Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    HackTheBox Logging

    July 18, 2026

    CISA urges immediate action on actively exploited Fortinet flaws

    July 18, 2026

    US charges two over laundering $43 million from investment fraud

    July 18, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»The Future of Age Verification: Your Face Never Leaves Your Device
    News

    The Future of Age Verification: Your Face Never Leaves Your Device

    adminBy adminJuly 18, 2026No Comments8 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    On-device age verification

    Age checks are becoming law worldwide. The question is no longer whether platforms verify age, but what happens to the faces they collect — and whether they need to collect them at all.

    By Ricardo Amper, Founder & CEO, Incode Technologies

    More than 30 age assurance laws are now in force worldwide. The UK is enforcing the Online Safety Act’s “highly effective” age check requirement, with restrictions on under-16 access to social media planned for spring 2027.

    Australia’s under-16 rules took effect in December, and the government has signaled its intent to double maximum fines to $99 million after early waves of non-compliance. Brazil’s Digital ECA became enforceable in March 2026, now half of U.S. states now mandate some form of age verification.

    Facial age estimation has emerged as one of the most accessible ways to comply. It needs no government ID and no database lookup, which makes it workable for users of all age groups, including those with no documents to show.

    In regulated markets, Incode’s data shows users choose it eight out of ten times over other age assurance methods. But it asks people for one of the things they feel least comfortable sharing: their face. And until now, nearly every implementation has worked the same way — capture the face, send it to a server, run the estimate there.

    The problem with server-based age estimation

    The record shows why that is a growing liability, especially for vendors relying on third party tech stack. According to the Identity Theft Resource Center’s 2025 Annual Data Breach Report, the U.S. recorded 3,322 data compromises last year — a record high and a 79% increase over five years — while supply-chain breaches doubled over the same period.

    The same organization found that 63% of consumers have expressed serious concern over biometric data collection.

    Meanwhile, the attacks are scaling faster than the defenses. Across more than 7 billion identity verifications processed on its platform, Incode has tracked the rise of agentic fraud — fraud attempts carried out with the help of AI agents.

    In 2024, agentic fraud made up 3% of fraud attempts. By the first quarter of 2026 it had reached 40%, and Incode estimates it will exceed 90% within the next 18 months.

    Incode’s facial age estimation and passive liveness models now run entirely on the user’s phone, tablet, or laptop – the face is never transmitted and never stored.

    See how platforms can meet age assurance requirements worldwide without the user’s face leaving the user’s device.

    See How It Works

    Privacy by policy vs. privacy by architecture

    The industry’s standard answer has been a privacy policy: a written promise that biometric data will be handled with care and deleted after the check happens.

    A policy is a legal document. It is not a security control. It cannot stop a breach, an insider, or a compromised vendor; it can only assign responsibility afterward.

    Privacy by architecture is a different proposition: build the system so the sensitive data never becomes accessible in the first place. If a face is never transmitted, it cannot be intercepted.

    If it is never stored, it cannot be breached. Users do not have to trust anyone’s word. Privacy stops being a promise and becomes a fact of the architecture.

    A $100 million commitment, in two parts

    Last month, Incode Technologies, a leader in AI-powered identity verification and fraud prevention, announced a $100 million commitment to advancing privacy-preserving identity infrastructure, alongside its acquisition of Identiq, a company specializing in privacy-enhancing cryptographic solutions for peer-to-peer anti-fraud collaboration.

    The funds are directed at on-device processing capabilities, continued R&D in privacy-enhancing technologies, and expanded engineering resources and global footprint.

    Two weeks later, the first product was made public. On-Device Age Estimation, launched in July, the first time Incode’s proprietary models run fully on the user’s own device.

    Both trace back to architectural decisions made at the company’s founding: verification driven by AI rather than by human access to biometric data, processing pushed to the user’s own device, and fraud collaboration designed to work without exposing data.

    Part one: age checks where the face never leaves the device

    On-Device Age Estimation runs two of Incode’s models directly inside the user’s phone, tablet, or laptop: facial age estimation and passive liveness detection, which confirms that a real, live person — not a photo, a deepfake, or a replayed clip — is in front of the camera. The face is analyzed locally and is not transmitted or stored.

    What travels onward is the outcome: whether the user meets the platform’s required age threshold. If the check cannot be completed for any reason, the user is automatically offered another verification method selected by the platform.

