As age verification becomes mandatory in more places, teams need a clear rule for returning users. A full ID upload and liveness check on every visit is secure but costly in friction, and users will look for workarounds or abandon the flow. Most implementations separate first-time verification from returning users.
First-time verification flow
First time: the user proves identity and age (e.g. ID scan plus liveness). The system establishes that this person is over the required age and, in privacy-preserving setups, does not retain the document or face image. It may retain only a secure, non-reversible representation (e.g. an embedding) so the same person can be recognised later.
Returning users: a 3-second face check
Returning users: instead of asking for the ID again, the service runs a quick check, for example a short liveness or face match against the earlier session. If it matches, a new signed token is issued. The user gets a fast, low-friction experience; the platform still gets a fresh verification and audit trail. In ecosystems where multiple sites share the same age-verification provider, the user may verify once and then re-prove age on any partner site with a single step (e.g. face-only), reducing repetition across the web.
Why the split improves conversion and compliance
Designing for this split, with full verification once and reverification when returning, improves conversion and compliance while keeping the bar high for initial proof of age.
