Implementing Age Verification in WooCommerce with eIDAS

Why WooCommerce Stores Need Age Verification

If you sell age-restricted products online—alcohol, tobacco, vaping products, supplements, CBD, adult content, or gambling services—age verification isn't optional. It's a legal requirement across the European Union, and the penalties for non-compliance are severe.

The Legal Landscape

Germany: Selling alcohol to minors carries fines up to €50,000 and potential criminal charges.

UK: The Licensing Act 2003 imposes unlimited fines for selling alcohol without age verification.

France: Online alcohol sales require identity verification with fines up to €7,500 for violations.

EU-Wide: The General Product Safety Regulation (GPSR) mandates age verification for products with age restrictions.

Beyond legal compliance, implementing age verification protects your business from:

• Chargebacks: Parents disputing purchases made by minors
• Brand Damage: Negative publicity from selling to underage customers
• License Revocation: Loss of permits to sell age-restricted products
• Insurance Issues: Many insurers require proof of age verification systems

Age Verification Approaches for European Markets

Common Age Verification Methods

Most WooCommerce age verification plugins use one of these approaches:

Checkbox Self-Certification:

• "I confirm I am over 18 years old"
• Limited legal validity in most EU jurisdictions

Document Upload with Manual Review:

• Users photograph and upload ID documents
• Manual review team checks each submission
• Processing time: 24-48 hours

Credit Card Verification:

• Assumes card holders are adults
• Not recognized as age verification in most EU countries

Third-Party Verification Services:

• Various approaches and cost structures
• Typically involves document upload or biometric verification

For WooCommerce stores primarily serving European markets, eIDAS offers an alternative optimized for EU privacy regulations.

eIDAS Verification for EU Markets

eIDAS-based verification provides several benefits for European merchants:

Instant Verification: 5-10 seconds from scan to confirmation

Privacy-by-Design Architecture: Your store never receives or stores identity documents

Universal Coverage: Works across all 27 EU member states with a single integration

GDPR-Aligned: Minimal data collection reduces compliance obligations

Legally Recognized: Government-issued identities with full legal validity

Mobile-Native: Seamless experience on smartphones where most shopping happens

Verification Flow Comparison

Document-Based Approach:

1. Customer adds age-restricted product to cart
2. Proceeds to checkout
3. Prompted to upload photo ID
4. Takes photo and submits
5. Waits for manual review (24-48 hours)
6. Returns to complete purchase once approved

eIDAS Verification:

1. Customer adds age-restricted product to cart
2. Proceeds to checkout
3. Scans QR code with national eID app
4. Confirms with fingerprint
5. Immediately: Verification complete
6. Completes purchase

For international stores, many merchants implement geographic-based verification: eIDAS for EU customers, alternative methods for other regions. This dual-track approach optimizes for regional privacy requirements while maintaining global coverage.

Step-by-Step Integration Guide

Prerequisites

Before you begin, ensure:

• WooCommerce 8.0 or higher
• PHP 8.0 or higher
• HTTPS enabled (required for eIDAS)
• WordPress 6.0 or higher

Step 1: Install the eIDAS Pro Plugin

Via WordPress Admin:

1. Navigate to Plugins → Add New
2. Search for "eIDAS Pro Age Verification"
3. Click Install Now
4. Click Activate

Via Manual Upload:

1. Download the plugin from eidaspro.com
2. Navigate to Plugins → Add New → Upload Plugin
3. Upload the ZIP file
4. Click Install Now
5. Click Activate

Via WP-CLI:

wp plugin install eidas-pro-age-verification --activate

Step 2: Obtain API Credentials

1. Create an account at dashboard.eidaspro.com
2. Navigate to Settings → API Keys
3. Click Create New Key
4. Select environment: Demo (for testing) or Production (for live store)
5. Copy your API Key and Secret Key

Important: Store your Secret Key securely. Never commit it to version control or expose it in client-side code.

Step 3: Configure the Plugin

Navigate to WooCommerce → Settings → eIDAS Pro in your WordPress admin.

Basic Settings

API Key: Paste your API key from Step 2

Secret Key: Paste your secret key

Environment: Select Demo for testing, Production for live

Verification Mode: Choose when to verify:

• At Checkout: Verify before order placement
• Before Add to Cart: Verify before allowing restricted products in cart
• On Account Registration: Verify once per account

Recommended: Use "At Checkout" for best conversion rates.

