[tomovo]

Yes!

I just got charged 0.30£ by Niantic, the publisher of Pokemon Go, to verify my age during the user registration process. The payment was initiated from the iOS app and done through a web form. No IAP.

Now I can only hope Niantic doesn't charge me for something my kids do in the game.

This is exactly the kind of thing I fully expect Apple to protect me from.

[avolcano]

Niantic has a legal requirement to verify that a legal guardian has allowed a child to have an account.

To do so, they use credit card verification, a commonly-accepted way to verify an of-age user that satisfies COPPA/similar requirements. Credit card verification generally works by placing a small authorization charge that is shortly refunded. This is explained here: https://parents.nianticlabs.com/faq/

There are a variety of reasons they likely can't use IAP for this. Two I can think of are that (a) IAP may not be sufficient enough for COPPA, if e.g. a parent has allowed their child to make purchases using a gift card balance, and (b) they likely have no easy automated way to refund this fee if handled through IAP.

[tomovo]

I know the reasons and the means. I still don't like it. Apple already has my credit card number, so they should provide a better way to do this safely & take the 30% percent cut.