Valve has begun requiring UK Steam users to verify their age with a credit card, a move the company says is necessary to comply with Britain’s Online Safety Act. The change means players in the UK will need to complete a one-time card check to prove they are over 18 before accessing restricted content on the platform.
The Online Safety Act, a sweeping law that places new duties on digital services to protect children from harmful material, is pushing major platforms to adopt stricter age-assurance measures. Valve’s approach aligns with a broader industry pivot toward stronger identity checks, but it also raises immediate questions about access and privacy-particularly for adults who don’t have credit cards or are reluctant to share payment details for verification.
Regulators are preparing to enforce the rules in phases, and companies operating in the UK face significant penalties for non-compliance. For Steam’s millions of British users, the new gatekeeping could quickly become a defining test of how age verification is implemented across the gaming ecosystem.
Valve enforces credit card age verification for UK Steam users under the Online Safety Act
Responding to UK regulatory pressure, Valve is introducing a one-time credit card age verification for UK-based accounts before users can view or purchase 18+ content or access mature-tagged community areas. Framed as age assurance rather than a payment step, the gate sits atop Steam’s existing self-declaration prompts and is tied to accounts whose country is set to the United Kingdom, reflecting compliance with the Online Safety Act and emerging guidance from Ofcom.
- Who’s affected: Accounts registered to the UK; global users remain unchanged.
- What’s required: A valid credit card to confirm age; gift cards and most prepaid options are unlikely to qualify.
- Where it applies: Store pages, trailers, demos, DLC, and community posts flagged for adults.
- How often: Intended as a one-off check per account, with potential re-verification after major account changes.
- If you decline: Steam usage continues, but access to restricted content is blocked.
The shift aligns Steam with UK age-assurance duties but raises practical and market questions: added friction for adults without credit facilities, potential privacy scrutiny over verification flows, and probable conversion impacts for studios reliant on impulse discovery of mature titles. In the near term, expect clearer age-gating notices, more prominent eligibility messaging on store pages, and support teams fielding queries about verification outcomes-an operational tax that, for now, looks like the cost of doing business under the UK’s tightened online safety regime.
How the verification process works who is affected and what data Valve stores
Valve has introduced a one-time, card-based age check for UK accounts when users attempt to view or buy PEGI 18 content, join adult-marked community hubs, or otherwise access features flagged for adults. The prompt asks the account holder to submit a valid credit card in their name; a small, temporary authorization (commonly £0-£1) is placed to verify adulthood via the card network’s checks, then immediately reversed. Valve says no credit search is performed, and the flow is handled through its payment processor with 3‑D Secure where applicable. Once approved, the status follows the account across devices, though it may be rechecked if the account’s country settings change or compliance rules are updated.
- What triggers the check: Visiting 18+ product pages, completing purchases for adult-rated titles, or accessing mature community features.
- How it works: Confirm UK location → submit credit card → processor runs an authorization → approval sets an “adult-verified” flag on the account.
- Limitations: Prepaid cards and cards registered to minors are typically rejected; debit cards may not be accepted as proof of age under this policy.
The requirement applies to new and existing UK-based Steam accounts, and may also affect travelers accessing Steam from within the UK. Family accounts remain subject to parental controls; refusing verification limits access to adult-rated content and features but does not lock users out of the platform entirely. On data handling, Valve states it retains only the minimum needed to evidence compliance-primarily a binary verification status-while the underlying card details are processed by its payments partner. The company says the check is not used for advertising and does not change recommendation algorithms beyond allowing or blocking adult-restricted areas.
- What Valve stores: Account-level “18+ verified” status, date/time of verification, country/region signal, and the verification method used.
- What Valve says it does not store: Full card numbers, CVV, or birth dates; no credit scores or credit-application data.
- Retention and control: Records are kept for regulatory audit and can be removed if the account is deleted; losing the record will remove access to adult-restricted content until reverified.
Consequences for minors privacy prepaid payments refunds and cross border access
As Valve ties UK account access to a credit card age check mandated under the Online Safety Act, under‑18 players and unbanked adults could see immediate friction. Many teens lack access to traditional credit facilities, and guardians may be reluctant to link their cards to gaming profiles, raising household risk and accountability questions. The approach also concentrates privacy exposure: even if only a £0/£1 authorisation is used, card tokens, billing metadata, and IP logs increase the amount of personal data in play, creating fresh duties around minimisation, retention, and breach notification.
