Confused about the legality of scanning IDs in your retail store? You’re not alone.
ID scanning laws vary by state. Each state has different requirements. In Nevada, for example, retailers are required to scan IDs for tobacco sales. Note: Nevada is the only state that requires ID scanning for cigarettes.
However, although you may not be required to scan IDs, it can help you stay compliant. ID scanning can help you catch fake IDs, reduce errors, and check driver’s licenses quickly.
Generally, you might choose to scan IDs based on the products you sell (e.g., tobacco, liquor, or cannabis). Or if your business must restrict access to underage guests (like a bar, dispensary, or nightclub). In these cases, you might be wondering:
- Is it legal for my store to scan driver’s licenses? (Spoiler alert: it depends heavily on where you live and what you sell!)
- Can my customers refuse to have their ID scanned? (The answer might surprise you!)
- What about ID scanning for cigarettes, alcohol, and other age-restricted products? (We’ve got you covered!)
This guide to ID scanning laws by state covers that and more. Keep reading to learn everything there is to know about using an ID scanner in your business.
ID Scanning Laws: A Quick Overview
A common question that we hear is: Is my business required to scan IDs before completing a purchase.
In most cases, you aren’t required to scan driver’s licenses. However, a few states do require mandatory ID scans in certain cases. They include:
- Nevada requires ID scans for tobacco and cannabis sales.
- Missouri requires ID scans for cannabis sales.
- Illinois requires ID scans at dispensaries (both to enter and purchase) and for online tobacco sales.
- Utah requires ID scans for alcohol sales and to enter bars / nightclubs.
- In Pennslyvania, ID scanning is required for to-go alcohol sales.
- Michigan requires ID scans for online tobacco sales.
Several states do require ID scanning technology for transactions like: check cashing, pawn exchanges, scrap metal sales, notary public, currency exchange, sale of cold/flu medicine, and controlled substances.
I. Can I Legally Scan IDs? I
Am I legally permitted to scan IDs?
The answer is that yes, in most cases, your business can choose to scan IDs. New Hampshire is the only state that prohibits ID scanning, and Maryland has a bill under consideration.
However, each state has different requirements for:
- The information that can be collected,
- The types of transactions ID scans can be used for,
- How long or if the information can be stored.
To remain compliant, you must carefully consider your state’s ID scanning requirements.
II. Consent Laws and ID Scanning
In most cases, the business isn’t required to inform the customer before performing a scan. However, consent is required if biometric information will be collected like:
- Fingerprint
- Image scan
In these cases, the business would need a notification waiver to collect and store this sensitive data. Ultimately, review your state’s consent requirements prior to implementing ID scanning.
III. Affirmative Defense and ID Scanning Laws
Several states protect businesses that scan IDs under “affirmative defense” laws.
In these states, using an ID scanner offers businesses legal protection if they unknowingly sell to a minor despite a seemingly valid ID. The scan acts as proof that the business took “reasonable” precautions to prevent an underage sale.
For example, if an underage guest at a bar was using a fake ID and it passed an ID scan, the business could be potentially protected from fines and lawsuits (in certain cases and for the sale of certain products). These laws vary by state.
For example, in Arizona, affirmative defense relates to alcohol sales. States with affirmative defense laws with ID scanning include:
- Arizona
- Connecticut
- Nevada
- New York
- North Carolina
- Ohio
- Oregon
- Pennslyvania
- Rhode Island
- Texas
- Utah
- West Virginia
ID Scanning Laws: FAQs
Retailers and bar owners face pushback from customers regarding ID scans. Many customers have privacy concerns. Therefore, if you choose to implement ID scanning, you might be wondering:
1. What is ID scanning?
ID scanning involves using a device to scan the barcode of an ID document (driver’s license, passport, state ID card, or government-issued ID). A scanner reads the information, determines if the ID card is legitimate, and can then store the data.
2. Are there federal ID scanning laws?
Currently, there are no federal laws regarding ID scans. However, there are laws that govern consumer privacy. Therefore, businesses should choose an ID scanner that’s compliant with these laws, which regulate the storage and transfer of personal information.
