets a cryptographically signed cookie. On subsequent visits, the MU plugin checks this cookie and allows the visitor through without re-verification. The cookie is signed with HMAC-SHA256 using a per-site key, so it cannot be forged.

Credit Usage

Each verification attempt consumes credits from your monthly allocation:

Tier 1 liveness attempt: 1 credit
Tier 2 document attempt: 2 credits

Note that credits are consumed per attempt, not per session. If a visitor fails Tier 1 and retries, that's 2 credits. If they pass Tier 1 and then complete Tier 2, that's 1 + 2 = 3 credits.

See Understanding Credits for more details on credit tracking and limits.