Bank-verified identity is an age and identity verification method that confirms a person's details through their existing bank account. Instead of uploading a passport, taking a selfie, or submitting to a facial age estimation scan, the user logs into their bank through a secure Open Banking connection and the check completes in seconds. No documents are collected. No biometric data is stored. The bank confirms the person is who they say they are, using data that has already been verified when the account was opened.
For businesses, the distinction matters commercially. Signicat's Battle to Onboard research, surveying 7,600 consumers across 14 European markets, found that 68% of people have abandoned a digital onboarding process at least once. The top reasons were the process taking too long, too much personal information being required, and not having the right identity documents to hand. Bank-verified identity eliminates all three of those barriers.
How Bank-Verified Identity Works
The process has four steps, and from the user's perspective, it feels like logging into online banking.
- Step one: the user chooses to verify. On the business's website or app, the user is presented with the option to verify their age or identity. They select bank verification from the available methods.
- Step two: they select their bank. A list of supported banks appears. The user picks theirs. In the UK, this covers the major high street banks and building societies that participate in the Open Banking ecosystem, which was established under the Payment Services Regulations 2017 and is regulated by the Financial Conduct Authority.
- Step three: they log in and give consent. The user is redirected to their bank's secure login page. They authenticate using whatever method they normally use for online banking, whether that is a password, biometric login through their banking app, or a one-time code. They are then asked to consent to sharing a specific piece of information, typically just a confirmation of whether they are over 18.
- Step four: the check completes. The bank sends a response confirming the user's status. The user is redirected back to the original site or app, now verified. The entire process typically takes less than 30 seconds.
At no point does the user upload a document, take a photograph, or provide biometric data to a third party. The bank handles the authentication and data confirmation within its own secure infrastructure.
What Makes This Different From Other Verification Methods
To understand why bank-verified identity is gaining traction, it helps to look at what the person being verified actually has to do with each approach.
With document upload verification, the user needs to find their passport or driving licence, photograph it (often requiring adequate lighting and a flat surface), upload the image, and then wait for it to be processed. If the image is blurry, poorly lit, or the document is expired, the check fails and the user has to try again. Signicat's research found that 38% of people who abandoned onboarding did so because they did not have the required identity documents available at the time.
With facial age estimation, the user takes a selfie or enables their camera for a live video scan. AI analyses their facial features to estimate their approximate age. The technology is improving, but it produces a probability range rather than a confirmed fact, which creates accuracy challenges at boundary ages. A person who is 17 years and 11 months old may be estimated as 19, or a person who is 21 may be estimated as 16. Estimation systems typically add buffers to account for this, often only passing someone as over 18 if the estimate puts them at 21 or above.
With credit bureau checks, a database query runs against the records held by credit reference agencies. This can be effective, but it depends on the person having an established credit history and may leave a footprint on their credit file.
With bank-verified identity, none of these steps apply. The user does not need to locate a physical document. They do not photograph themselves. They do not expose their credit record. They log in to a system they already know and trust, give consent for a single data point to be confirmed, and the check is done.
The practical difference is significant. The UK government's Digital Identity Sectoral Analysis, published in 2025 and conducted by Oliver Wyman, Survation, and Perspective Economics across 3,561 consumers, found that 75% of digital identity users reported it was faster than using physical ID. The same research found that 79% of users said privacy and security were their top considerations when choosing a verification method.
Why Businesses Are Paying Attention
The commercial case for bank-verified identity centres on what happens when verification creates friction in the customer journey.
Every verification method a business deploys sits directly in their customer's path. If that method causes confusion, delay, or discomfort, it costs the business revenue. This is not a theoretical concern.
Research from Fenergo, surveying over 450 C-level executives, found that 67% of banks had lost clients specifically because of slow or inefficient Know Your Customer processes. That figure was up 19 percentage points from 2023, indicating the problem is worsening rather than improving. Signicat estimated that abandoned financial services onboarding processes cost the European industry approximately 5.7 billion euros per year.
The pattern extends beyond financial services. When Discord announced mandatory age verification for its 200 million monthly active users in February 2026, requiring facial age estimation and government ID upload, the response was immediate. Within 48 hours, users cancelled paid subscriptions in large numbers, searches for alternative platforms surged dramatically, and Discord was forced to issue a public clarification within 24 hours.
When the UK Online Safety Act enforcement began in July 2025, requiring age checks on sites hosting adult content, Proton VPN reported a 1,400 to 1,800 percent sustained increase in daily UK sign-ups. Half of the top 10 UK App Store downloads on enforcement day were VPN or identity verification apps. Users were spending actual money to avoid face scans and document uploads.