Product Configuration

Enable for Product Categories: Select which categories require verification:

• Alcohol
• Tobacco & Vaping
• Supplements & Nutrition
• CBD & Cannabis
• Adult Content

Enable for Specific Products: Toggle individual products that require verification

Age Threshold: Set minimum age (18, 21, or custom)

Advanced Settings

Verification Validity: How long a successful verification is valid

• Session: Valid for current browser session only
• 24 Hours: Reuse verification for 24 hours
• Account: Store verification on user account permanently

Recommended: Use Account for returning customers to avoid re-verification.

Fallback Behavior: What happens if verification fails

• Block Checkout: Prevent order placement
• Admin Review: Flag order for manual review
• Alternative Method: Offer manual verification option

QR Code Display: Where to show the verification QR code

• Modal Popup: Overlay on current page (recommended)
• Dedicated Page: Redirect to separate verification page
• Inline: Show directly in checkout

Mobile Optimization: Enable deep links for mobile browsers (automatically opens native eID app)

Compliance Settings

Data Retention: Configure how long to retain verification logs

• Minimum Required: 30 days (for audit purposes)
• Recommended: 12 months
• Maximum: 7 years

GDPR Compliance:

• ✓ Enable "Verification Log Access" (allows customers to download their verification history)
• ✓ Enable "Automatic Deletion" (deletes logs after retention period)
• ✓ Add verification disclosure to Privacy Policy (auto-generated text provided)

Legal Notices: Customize the verification consent text:

"To comply with EU regulations on age-restricted products, we verify your age using your national eID. This process is secure, instant, and does not require uploading documents. We receive only confirmation that you meet the age requirement—no other personal data."

Step 4: Test in Demo Mode

Before going live, thoroughly test the verification flow.

Test Product Setup:

1. Create a test product (e.g., "Test Wine")
2. Assign it to the "Alcohol" category
3. Set price to €0.01 for testing
4. Save product

Test Checkout Flow:

1. Open your store in a new incognito/private browsing window
2. Add test product to cart
3. Proceed to checkout
4. Complete standard checkout fields
5. Click "Place Order"
6. Verification modal should appear with QR code

Test Demo Mode Verification:

In Demo mode, verification auto-completes after 3 seconds:

• Scan QR code with your phone camera
• Observe the "Verifying..." state
• After 3 seconds, verification succeeds automatically
• Order is placed successfully

Test Failure Scenarios:

Force a failure by clicking "Simulate Failure" in the demo interface:

• Verify error message is clear
• Verify fallback behavior works correctly
• Verify customer can retry

Test Mobile Experience:

1. Open your store on a smartphone
2. Add product and proceed to checkout
3. Tap the verification button
4. Deep link should open (or prompt to install) your country's eID app
5. Verify the flow is seamless on mobile

Step 5: Configure Production Mode

Once testing is complete, switch to production:

1. Go to WooCommerce → Settings → eIDAS Pro
2. Change Environment to Production
3. Replace API credentials with production keys
4. Update Verification Mode to your preferred setting
5. Save changes

Important: Production mode requires actual national eID apps and will perform real verifications.

Step 6: Update Checkout Page

Add a trust badge to increase confidence:

<div class="eidas-trust-badge">
  <img src="/wp-content/plugins/eidas-pro/assets/eidas-badge.svg" alt="eIDAS Verified">
  <p>Secure age verification powered by eIDAS Pro. No document uploads required.</p>
</div>

Add CSS to style the badge:

.eidas-trust-badge {
  display: flex;
  align-items: center;
  gap: 12px;
  padding: 16px;
  background: #f0f9ff;
  border: 2px solid #0ea5e9;
  border-radius: 8px;
  margin: 20px 0;
}

.eidas-trust-badge img {
  width: 48px;
  height: 48px;
}

.eidas-trust-badge p {
  margin: 0;
  color: #0c4a6e;
  font-size: 14px;
}

Configuration Best Practices

Optimize Conversion Rates

Late Verification: Verify at checkout, not before add-to-cart. Users are more committed at checkout.

Clear Communication: Explain the verification process before users encounter it:

"Age verification is required for this purchase. You'll be asked to scan a QR code with your national ID app—it takes just 5 seconds and requires no document uploads."

Progress Indicators: Show verification as a step in checkout progress, not a barrier.

Mobile-First: Ensure the mobile experience is flawless—most purchases happen on mobile.

