New Zealand has launched a trust framework for digital identity, a crucial step towards the country's digital transformation.
Parental Onboarding: secure access to digital services for minors
Online transactions and services demand secure and effective processes to ensure that minors only access content and services appropriate for their age and under adult supervision.
S
imple, secure, and compliant with data protection regulations: this is what families expect from digital identification methods, especially when it concerns children and teenagers. Parental onboarding is a process specifically designed for a parent or legal guardian to validate and consent to a minor’s access to digital services, all in a single session with the minor present, through video identification of both. Whether it is to open a junior bank account or to register a child’s profile on a social network or gaming platform, the video identification process in parental onboarding follows a clear flow of dual identification, starting with the verification of the parent or legal guardian and then the identification of the child. It allows the procedure to be carried out on behalf of the child, placing all control in the hands of the legal guardian or ‘custodian’ and integrating it seamlessly into the customer journey.
Video identification can be carried out in two ways: assisted or unassisted, both designed to ensure maximum security, integrating advanced technologies such as artificial intelligence (AI) and multiple security measures. The choice between one method or the other depends on the user’s preferences, digital skills, and so on. The main difference is that, in the assisted mode, the person being identified receives real-time help from a fraud expert video agent and biometric data is not collected from the minor or the parent. In the unassisted mode, onboarding relies on on-screen visual guides with intuitive step-by-step instructions and biometric data usually needs to be collected.
The process would unfold as follows:
- Access to the service. The process starts when the guardian and the child access the service through a specific app or web platform. They can be together in the same physical space or in different spaces. From this point onwards, the session is secured and encrypted to ensure the safety of information and prevent unauthorised access.
- Request for consent for photographs and recording: User security is a priority, so before the verification process begins, consent is requested to capture images, record the session, and carry out the necessary identity checks. This consent is a legal requirement to appropriately process biometric data.
- Capture of identity document and selfie.– Assisted video identification: The user is guided in real time by a fraud expert who helps him/her to correctly capture the ID document on both sides. The agent, trained to detect suspicious behaviour and to act in case doubts arise about the veracity of the identity presented, gives precise indications on how to position the document in front of the camera to ensure that the information is clearly visible. In addition, a photograph is also taken of the faces of the two persons. The selfie will later be compared with the image of the document.
– Unassisted Video Identification: In this mode, the person follows the instructions on the screen to capture both the ID card and the selfie. The platform is designed to help the user correctly position the document in front of the camera, within guiding lines, and capture a clear image of their face. Although there is no human agent involved, security measures are equally stringent, with AI working in the background to ensure the legitimacy of the process and prevent any attempts at impersonation or manipulation.
- Verification of document and selfie through Facematch: Once the identity document and selfie are captured, a series of automated checks are carried out to validate the identity of the legal guardian. Facematch technology compares the facial features from the selfie with the image on the official document, ensuring that both belong to the same person. This verification is crucial in preventing fraud, as it ensures that the people carrying out the process are who they say they are.
- AI age calculation: After capturing selfies of both the legal guardian and the child, the AI not only compares the images with the identity documents to verify their authenticity, but also allows it to calculate the estimated age of both based on their unique biometric characteristics. This functionality is particularly valuable in parental onboarding, as it confirms that the guardian is an adult authorised to act on behalf of the child and that the child meets the age requirements for accessing certain services. This double check ensures that both comply with legal and security regulations.
- Additional security checks: To guarantee the highest reliability of the process, multiple additional security measures can be implemented. For example:– OTP (One Time Password): In some cases, a one-time password is sent to the user’s phone number, which must be entered on the platform to authenticate access to the service. This adds an extra layer of protection, ensuring that only the authorised person can complete the video identification.
– Liveness checks: During the session, certain movements (such as blinking or turning the head) are requested to confirm that the person is present in real time and that it is not a pre-recorded video. These liveness checks are a key defense against digital fraud.
– Deepfake detection: Artificial intelligence works in the background throughout the process to analyze the video and ensure that deepfakes or other visual manipulation techniques are not being used. If the AI detects any anomalies, the process is halted, and a potential fraud attempt is reported.
- Verification result: Finally, after all the necessary checks, the system returns a positive or negative result regarding the validity of the identity of the parent and the child.
Revocability: a key feature of parental identity verification
A fundamental aspect of parental onboarding is the ability to revoke consent. This means that a parent or guardian who has granted a minor access to a digital service can, at any time, withdraw that consent and revoke access without any commitment. Revocability is crucial for maintaining control and ensuring the safety of the minor, allowing parents or guardians to respond swiftly to any changes in circumstances or perceptions of security.
The implementation of revocation mechanisms must be straightforward and user-friendly, emphasising the dynamic nature of consent in a digital environment where conditions can change rapidly, necessitating adjustments to granted permissions.
Parental Onboarding overcomes the limitations of the self-declarations that can be found in many services today, which offer virtually no security.
Expansion possibilities: beyond the parental realm
The concept of onboarding has notable expansion potential beyond the traditional parent-child relationship. It can be applied in scenarios where one person needs to validate the identity of another within a context of guardianship or legal representation. A clear example is the onboarding of undocumented individuals, where a guardian or legal representative could verify their identity to grant access to essential services, acting as a form of “sponsor.”
In such cases, the individual in question is not a minor but an adult who, for various reasons, cannot complete the identification process on their own. This type of guardianship onboarding could be crucial for ensuring that vulnerable individuals or those in precarious situations can access basic services (such as banking or supplies) without being excluded from the digital system. By involving a guardian or legal representative, an additional layer of security and control is added, reducing the risk of fraud and unauthorised access.
Parental onboarding would be meaningless if it did not adhere to current regulations concerning data protection and minors, such as the GDPR (General Data Protection Regulation) in Europe and the Kids Online Safety and Privacy Act (KOSPA) in the United States. Recent updates to regulations, like NIST 800-63, also reflect the incorporation of such responsible onboarding practices.
Both assisted and unassisted video identification are designed to provide the highest level of security. Parental onboarding with video identification is not only convenient and flexible, but also a robust process that ensures only authorised individuals can grant access to digital services on behalf of the minor, protecting both the guardian’s and the child or adolescent’s identity involved.
The implementation of video identification in processes like parental onboarding brings profound benefits to society. This advancement not only enhances digital security but also fosters an environment where minors’ rights are effectively and contemporaneously protected, provided that companies and service providers maintain a strong commitment to privacy, compliance, and data minimisation. By allowing parents or guardians to validate and control children’s access to digital services, it encourages a more informed and secure use of technology.
Contact our experts in digital onboarding processes