Guest contributor: Sandy Porter – co-founder and strategy director of Avoco Secure.
My personal life offline is a complex arrangement of multi-directional trust. My Online relationships and most offline ones with commerce and organisations, is in the main one directional; companies establish if they trust me and in the main do almost nothing to assist me in trusting them or anyone else I interact with. Even those who achieve bi-directional tend to be more heavily biased – checking me, rather than allowing me to check them. This needs to change.
Most online sites don’t require verified identity attributes. They simply need to establish I am located in the UK and I am, for example, between the ages of 12 and 14, or over 18, if I am accessing restricted services. Services, to improve trust in a consumer driven economy, should obtain consent to use mine or my child’s data and this consent process should be part of an overall interactive, yet seamless, journey. Adding the weight of assurance to the process is the use of third parties to carry out this verification. Adding in trusted third party sources, expands the trust model, especially when this data is not disclosed in full to that party but is obfuscated, or only partly revealed. It is not just about accessing adult content, alcohol etc. but it’s also about adding safety mechanisms to chat rooms and social media. Making sure 8 year old children are not in 17 year olds chat rooms, is not just about bullying; we also need to ensure 50 year olds are not accessing youngsters chat rooms.
If I want to access government services like applying for a passport, there is a need to identify me by requesting my name, DOB, address, photo etc. But supplying this Personally Identifying Information (Pii) elsewhere, without my control, should stop. This is particularly true if these data need to be verified as this can increase identity theft. Supplying DOB for Age verification should end.
A major stumbling block in the creation of age verification frameworks has been the ability to access verified data for young people. This should no longer be an excuse to avoid doing anything about it. As this problem is now being addressed. The first steps have been made and progress will be discussed at the Trustelevate symposium. Services need to be delivered in stages and age verification is the first attribute that allows a progression towards trusted, privacy enabled, age verification services.
Whilst companies may not be compelled by legislation to behave responsibly, there are drivers for them to do so. Compliance officers within a company are looking to de-risk a company’s potential liability and exposure to legal actions from parents. This is not only a negative protection issue – trust online is the cornerstone to building a brand and creating customer loyalty. Trusted companies will prosper and retain customers. In the online context there is nothing more precious to a parent than their child’s security and safety. Brands who are able to deliver on this will not only protect and enhance their brands publically, they will also generate customer loyalty with parents. – trusted companies will translate into recurring revenue generation.
Avoco Secure delivers Trust Platforms that are deployed for Attribute Services, Identity Assurance Services or a combination of both. The dynamic flexibility of the Trust Platform incorporates configurable business rules and tokenized data making it ideal for age verification, attribute and identity services.
This post is part of a series of expert blogs that are being published in the run up to the Online Age Checking: The Time Has Come symposium, which will be held at the British Library on September 22.
Book your place at the upcoming symposium to listen to a wide range of experts share their views about online age checking and the scope for a data exchange eco-system to provide the commercial sector with age attributes (under 18s) in a permissioned, privacy enhanced manner, ensuring security of personally identifiable information (PII) at all times.