3. Can a customer refuse to have their ID scanned?
Yes, a customer can refuse an ID scan. In the cases outlined above (when ID scanning is mandatory), a transaction can’t legally take place.
But what if an ID scan isn’t legally required?
Business owners should set their own rules. Outside of New Hampshire (where ID scanning is prohibited), a business owner could either:
- Choose to refuse entry to the customer
- Or manually inspect the driver’s license
4. What information can be stored?
Each state places limitations on the types of information that can be collected and stored. Most states allow ID scans to collect:
- Name
- Date of birth
- Expiration
- ID number
Some ID scanners can collect more detailed information, including the customer’s address, image, or even biometric information. However, the customer’s consent may be required for more sensitive information.
5. How long can ID information be stored?
States govern data retention timeframes and may even have special requirements by industry. Generally, be aware of your state’s PII requirements (personal identifiable information) and timeframes.
However, many states do not have laws. For example, Alabama and Colorado do not regulate a business’s ability to retain information from a scan.
Be aware of your state and local regulations. And choose online ID scanning software that allows you to customize data collection and retention parameters.
6. Should I perform ID scanning for alcohol or cigarette sales?
Some states require ID scanning for the sale of tobacco or alcohol. Yet, even when it’s not required, ID scanning can protect your business.
Eleven states offer protections for businesses that practice ID scanning for age-restricted products, so-called “affirmative defense” laws.
Other ID Scanning Use Cases
ID scanning offers protection for businesses selling age-restricted products. However, many states also require data retention for various transactions, including:
- Scrap metal sales
- Notary transactions
- Pawn and secondhand goods
- Currency exchange
- Sale of pseudoephedrine
ID data retention varies by state. But in many, they require a photocopy of the driver’s license or a record of the customer’s data. In these cases, ID scanning can simplify these data retention requirements, and allow a business to process the transaction much faster.
Additional Use Cases
Here are some additional ways that ID scanning is being used in business:
- Access Control – Scanning IDs can eliminate bottlenecks and the need for manual verification.
- Loyalty Programs – An ID scan can be a fast way to log loyalty purchases and rewards programs.
- Financial Onboarding – Many digital onboarding solutions include scans. These tools speed up customer verification, helping to maximize onboarding rates.
- Returns and Exchanges – An ID scan can help prevent return fraud.
- Age-gated Delivery – Delivery of tobacco and alcohol is up. ID scanning ensures delivery companies remain compliant.
- Proof of Delivery – Scanning a driver’s license can help to quickly log delivery and provide a digital proof of transaction.
Privacy Concerns and Potential Risks of ID Scanning
While ID scanning offers convenience and potential age verification benefits, you need to be aware of the potential risks. Many customers fear privacy breaches when they offer their ID for a scan. Therefore, it’s essential to build trust with customers (and use a reputable age verification platform).
Some of the risks include:
- Personal information: Scans often capture and store sensitive data like your name, address, date of birth, and photo. Breaches or leaks of this data can lead to identity theft, fraud, and discrimination.
- Excessive data capture: Some scanners might capture more data than necessary, raising concerns about data minimization. Be sure to choose an ID scanner that allows you to customize the information you can collect (and only collect necessary data).
- Data retention: Unclear policies on how long data is stored and who has access to it can increase privacy risks.
- Vulnerability to cyberattacks: Scanners and storage systems can be vulnerable to hacking, malware, and insider threats, putting your data at risk. A breach reflects poorly on your business and can result in a loss of customer trust.
Wrapping Up: Know Your ID Scanning Laws
There are numerous benefits to using ID scans in your business. However, it’s imperative that you understand the requirements.
Because most states allow ID scans, it’s important that you consider:
- The type of information you collect
- Your ID data storage protocols (how long and the type of data)
- Security and encryption
These tools streamline transactions. But if they’re not secure, they can do more harm than good. Need a reliable provider? FTx Identity is a digital ID card scanning system that’s ideal for tobacco, alcohol and other age-restricted industries. Contact our sales team today to learn more.