Proposed bank verification system builds on age assurance proposals

My research on online alcohol sales has pointed toward a single, glaring vulnerability in e-commerce: the point of transaction lacks a reliable, privacy-preserving mechanism to verify age.

When we published our initial findings with Alcohol Change UK, and followed up with the Institute of Alcohol Studies (IAS), our primary recommendation raised eyebrows but made perfect logical sense: we need to leverage bank authorisation. We argued that instead of shifting the burden onto delivery drivers or forcing consumers to upload sensitive passport scans to third-party sites, the financial sector was uniquely positioned to act as the ultimate source of truth.

UK Finance recently announced a major milestone that directly mirrors the spirit of these recommendations: a voluntary, financial services-led digital verification service backed by Barclays, HSBC, Lloyds Banking Group, Nationwide Building Society, NatWest Group, and Santander.

Same core vision, expanded horizons

Whilst the newly proposed UK Finance service uses a different technical mechanism than our original framework, it is built entirely on the foundational ideas we put forward.

In our earlier research, we focused on the payment mechanisms themselves. We specifically explored how specific Merchant Category Codes (MCCs) or modified 3D Secure (3DS) card authorisation checks could be used to prompt an age check right at the point of purchase (Muirhead & Grout, 2020). The new industry proposal takes a slightly different avenue, utilising a dedicated digital identity sharing framework ecosystem orchestrated by Select ID.

However, the underlying philosophy is identical: leveraging the deeply trusted, already-verified data held by your bank to instantly prove who you are online without creating massive friction.

Crucially, because this approach establishes a broader identity verification pipeline rather than just a payment-gate check, it unlocks a massive advantage: it allows for the secure verification of far more than just age. Under this new model, consumers can choose to share verified attributes like:

• Full name
• Current address
• Date of birth or specific age thresholds (such as "Over 18: Yes")

This means the system does not just solve the online alcohol puzzle. It creates a reusable trust framework for any digital transaction where verifying a user's attributes is critical for safety or compliance. Current checks for age or address verification often utilise credit checks and electoral roll data, requiring the use of third party systems that may be out-of-date and offer incomplete information.

Why a bank-led ecosystem beats a centralised government ID

The launch of the UK Finance initiative arrives at a highly contentious moment in the digital identity landscape. The UK government is currently consulting on its own plans for a centralised, state-issued digital ID framework designed to streamline public services and right-to-work checks. While both initiatives aim to digitise trust, the commercial, bank-led model offers distinct advantages over a single state-run system, particularly regarding privacy, public trust, and commercial agility.

First, a bank-led approach completely sidesteps the political friction and surveillance anxieties inherent in a state-managed identity document. Centralised government databases naturally trigger concerns over state overreach, tracking, and the risk of a "honeypot" for hackers. In contrast, the financial sector operates on a highly federated model. Consumers already trust their banking apps to secure their most sensitive financial transactional data on a daily basis.

Second, the bank-led service excels in data minimisation through attribute-level verification. When a user presents a government ID, they are often forced to share an entire data profile, including biometric photos and nationality status. The UK Finance ecosystem allows for zero-knowledge style validation, passing a simple automated confirmation to the merchant without revealing the underlying document or linking distinct government databases.

Finally, commercial scalability is vastly superior within the banking sector. Merchants are already deeply integrated with open banking APIs and card processing rails. Adding an identity verification layer to an existing checkout workflow is a natural operational upgrade for a retailer, whereas integrating a rigid, state-controlled infrastructure presents significant administrative and technical friction.

The alignment: From research paper to real-world proof of concept

Traditional age gates (like typing in a date of birth or checking a self-declaration box) are trivial to bypass (Muirhead & Grout, 2020). Furthermore, checking IDs at the door puts immense pressure on delivery staff and fails to stop the transaction at the actual point of sale.

The mechanism proposed by the banks successfully bridges the practical and ethical gaps we identified in our studies:

1. Point-of-sale verification: Rather than checking age post-purchase at the doorstep, the bank-led service validates the customer's credentials during the checkout process. This fulfils the UK government guidance that the age check should be performed on the purchaser.
2. Privacy by design: A massive hurdle for modern consumers is identity fatigue and privacy concerns over uploading physical document photos to unknown retail databases. This system uses existing, heavily vetted data to verify a single attribute with explicit customer consent, keeping your raw data safe.

Moving from voluntary to systematic

The progress made by UK Finance, including successful proofs-of-concept using synthetic data and upcoming live pilots, is an incredible win for online safety and digital commercial infrastructure. However, looking at this through the lens of our research, two critical factors will dictate its success in solving the underage online alcohol purchasing problem:

1. Basket-level product flagging: As noted in our report on effective age-gating for online alcohol sales, supermarkets and retail platforms sell mixed baskets (Muirhead, 2021). For this bank-led system to protect minors effectively without blocking entire grocery orders, retailers must individually flag age-restricted items within online shopping carts to trigger the specific digital verification check at checkout.
2. Universal adoption: UK Finance highlights that this service will be strictly voluntary and retail-focused. While a fantastic first step, our pilot studies showed that minors will naturally gravitate toward platforms with the weakest friction. For this to truly revolutionise public health and safety, wide-scale merchant adoption and cross-industry cooperation are essential.

Looking ahead

It is incredibly rewarding to see industry infrastructure catch up with academic recommendations. By putting the verification power in the hands of the institutions that already hold verifiable data (our banks), the UK is paving the way for a digital economy that is both high-convenience and high-security.

As these live pilots roll out in the coming months, we will be watching closely to see how effectively retail checkout architectures integrate with banking apps to finally close the door on underage online alcohol sales and secure our wider digital transactions.

References

Muirhead, J. & Grout, V. (2020) Effective age-gating for online alcohol sales. Alcohol Change UK. Available online: https://s3.eu-west-2.amazonaws.com/sr-acuk-craft/documents/Effective-age-gating-for-online-alcohol-sales-Final-Report.pdf

Muirhead, J. (2021)  Preventing underage alcohol purchasing online using payment card details. Institute of Alcohol Studies (IAS). Available online: https://www.ias.org.uk/wp-content/uploads/2021/12/IAS-Preventing-underage-alcohol-purchasing-online-using-payment-card-details.pdf