Compliance Best Practices

Regular Audits: Review verification logs monthly to ensure compliance

Staff Training: Ensure customer support understands the verification process

Privacy Policy: Update your privacy policy to include age verification data processing

Records Retention: Configure appropriate retention periods for your jurisdiction

Vendor Due Diligence: Document your eIDAS service provider's compliance certifications

Performance Optimization

Enable Caching: Use a caching plugin but exclude checkout pages

CDN Configuration: Ensure your CDN doesn't cache verification endpoints

Lazy Loading: Load verification scripts only when needed (plugin does this by default)

Monitor Latency: Use the plugin's built-in performance monitoring to track verification speed

Compliance Benefits

GDPR Alignment

eIDAS verification is GDPR-compliant by design:

Data Minimization: Only receive age confirmation, not full birthdate or other PII

Purpose Limitation: Data is used solely for age verification

Storage Limitation: No identity documents stored on your servers

User Rights: Users can access, delete, or export their verification history

Consent Management: Clear opt-in with explanation of data use

Industry-Specific Regulations

Alcohol & Tobacco:

• Meets EU requirements for age verification
• Satisfies national regulations in all 27 member states
• Provides audit trail for regulatory inspections

Gambling:

• Complies with gambling commission requirements
• Prevents underage gambling
• Enables responsible gambling measures

Adult Content:

• Satisfies age verification requirements in UK Online Safety Act
• Complies with German State Media Treaty (JMStV)
• Meets French CSA age verification standards

Customer Experience Improvements

The difference between traditional and eIDAS verification is stark.

Traditional Document Upload Experience

• User Action: "Upload your ID"
• User Thought: "Why do they need my ID? Is this safe? I'll do this later..."
• Result: 61% abandonment

eIDAS Experience

• User Action: "Scan with your ID app"
• User Thought: "Oh, I have that app. Quick verification, no upload."
• Result: 8% abandonment

Customers appreciate:

• Speed: No waiting for manual review
• Privacy: No uploading sensitive documents
• Convenience: Works with apps they already have
• Trust: Government-backed verification

Troubleshooting Common Issues

"Verification Session Expired"

Cause: User took too long to scan QR code (sessions expire after 5-10 minutes)

Solution: Display a new QR code, extend session timeout in settings

"eID App Not Supported"

Cause: User's country doesn't have a recognized eID app yet

Solution: Enable fallback verification method (manual review or alternative service)

"Mobile Deep Link Not Working"

Cause: User's device doesn't recognize the eID app deep link

Solution: Ensure mobile optimization is enabled, provide manual app launch instructions

"High Verification Failure Rate"

Cause: Users don't understand what's required or how to use their eID app

Solution: Add explanatory text, video tutorial, or FAQ before verification

Cost Structure for EU Market Age Verification

Document-Based Verification Services

Document-based verification services typically charge:

Setup fee: €500-2,000 Per verification: €1.50-3.00 Monthly volume (1,000 verifications): €1,500-3,000/month Annual cost: €18,000-36,000

Additional considerations:

• Data storage and security compliance infrastructure
• Customer support for verification issues
• Variable conversion rates

eIDAS Pro Costs

Starter Tier (up to 1,000 verifications/month):

• €49/month
• Includes all features, unlimited retries, technical support
• Annual cost: €588

Standard Tier (up to 10,000 verifications/month):

• €199/month
• Annual cost: €2,388

Example: Mid-Sized Wine Shop with 2,000 Age Verifications/Month

For stores with primarily EU customer bases (>80% EU traffic):

• Document-based verification: ~€4,500/month
• eIDAS Pro: €199/month
• Potential monthly optimization: €4,301

Cost-effectiveness depends on verification volume and geographic customer distribution.

For international stores, many implement a hybrid approach: eIDAS for EU customers (flat fee) and alternative verification for non-EU customers, optimizing costs based on where customers are located.

Conclusion

Implementing eIDAS-based age verification in WooCommerce transforms compliance from a burden into a competitive advantage. You satisfy legal requirements while delivering a customer experience that actually increases conversion rates instead of destroying them.

The combination of instant verification, zero document uploads, universal EU coverage, and fraction-of-the-cost pricing makes eIDAS the obvious choice for any WooCommerce store selling age-restricted products.

Setup takes 15 minutes. Testing takes 30 minutes. The business benefits last forever.

---

Ready to add eIDAS verification to your WooCommerce store? Start with a free trial → or book a consultation to discuss your specific requirements.