Web merchants that sell age related products or services in the Netherlands (should) have a serious problem. They need to ascertain that their customer is at least the required age to be entitled to do a purchase of alcohol in a web shop for example or get access to a violent online game. There ought to be no room for doubt about the buyers’ age in internet transactions. Especially if you keep in mind that by law the merchant is liable for damages, and not the underage buyer.
This illustrates the need for online age verification services and that need is growing, as evidenced by several developments in the last year: Firstly, the Dutch government announced the raising of the legal drinking age for light alcoholic beverages to 18 years of age, making it attractive for young drinkers to circumvent the law via internet retailers. Secondly, judges forced video websites ‘Uitzending Gemist
’ and ‘RTL XL’ to delay the showing of age related content to after 22:00h in the evenings, a very strange concept for websites built to provide access ‘anytime, anywhere’. Finally the Ministry of Justice responded to questions in parliament by stating that the only way forward for online age verification was to wait for theeNIK
(the Dutch digital citizen card expected in 2015 at the soonest) or modify iDEAL
(the Dutch online banking e-payment scheme).
The status quo is that merchants wish to comply to the law, but there is no law-compliant solution at the moment. Some merchants try to make a best effort by checking the age at delivery of physical goods or requiring payment by credit card, but most web shops only ask for a self-declaration if the buyer is over 16 or 18 (‘Check this box if you are over 18’). The government does not enforce the laws mentioned at the start of this article, so as long as there is no recognized solution, this unregulated situation continues. This mindset does not help the market forward. If the government only sees iDEAL or the eNIK as the magic bullets for the market, there won’t be a viable solution for at least the coming three years.
We suggest that there are certainly more short term solutions available. Based on the impact and value of the good that is purchased (risk assessment), a merchant should have freedom of choice to select an age verification method that suits the situation. We see four solution categories that could be used in applicable situations:
- Self-declaration: Buyer states to the merchant that he has the required age
- Data validation: Merchant validates the age of the buyer in a trusted third party’s database (e.g.Experian, CDDN)
- Derived identity: Buyer identifies himself with a token that was issued in a physical issuing process where the date of birth was checked (e.g. bank credential, mobile phone)
- Direct identity: Buyer identifies himself with a government issued token (e.g. showing your passport via webcam to a specialized verification service such as ID-Checker)
It is better to solve part of the problem today rather than wait until we can solve all of the problem tomorrow (or rather: 3 years from tomorrow), by means of data validation solutions and indirect credential checking. This will at least provide merchants with more assurance than they have today, where self-declaration is the status quo. If we start now, and the government endorses this approach, the market can learn and evolve towards a more mature e-identity solution. By just waiting for the holy grail of a government issued online identity solution, we are delaying the market. The eNIK might be a great solution, but there are pretty good solutions available right now. Don’t let great become the enemy of good.
Jacob Boersma and Nick Smaling