This action by BT and EE, CK Hutchison Group Telecom, Virgin Media O2 and Vodafone Group supports the new Online Safety Act
BT and EE, CK Hutchison Group Telecom, Virgin Media O2, and Vodafone Group announced the commercial launch of APIs to help online platforms verify customers’ ages and fight digital fraud.
The APIs are from the GSMA Open Gateway initiative and comply with with CAMARA standards, “to give developers simple, secure tools to protect consumers and comply with new UK safety laws,” according to the GSMA.
The launch weeks after the Online Safety Act came into force in the UK, mandating age checks for platforms hosting user-generated content. According to the Age Verification Providers Association, UK consumers undergo 5 million additional age checks every day under the new law. The role of the APIs is to make this process scalable and “frictionless”.
Online fraud is an escalating threat: people in the UK lost £11.4 billion to scams last year, according to the Global Anti-Scam Alliance’s (GASA) latest The State of Scams in the UK report. Worldwide, GASA estimates that criminals scammed more than $1 trillion from victims last year.
Jersey Telecom (JT Group) and TMT.ID are already working with UK operators to process hundreds of thousands of Network API calls a month to support services from age assurance for social media platforms to smoother, more secure App registrations and logins.
The three new APIs
The KYC Age Verification API is available now. It checks whether a customer is eligible for age-restricted products and services. Operators already manage verified user data linked to a mobile number and so are well palced to provide a verification for digital platforms. The API can be applied to services like streaming services, gaming platforms, online marketplaces and adult content websites.
The KYC Tenure API is also available now and intended to trust by quickly determining whether a phone number has been in use for a certain period. It checks if the lifetime tenure of a phone number is longer than an input date provided by the customer to bolster – or disprove – the veracity of self-reported identity data.
The KYC Match API will be available by the end of 2025. It will allow businesses to cross-check information provided by customers with verified records maintained by the user’s mobile network operator. This cross-check comparison can include details such as mobile phone number, name, postal code, address, birthdate and email address. No Personal Identifiable Information (PII) is shared in the process, protecting users’ privacy while enabling secure and accurate verification.
Plans for next year
Next year UK operators plan to expand their API portfolio with additional services for proof of identity and fraud prevention, plus to improve network quality by leveraging 5G infrastructure for better availability, latency and throughput.
The UK initiative forms part of the global GSMA Open Gateway programme, which includes more than 79 mobile operator groups representing 291 networks and nearly 80% of mobile connections worldwide. The initiative facilitates the design of digital products that can operate on all devices, regardless of the country or operator.
The service APIs are available through the CAMARA repository, an open-source project by the Linux Foundation and a fundamental part of the GSMA Open Gateway initiative.