- Access: Minors without cards may be effectively locked out, pushing activity to consoles or unregulated marketplaces.
- Privacy: Additional payment identifiers expand the surface for profiling and fraud.
- Workarounds: Family‑sharing and third‑party verification apps could become stopgaps, each with trade‑offs.
- Equity: Users reliant on prepaid or cash‑based methods face disproportionate barriers.
Knock‑on effects reach the checkout and customer service lanes. If verification is limited to credit rails, prepaid vouchers, debit cards, and wallet top‑ups may remain insufficient to unlock mature content or online features, fragmenting the catalog for lawful users. Questions also arise over refunds and stranded balances: what happens to purchased titles or funds if verification fails, is contested, or if a parent withdraws consent? The policy’s cross‑border edges are equally fraught; UK‑region accounts used abroad, or EU visitors transacting on UK storefronts, could hit inconsistent prompts depending on geolocation, billing address, and account region, complicating consumer rights and data transfer obligations. Clear guidance on alternative verification methods, data handling, and remediation paths will determine whether compliance lands as protection-or as exclusion.
Actionable steps for UK players and parents to comply while minimizing data exposure
Players: Verify only through the official Steam client or the steamcommunity.com/steampowered.com domains, and keep the transaction as minimal as possible. Prefer a low-limit or virtual credit card from your bank if available, decline any “save card” prompts, and remove the card from your account immediately after the check. Switch to Steam Wallet top-ups or retail gift cards for future purchases, enable Steam Guard for account security, and review Valve’s privacy settings to limit marketing communications. Keep an audit trail: screenshots of the verification screen, timestamps, and your bank’s authorization alerts.
- Use a constrained card: Virtual/disposable numbers or a low-limit credit card can reduce exposure if details are compromised.
- Verify in-app only: Never complete checks via email links, DMs, or third-party sites claiming to “speed up” age verification.
- Decline storage: Uncheck “save payment method,” then remove the card via Account details → Manage payment methods.
- Shift payments post-check: Prefer wallet funds or retail gift cards; revisit your saved methods monthly.
- Harden security: Enable Steam Guard, unique password, and bank spend alerts; watch for micro-authorizations.
- Exercise data rights: Review Valve’s privacy policy and adjust communications; request removal of saved payment data where options are provided.
Parents: If a parent/guardian card is used, supervise the process end‑to‑end and conduct it on a trusted device and network. Remove the card immediately after verification, then enable Family View to pin-lock purchases, mature content, and chat. Favor wallet allowances or gift cards for spending, set clear limits, and educate children on phishing and impersonation risks. Keep confirmation emails and bank notifications, and revisit settings after major Steam updates or policy changes.
- Supervised verification: Enter card details yourself; do not share numbers or photos of cards over chat or screen share.
- Lock down Steam: Turn on Family View with a PIN; restrict storefront visibility, spending, and communication features.
- Use safer funding: After verification, rely on wallet top-ups/gift cards; avoid leaving any card on file.
- Separate credentials: A dedicated email alias and strong, unique password for the child’s account reduce cross‑service exposure.
- Monitor and document: Enable bank alerts, keep receipts, and review purchase history and playtime within Steam.
- Stay official: Only contact Steam Support through the client or official site; ignore third parties offering “verification services.”
For Valve, the move underscores a broader shift facing global platforms as the UK’s Online Safety Act begins to bite: compliance is no longer theoretical, and age assurance is moving from policy papers into everyday product design. For users, the immediate reality is more friction-and renewed questions about privacy, inclusivity, and what happens to those without access to a credit card.
Whether Steam sticks with card-based checks or adopts alternative age-assurance methods as regulators refine guidance remains to be seen. For now, UK players should expect an extra verification step before accessing age-restricted content, and developers will be watching closely to see how this affects discovery, conversions, and community dynamics. We’ll continue tracking how Valve implements the system, how Ofcom’s enforcement evolves, and whether the industry converges on a standard that balances safety with user trust.