    Making that possible meant shrinking the models. Incode compressed both to roughly a tenth of their original size using knowledge distillation — a technique in which a compact model is trained to reproduce the judgments of a much larger, more accurate one.

    The resulting models are small enough to run inside an ordinary browser or app, across a wide range of devices, with no special hardware required.

    Because the face is analyzed on the user’s own device, there is no technical way for Incode or any client platform to access a biometric or face image. In plain terms: the user proves their age. The face stays on the device.

    Why does anything reach a server at all?

    An age check that is easy to cheat protects no one. What the device alone cannot fully rule out is tampering with the session itself — an injected camera feed, for example, or a manipulated device. Incode’s server-side layer analyzes session metadata — when and how the session happened, and the characteristics of the device and connection — to detect injection attacks and tampering.

    That data contains no facial or biometric information; it exists for fraud detection and session integrity.

    Without it, minors could appear as adults and adults as minors, and the result would be worthless for safety and compliance.

    Those defenses carry the record of the environments they came from. For more than a decade, Incode’s models have operated in some of the most attacked environments online — banks, fintechs, healthcare, and other high-stakes services where fraudsters bring deepfakes, injection attacks, and replayed video every day.

    Incode’s security layer achieves 99% spoof detection across deepfakes, injection attacks, replay attacks, and physical spoofing — the same anti-impersonation standard trusted by eight of the top ten U.S. banks — and has flagged more than 1 million face attacks across Incode’s platform in 2026.

    On-Device Age Estimation is the first enterprise-ready offering to combine on-device age estimation with those defenses — a combination the company believes can reset the standard for how platforms verify age worldwide.

    Part two: fighting fraud together without pooling the data

    The second part of the commitment addresses a different exposure: the way institutions share fraud intelligence. Fraudsters collaborate across institutional boundaries; the institutions defending against them typically work alone, each seeing a fraction of the threat data.

    The traditional fix — pooling customer data across institutions — solves one problem by making the other worse. Central data lakes are precisely the kind of target the breach statistics describe.

    Identiq spent nearly a decade and invested more than $50 million developing patented privacy-enhancing technology that lets organizations share fraud signals without exposing customer data to any third party.

    No central data lakes. No data brokerage.

    Integrated into Incode’s platform, that work is projected to reach billions of verifications annually, adding network fraud intelligence to the platform’s capabilities.

    “Every institution shared the same concern with us: how do we fight fraud together without giving up control of our customers’ data,” said Itay Levy, Co-Founder and CEO of Identiq.

    “Identiq built the answer to that very question. As part of Incode, that answer is now available to every organization that deals with massive amounts of user data.”

    The standard is being set now

    The pressure comes from both directions: regulation keeps expanding, and users are increasingly demanding more privacy-preserving ways to meet it. Regulators, meanwhile, are actively deciding which age assurance methods count as effective — which makes this the period in which the standard gets set.

    Incode’s position going into that period is a matter of record rather than roadmap: a compliance program spanning SOC 2 Type 2, ISO/IEC 27001, HIPAA Attestation of Compliance, FedRAMP Ready, the Age Check Certification Scheme (ACCS), and the Kantara IAL2 Component Services Trust Mark; more than 7 billion trust checks processed; and now a shipping product where the face never leaves the device, alongside fraud collaboration that never pools the data.

    “We have always believed that privacy and fraud prevention are not a tradeoff, but part of the same problem — solved together or not at all,” said Ricardo Amper, Founder and CEO of Incode.

    “Age checks are becoming law around the world. Our job is to do what we can so that proving your age asks as little of the user as possible.”

    Try Incode’s On-Device Age Estimation

    See how On-Device Age Estimation lets platforms meet age assurance requirements without the user’s face leaving the user’s device, and book a walkthrough for your team: incode.com/privacy

    Sponsored and written by Incode.



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleWordPress Core “wp2shell” RCE flaws get public exploits, patch now
    Next Article US charges two over laundering $43 million from investment fraud
    admin
    • Website

    Related Posts

    News

    CISA urges immediate action on actively exploited Fortinet flaws

    July 18, 2026
    News

    US charges two over laundering $43 million from investment fraud

    July 18, 2026
    News

    WordPress Core “wp2shell” RCE flaws get public exploits, patch now

    July 18, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Our Picks

    HackTheBox Logging

    July 18, 2026

    CISA urges immediate action on actively exploited Fortinet flaws

    July 18, 2026

    US charges two over laundering $43 million from investment fraud

    July 18, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.