As the world moves towards requiring age assurance in more services and more locations, the industry has many questions. How will users react when required to prove their age? How will age assurance requirements affect retention, engagement, and monetization?

In this article, we’ll try to demystify the data, dispel some common misconceptions, and provide some context for how to define and measure a successful age assurance roll-out, based on our experience. We’ll also share our tips for how to ensure your age assurance rollout is as successful as possible. 

‍

Meet “Bouncer Bob”

In order to best understand the data, we find it helpful to use a real-world analogy. Imagine you run a club, and the law requires you to distinguish between children, teens and adults. To comply with this law, you hire a bouncer – we’ll call him Bouncer Bob. What are you looking for with respect to Bouncer Bob’s performance? 

First, there are the “non-negotiables” required so that the club doesn’t get shut down:

• Bob’s age verification decisions must be reasonably accurate. This means both that Bob must determine people’s ages within specific legally-defined accuracy thresholds, and also that Bob must be reasonably good at spotting when people try to trick him (e.g., partygoers who show fake IDs, who try to look older, or who keep trying over and over).
  
  
• Bob must handle users’ data in a compliant (i.e., privacy-preserving) way. Obviously, if Bob was found holding onto people’s IDs or otherwise misusing the information that people gave him at the door, that would be unacceptable. Bob has to be trusted to handle people’s data - and ideally, he should be independently certified to do so.
  
  
• Bob must use only proportional verification methods for each scenario. Some laws require different verification types based on the risk posed by the underlying activity. In some cases, Bob can let people through so long as they clearly look over 21, but in other cases Bob might need to check a government ID. Bob needs to know what methods of age verification are appropriate to use in each scenario.
  

k-ID’s tech already takes care of these non-negotiables. But beyond that, how can we measure if “Bob” is doing his job well?

‍

How to measure success

One of the most popular indicators for any user sign-up or engagement funnel is to analyze drop-off, or “churn.” This is the proportion of users who at each stage of sign-up choose to stop and not bother continuing. These are really important metrics, and anyone who has seen data on any type of user funnel will know that the drop-off is critical.  Even slight changes can impact how many users choose to continue.

Particularly when adding age assurance (a relatively “active” step for a user), there is a natural tendency to focus on drop-off rate. This is of course important, but it’s a delicate balancing act. For one thing, the objective of the age assurance exercise is to ensure that only users above the relevant age get in or access the particular content. Taking our example, if Bouncer Bob simply let everyone in, then he wouldn’t be a very good bouncer! 

So, what does that mean for drop-off in the age assurance context, and what is “normal”? Drop-off can ultimately affected by a wide range of factors:

• Where the age assurance step sits in the user journey.  Some laws require age assurance at the account level, while other laws require age assurance only before accessing adult content. The users who decide to abort the age assurance check during sign-up might be more impactful to the platform as a whole, while the relative proportion of users who abort the check when they access a feature might actually appear much higher because – let’s face it – for most users, clicking on an NSFW image and getting asked to verify is one of those moments a lot of people back away from.
• Demographics of the platform. If a club is particularly popular with bots, fraudsters, or kids, drop-off might be higher than for a service already frequented mainly by adults. 
• The methods available to verify age.  Age assurance as a whole is still a very new thing for many consumers. Privacy, time needed, familiarity – there are lots of reasons that contribute to whether a person trusts what they are being asked to provide in order to prove their age. A lack of verification options can increase drop-off; in contrast, as consumers get used to verifying themselves for one service, they are more likely to verify elsewhere – especially if there’s a way that first verification can be reused (more on that later!)

So, beyond drop-off, what factors should one look at? 

‍

The factors to watch closely

Returning to our central analogy, in addition to the legal “non-negotiables,” here are some other things we recommend considering when evaluating Bouncer Bob’s performance:

1. Is Bob fast? There’s a huge crowd outside, how quickly can Bob get them in (or out)? Is the average wait time getting faster over time?
2. Is Bob’s communication clear and friendly? Do people at the door understand what they need to do to prove their age and get through? Do people trust Bob, or does his approach scare away legitimate customers?
3. How is the club doing in general? Are the people who got in the club happier and more comfortable now that Bouncer Bob is here?
   

These factors are sometimes overlooked, but they’re critically important. At k-ID, when a user initiates an age assurance check, we track their journey through the process up until the age check is complete. With respect to speed, we track the time it takes to complete verification, broken down by the method used, and longitudinally as the rollout progresses. With respect to user communication and friendliness, we measure pass/fail as a baseline, but also use a few additional categories we use to classify users:

• User did not proceed: the user decided not to go through verification.
• Suspicious activity detected: we caught the user trying to break the system.
• User initiated verification, but didn’t complete it. This might be because the user misunderstood the instructions or encountered an error. This last category is what we tend to focus on the most from a UX perspective: we want to ensure that everyone has a smooth experience!

Lastly, for the third factor above (“how is the club doing?”), we work closely with our clients to review the holistic health of their service, paying close attention to overall engagement and monetization over time. 

‍

Tips for a successful integration

These are some of the best tips we’ve come up with to ensure a smooth integration of age assurance technology:

1. Communicate early and often. No one likes surprises - early opt-in periods and proactive communication greatly improves customer sentiment. Reminding users that the changes are due to legal requirements helps them understand the context, while reassuring them at multiple points that the information they use to verify themselves will not be stored improves trust. 
   
   
2. Think about the placement of age assurance within the flow.To the extent permissible by applicable laws, you might want to consider triggering age assurance only at the point a user wants to engage with certain high-risk features or content within your service. This can minimize the overall user impact of the rollout.
   
   
3. Employ as many verification options as possible. Regulators have consistently pressed for a “waterfall” approach, firstly, taking implied signals from either behaviour or other reliable sources; then offering users light-touch options like tokenized age signals; through to active methods like facial age-estimation and ID verification, among many other options. An effective waterfall is critical when it comes to a successful age assurance roll-out: more choices means less friction, and more redundancy improves the overall reliability of the technology stack.
   
   
4. Impose a reasonable Rate limit. In order to prevent bad actors from attempting age assurance over and over, regulators are increasingly requiring a reasonable rate limit. A good rate limit of a few attempts per 24-hour period prevents bad actors from breaking or overloading the system, while still allowing a few chances for legitimate users to get comfortable with the technology.
   

Last but certainly not least, the best and most convenient way to ensure a smooth age assurance rollout is to allow users to reuse their proof of age from a previous verification. As age assurance requirements become more widespread on the internet, having a “Bob” that needs to check your ID for each site visit will quickly become tiresome. Much like a “21+” wristband, k-ID developed AgeKeys in order to allow users to save their age proof as an AgeKey once, and then use it anywhere else it is accepted. Read more about AgeKeys and the platforms that are adopting it here.

k-ID is constantly looking for ways to innovate, explain, and improve the compliance journey for our customers and their users. Understanding what “good” looks like will help everyone better prepare for a future where online age assurance is as commonplace and as benign as seeing ol’ Bouncer Bob at the club.

‍