These are not edge cases. They represent a measurable pattern: when verification methods require documents, photographs, or biometric scans, a significant proportion of users will abandon the process, bypass it entirely, or leave the platform.
Bank-verified identity avoids triggering this response. The user is not being asked to trust a new system with sensitive personal data. They are logging into a bank they already use, through an interface they already recognise, to confirm a single fact. The familiarity and trust are already established.
Privacy By Design, Not By Claim
Every age verification provider in the market describes itself as privacy-preserving. The difference lies in the architecture, not the claim.
Document-based verification requires collecting a copy of the user's passport or driving licence. That document must then be stored, processed, and eventually deleted, all of which creates data liability. In October 2025, a third-party vendor handling identity documents for a major online platform experienced a breach that exposed 70,000 government IDs. The documents existed because the verification method required them.
Facial age estimation requires capturing a photograph or live video of the user's face. Even where providers state that images are processed and immediately deleted, the capture itself creates a moment of vulnerability and, for many users, a moment of discomfort. An Ipsos study found that 61% of the UK population believed the Online Safety Act would lead to personal data being compromised.
Bank-verified identity does not collect documents. It does not capture biometric data. It does not photograph the user. The bank confirms a yes-or-no response to the specific question being asked, and no underlying personal data is transmitted to the business or the verification provider. There is nothing to store, nothing to breach, and nothing to delete.
This is a structural privacy advantage, not a policy one. It is not that the data is handled carefully. It is that the data is never collected in the first place.
Regulatory Standing
Bank-verified identity operates within a robust regulatory framework. The Open Banking ecosystem in the UK is regulated by the FCA under the Payment Services Regulations 2017. The banks participating in the system are themselves regulated financial institutions with existing obligations around data protection, consumer authentication, and fraud prevention.
Ofcom's guidance on highly effective age assurance, published as part of the Online Safety Act implementation, lists Open Banking-based verification as a method capable of meeting the standard. The guidance specifies that compliant methods must be accurate, robust against circumvention, privacy-preserving, and accessible to all users.
OneID is certified under the UK Digital Identity and Attributes Trust Framework (DIATF), the government's certification scheme for digital identity providers. It is also regulated by the FCA and holds B Corp certification.
Who Uses Bank-Verified Identity
Bank-verified identity is used across sectors where businesses need to confirm age or identity as part of their customer journey. These include age-restricted e-commerce (alcohol, vape products, knives), online gambling and gaming, adult content platforms, cryptocurrency exchanges and fintech platforms, dating services, and public sector applications.
The common thread is that each of these sectors faces the same tension: regulatory requirements demand robust verification, but the verification process itself can drive customers away. Bank-verified identity resolves that tension by meeting compliance standards through a method that users complete rather than resist.
Frequently Asked Questions
How does bank-verified identity work?
Bank-verified identity works through Open Banking, the secure framework regulated by the FCA. When a user needs to verify their age or identity, they select their bank from a list, log in using their normal banking credentials, and give consent for a single piece of information to be shared: confirmation that they are over the required age. The bank sends a yes-or-no response. No financial data, transaction history, or account details are shared. The entire process typically completes in under 30 seconds.
Is bank-verified age verification compliant with the UK Online Safety Act?
Yes. Ofcom lists Open Banking-based verification as a method capable of delivering highly effective age assurance under the Online Safety Act. Bank-verified identity confirms actual age from a verified data source rather than estimating it, which satisfies the accuracy requirements set out in Ofcom's guidance. OneID is certified under the UK Digital Identity and Attributes Trust Framework (DIATF) and regulated by the FCA.
What is the difference between bank-verified identity and a credit check?
A credit check queries a credit reference agency database and may leave a footprint on the user's credit file. Bank-verified identity uses Open Banking to confirm information directly with the user's bank, with their explicit consent, and leaves no mark on any credit record. Bank verification also covers a wider demographic, as it works for anyone with a UK bank account, including people who may not have a credit history.
Do users need to download an app to verify their age with bank verification?
No. Bank-verified identity works through a web browser. The user is redirected to their bank's secure login page, authenticates as they normally would, gives consent, and is returned to the original site or app. There is no separate app to download, no account to create, and no additional software required.
What data is shared during bank-verified identity checking?
Only the minimum data needed to complete the check. For age verification, the bank confirms whether the user is over the required age threshold, typically 18. It does not share the user's date of birth, financial data, transaction history, or account balance. The user gives explicit consent before any data is shared, and that consent is revocable. No documents are uploaded or stored at any point in the process.
.png)
