7-Eleven’s New Age-Verification Provides Proof For Police, But Is Far From Perfect

Written by Evan Schuman
April 18th, 2012

7-Eleven on Monday (April 16) started a new age-check system, one that provides digital proof that a specific person’s credentials were checked at a specific date and time. This will provide the nation’s largest convenience-store chain with a new independent way to fight back when police say that an underage customer’s driver’s license had never been checked.

But it won’t address many of today’s more common age-ID problems, including waiving license checks if the associate thinks the person is old enough, license photos often being bad enough to fool weak authenticators, and under-age consumers using the driver’s license of an older sibling. Still, 7-Eleven has crafted ways to deal with some of those gotchas with the new system.

The devices will partially automate the system by scanning a 2D barcode on the back of most driver’s licenses. The system will perform that check without saving any personal data. Indeed, it will only record an otherwise meaningless number that represents the ID and the date/time, not dissimilar to the way a one-way hash turns a payment-card transaction into a token and one-way hash and a fingerprint biometric scan turns a fingerprint into a series of numbers that can later verify that fingerprint without storing the fingerprint itself.

The only way that number would have any meaning is if someone—such as law enforcement—brought the license in and said it had never been checked.

Monday marked the state-wide rollout of the system through the 1,600 7-Elevens in California. But this will hardly be a slow rollout. “If everything goes OK here (in California), we’ll roll it out nationwide (to all 9,100 U.S. 7-Eleven stores) on May 14,” said Keith Jones, the chain’s senior director of regulatory affairs. California was actually not the first market for the NEC units, as 7-Eleven had “tested it in a couple of markets in Michigan” beforehand, Jones said.

A 7-Eleven statement said the “scan will verify the birth date stored on the card as well as the validity of the ID,” but that’s actually not the case. It doesn’t even try to verify the birthdate—such as by accessing databases of birth records for various states—and assumes that the birthdate on the driver’s license is correct. Nor does it validate that the license is not forged, other than being unable to read the 2D barcode if it was a weak forgery.

What the system—which will cost about $1 million—does do, however, is perform the math needed to determine if the date of birth makes the customer old enough to purchase the age-restricted item, such as alcohol, tobacco, lottery tickets and potential inhalants. Even though it’s a relatively simple calculation, why risk that at 2 AM a tired store associate might miscalculate?

Jones said the systems will make age compliance more accurate, consistent and provable. But it won’t address many of today’s age-ID problems.

For example, one of the most common schemes among under-age consumers is to simply borrow the driver’s license of an older sibling. In that case, the barcode would show an age that qualifies for the purchase and a barcode that is legitimate. “If someone uses his big brother’s card, it won’t catch that, so it’s not perfect,” Jones said.

Associates are supposed to check the license photo to try and match it to the customer, but that is not a very reliable system. First, in the case of a slightly older sibling, there is often enough of a resemblance to thwart the photo verification. Second, Jones pointed out that many license pictures do not look that much like the guest. Also, rushed associates may not make a careful comparison and people’s looks can change sharply over the years that the license is valid, especially with the color of—and even the quantity of—facial hair.

NEC’s system was integrated with—and programmed on top of—7-Eleven’s proprietary, homegrown POS system and all stores—including franchisees—are required to install it. But franchisee resistance is not expected, Jones said, because the chain is picking up the full tab.

Standard 7-Eleven procedure is to card anyone who looks younger than 30 and to not bother scanning anyone else. 7-Eleven has added a POS mechanism to deal with that with the new system. An associate will have a visual override button, so that customers who clearly look of age are not bothered.

In theory, such an override button could undermine the effectiveness of this entire verification system. But Jones said the chain has tried to address that. “If a store fails our own audit or that of an enforcement agency, then we remove that (override) capability,” he said. “One strike, you’re out.”

Given the likely level of unhappiness that a store manager would feel from such a penalty—especially given how much slower it could make operations and how many older customers would have to be bothered—that should provide an incentive for associates to be careful when choosing the over-ride button.

There’s nothing like having to card senior citizens who want to buy a six-pack of beer to suck the convenience right out of a convenience store.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.