Biometric age estimation: Pinpointing the benefits and challenges
By Hal Lonas, Chief Technology Officer, Trulioo
The expanding global digital economy and the convenience it provides have also led to greater risks of fraud, access to private information, and underage people viewing or purchasing adult material.
Biometric facial recognition and age estimation technology have matured considerably in the past few years and can provide powerful signals to help limit those risks. However, age estimation through biometrics is only as good as the machine learning and trained data behind the verification process.
It takes years to develop accurate biometrics. Facial biometrics can seemingly work across a limited-scale deployment but return poor results at larger scales.
But it’s important to keep in mind that all machine learning and artificial intelligence (AI) used for classification are exercises in probability. It’s critical to train and test models across a representative variety of geography and population and then use the returned signals as guidance rather than absolutes.
When evaluating biometric age estimation, there are three key areas that raise important questions.
Bias and Model Training
- How are we arriving at the most accurate estimation through biometric facial recognition?
- Is there bias in the model?
- Are we using sufficient training data and then updating the model in a well-tested and controlled way?
- Does the facial data used in training represent the broadest possible sample of the population?
- What is the tested accuracy of the model, and do entities that use a model publish their accuracy results to potential customers and users?
If the process and data behind age estimation are substandard, they pose a more foundational problem that physical science laboratories such as the National Institute of Standards and Technology can address by establishing model requirements.
Regulatory Guidance and Privacy
- Do regional laws support using facial biometrics for age estimation?
- Will each person need to consent before use?
Regional differences and local law can present complex challenges.
- How does biometric age estimation fit into the larger composite of identity verification tools?
- Will it be among the verification options organizations can select and customize, through workflows and APIs, based on location and transaction type?
- Can the verification also use other components, such as automated identity verification through data sources or government-issued documents?
Consider, for example, people who want to buy alcohol online. They might first have to provide a selfie to get an age estimate.
If the certainty of that estimation is high, no further check is needed. But if it’s low, they might have to provide a name, birthdate and address to verify. If that’s not enough, they could be asked to provide a picture of their driver’s license, which would have to match their selfie.
All those steps could be managed through a workflow process with a logic flow determined by the outcome of previous steps.
Overcoming Age Estimation Challenges
Age estimation presents several potential hurdles. Some countries, notably Australia, have experimented with it and then pulled back in light of the challenges.
The hurdles Australia encountered revolved around three themes.
Where Is the Age Checked?
Why not just conduct age estimation at every website and use that information to determine access? That would require users maintain trust across the many websites they visit.
But are all website implementations uniform and proper?
Those concerns call for age estimation implementation by one or a few designated and trusted experts in the technology to ensure uniformity and best practices.
How Is the Age Checked?
If AI and machine learning are used for age estimation, every effort should be made to remove bias.
Bias was among the reasons Australians pulled back from the experiment. Removing bias is hard, but it’s necessary to gain user confidence in the system and make sure no group is left behind.
Where Does the Data Go?
Data retention can be a significant problem. Users have a right to know how their captured data is used, how long it’s retained and where it goes, especially if it crosses international borders.
Best practices now dictate data either can be used and retained for only a short time or not at all. But that also presents challenges.
Do people have to go through the same process whenever they go to the same website? Or will some entity retain information to let them back in on subsequent visits? Users can always provide their preferences, but that also requires some kind of tracking.
Biometrics is a crucial element in identity verification, especially as regulatory requirements adapt to emerging fraud threats and entities seek greater accuracy and automation. A pragmatic approach is to mix biometric age estimation with other verification tools to create a rich identity composite.
About the author
Hal Lonas is Chief Technology Officer at Trulioo.
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.