The real problem with age verification isn't the method (facial recognition vs credit cards) — it's that deterministic verification requires high-value PII and creates honeypots. Credit cards are just identity by proxy with slightly different attack surface.

Probabilistic verification using behavioral signals and metadata (device age, account age, interaction patterns) doesn't perfectly verify age but massively reduces the privacy trade-off. Most platforms optimize for regulatory compliance, not actual safety.