With age verification laws now firmly in place across multiple markets, merchants are asking practical questions: How is this affecting traffic? What happens during client onboarding? Which approaches are proving workable in real payment flows?
This month, let’s look at how compliance requirements and underwriting standards are intersecting for real merchants, using real transaction data. Understanding how these laws play out at the processing level can help your company prepare, stay compliant and protect revenue during a time of rapid regulatory change.
Age gates have evolved from simple checkboxes into critical compliance infrastructure. The challenge for merchants is no longer whether to implement age verification, but how to do so without eroding the customer experience or creating unnecessary friction in the payment journey.
A Challenging Year of Compliance
In June, the U.S. Supreme Court upheld Texas’ HB 1181, which requires adult websites to verify the age of users before granting access to adult content. Around the same time, the U.K.’s Online Safety Act came into force, mandating robust age verification processes for services accessible to U.K. users. Ofcom provided detailed guidance on acceptable compliance tools and implementation standards.
For merchants and processors alike, 2025 has felt like a demanding year. Even while our company was working to ensure our merchants were compliant with a growing patchwork of state- and country-level requirements, we found ourselves directly involved in age verification litigation in the state of Florida.
Much of the final quarter of the year was spent reviewing merchant policies, testing AV integrations and resolving compliance gaps. These requirements have added time and complexity to underwriting — both internally and with banking partners — as processors must now verify AV compliance as part of the Visa Integrity Risk Program.
The Traffic Shift
Beyond the compliance workload, merchants naturally want to know what impact age verification has had on consumer behavior.
From a payment perspective, the most relevant insight comes from transaction data, not theory. Among our clients, U.S. sales volume has declined approximately 4% since the start of the year as merchants implemented verification tools or blocked access in jurisdictions with age verification mandates. Florida, Texas and Tennessee showed the most noticeable impact.
Research suggests that once age verification laws take effect, a portion of users attempt to circumvent requirements by searching for VPNs or shifting toward noncompliant sites. Regulators are aware of this behavior, and VPNs themselves are now coming under increased scrutiny in both the U.S. and abroad.
A Different Story in the EU
By contrast, our European portfolio tells a different story. Based on our internal data, overall EU sales increased in 2025 and showed little to no negative impact from age verification requirements. Germany, France, Spain and Italy remained stable, suggesting that enforcement consistency and user expectations play a major role in adoption.
To date, most EU enforcement activity has centered on sites classified as “very large online platforms” under the Digital Services Act. However, Italy’s communications regulator identified 48 platforms, large and small, as required to implement age verification, with deadlines varying based on jurisdiction.
In July 2025, the European Commission introduced an official age verification blueprint, designed to be privacy-preserving and adaptable across member states. Pilots are underway in countries including Denmark, France, Italy, Greece and Spain. As these initiatives mature, they will likely shape broader EU approaches heading into 2026.
The UK: High Compliance, Minimal Disruption
The U.K. stands out as a market where preparation paid off. Ofcom spent nearly two years studying the adult market before enforcing the Online Safety Act, and the result was a clearer compliance road map.
From a processing standpoint, we saw no meaningful decline in U.K. consumer traffic after the law went into effect. While global VPN usage now averages around 3%, the U.K. sits closer to 6%, prompting Ofcom to monitor VPNs as a potential circumvention method.
What Merchants Are Actually Doing
As we’ve worked directly with merchants on compliance, several common patterns have emerged. During onboarding and updates, we frequently see merchants implementing solutions from providers such as VerifyMy, Yoti, BlueCheck, Veriff and AgeWallet.
The primary drivers behind merchants’ choices of specific AV providers are: speed of integration, cost, data-handling practices, and the ability to meet bank requirements without significantly disrupting the checkout experience. Some merchants have also chosen to block access in markets where they are not actively operating or marketing, rather than implementing verification tools immediately.
What’s Working — and Where Challenges Remain
From a processor’s perspective, age verification systems that minimize friction and avoid storing personal data tend to integrate more smoothly into payment flows. Solutions that verify age through encrypted databases or telecom records, without requiring document uploads or persistent user accounts, generally lead to lower abandonment and fewer consumer complaints.
Progressive or risk-based models also perform well. These systems verify users only when they attempt to access restricted content or escalate checks based on behavior, rather than applying high-friction barriers universally.
More intrusive approaches, such as ID scans or facial recognition, may satisfy legal requirements, but they often introduce downstream challenges. These can include increased drop-off rates, privacy objections, higher customer support volume and additional scrutiny during underwriting.
Looking Ahead: Age Verification as Infrastructure
Age gates have evolved from simple checkboxes into critical compliance infrastructure. The challenge for merchants is no longer whether to implement age verification, but how to do so without eroding the customer experience or creating unnecessary friction in the payment journey.
Emerging approaches point toward privacy-preserving solutions, such as zero-knowledge proofs, mobile network-based verification, device-level digital IDs and reusable age tokens. The goal is verification that is strong enough for regulators while remaining nearly invisible to compliant users.
From a payments standpoint, reliable compliance supports stable processing relationships, smoother onboarding and long-term business viability.
Age verification is not going away. Merchants, regulators, processors and technology providers therefore now share a common challenge: protecting minors while respecting privacy and preserving revenue.
The platforms and merchants that succeed will be the ones that implement verification systems strong enough for regulators but seamless enough for consumers — proof of age without proof of identity. Those who navigate this balance effectively will be better positioned for growth in a more compliant, privacy-first industry.
Cathy Beardsley is president and CEO of Segpay, a merchant services provider offering a wide range of custom financial solutions, including payment facilitation, direct merchant accounts, and secure gateway services. Under her direction, Segpay has become one of four companies approved by Visa to operate as a high-risk internet payment services provider. For questions or help, contact sales@segpay.com or compliance@segpay.com.
