The importance of anti-spoofing for facial age estimation

profile picture Matt Prendergast 4 min read

It has been claimed that facial age estimation technology can be easily spoofed. The proliferation of news on generative AI and deepfakes has added to the conversation, and there is doubt and concern over the security of online safety systems.

Suffice to say, we’ve thought of that. We have developed a suite of anti-spoofing tools to ensure your check is real, valid and accurate. Our experience working with organisations to implement age verification has enabled us to identify and cover risks and vulnerabilities.

When we perform an age estimation check, we are actually performing a number of security checks simultaneously. We’ve outlined three of the checks below. There are actually dozens of checks that happen at the same time, and some of these are commercially sensitive, but can be summarised as below. These checks all happen in under a second – as quick as 0.3 seconds to be exact.

  1. How old are they – our facial age estimation technology determines if someone is above or below an age threshold from a single facial image. This is the main check we perform, as long as the other checks are passed. 
  2. Are they a real person – our liveness technology prevents people from using an image, replay attack, mask or picture to spoof the age check (this is the most obvious, common and easily detectable form of attack). Crucially this is not facial recognition. 
  3. Is this image real – our SICAP (Secure Image Capture) technology confirms it’s a real image from the device camera. This is a more sophisticated but emerging threat where bad actors try to ‘inject’ an alternative image into the verification process and bypass the device camera with an AI generated image or deepfake. 

These checks make spoofing a facial age estimation extremely difficult. Not impossible, but it would require significant resources, time and expertise to beat the system. In most use cases where an age check is required, this effort would outweigh the reward. In scenarios where there is significant reward we would of course recommend further verification checks (and indeed that would likely be required by law or regulation). 

We carry out regular hacker testing and continue to raise the barriers by developing our security technology. We know that as technology evolves and bad actors raise their game, we must continue to develop our defences and anti-spoofing tools. 

We can also set confidence rates so that higher risk items, such as selling knives online, can have a higher security threshold. In comparison, when someone is using facial age estimation in person to buy an age-restricted item, there would be a member of retail staff present – making it extremely obvious if someone was attempting to spoof the system by wearing a mask and extremely difficult to practically bypass the intended device camera.

You’d be surprised what we can learn from a single facial image. Nothing about the individual person, like their name or date of birth. We’re not interested in that for an age check. But we can tell if they are pretending to be older or younger, or attempting to spoof the system.

Keep reading

Yoti Face Age estimation white paper document preview image

Facial Age Estimation white paper

Making it faster and safer to prove your age Our age estimation technology accurately estimates a person’s age by looking at their face. We built it to give everyone a secure and private way of proving how old they are in different everyday scenarios: from age checking on social platforms and online stores, to supermarket self-checkouts, bars and clubs. This privacy-friendly approach to age verification doesn’t require any personal details or documents, and all information is instantly deleted once someone receives their estimated age – nothing is ever viewed by a human.   Key takeaways from

2 min read
Free digital ID age checks poster with two smartphones showing two methods of age checks: Age estimation and Digital ID verified "age over" attributes

Free Digital ID age checks

With so much of our lives spent online – we can chat to friends, watch our favourite shows, and expand our learning – it’s so important to make sure children are only accessing age-appropriate content.  In the UK, the Age Appropriate Design Code (the ‘AADC’, also called the Children’s Code) will soon be complemented by the Online Safety Bill. In the US, California has passed its own version of the AADC which comes into force from 1st July 2024. An increasing number of US regulators are also bringing in legislation which requires social media and adult platforms to verify the

6 min read
User laying on bed looking at smartphone

How OnlyFans became the first UK subscription-based platform to protect children and create age-appropriate experiences

“Ensuring our users are over 18 is a priority for OnlyFans and an important element of protecting our community. We work with Yoti because their market leading age assurance technology provides the right balance between accurately assessing users’ ages and respecting their privacy.”  Keily Blair Chief Strategy and Operations officer at OnlyFans OnlyFans is the subscription social platform revolutionising Creator and Fan connections. OnlyFans empowers Creators from all genres to own their potential and gives them the opportunity to monetise the lawful content they produce and share. We helped them: Create age-appropriate experiences. Ensure that minors are

1 min read