You'll probably agree that designing a passport that protects against current and future attacks represents today a significant challenge for national printers and public authorities.
The threats posed by fraudsters in 2020 are now as broad as they are serious.
In response, numerous technological developments for secure passports have emerged. But harnessing them into a single effective strategy can prove a real headache.
The good news is that the resistance of your passport can be increased dramatically, using a series of field-proven and cost-effective techniques. The key lies in a unique global methodology for passport security design, developed in collaboration with our most advanced customers worldwide.
In this article, we'll explain the five main methods of attack used by fraudsters.
Then outline our seven-step guide to addressing them.
But before that, here's a quick reminder….
For citizens, passports protect their identities and are the best proof of ID they have.
Major passport fraud techniques - and how to deal with them
Now for the bad news.
Passports and ePassports are not immune to attack.
Increased use of microprocessor technology has raised the bar but not put off the fraudsters. They have become more sophisticated. To ensure robust protection against passport fraud, authorities must focus on the design and processes when creating their new national travel documents.
So where should we begin?
The first task is to establish a customer-specific threat profile. This should be based on known threats.
Just as important is good collaboration at the security design stage between the customer and supplier. Above all else, this should ensure that the new passport is adequately protected against the five main threats.
Let's start with counterfeiting.
Counterfeiting is the complete reproduction of the document.
This can involve:
- Using substitute materials to imitate original documents (paper, polycarbonate)
- Scanning a valid document for modification using computer software
- Reproduction of background and logos using alternative printing technologies
- Final lamination using commercial laminates
- Re-creating the document using computer software
- Using original material that may be commercially available
To prevent the creation of fake passports, the key is to design a document that is very difficult to copy, produce and personalize.
Fortunately, this can be achieved by multiplying effects: combining tactile and optical features, different technologies, and using material and inks not available in the public domain within an intricate design.
For example a specific colour mix and very fine details that are hard to scan and print without high-end professional equipment.
Alteration is where fraudsters try to change the data in a genuine document.
Typically this includes:
- Photo alteration or substitution
- Alteration of the biographical data, in the visual or machine-readable zone (MRZ)
- Deletion of entries on visa/observations pages
- Mechanical and chemical erasure of biographical data
- Delaminating attacks
- Alteration of the personalization data on the data page. For example, additional marking on top of the existing personalization data, or the application of a thin foil overlay to alter it.
So how do we deal with this?
- Personal data should be inserted inside the document structure, not just on the surface. This will make it difficult for fraudsters to reach, alter or recreate it.
- Personal data should be interlocked with security features. The forged passport will, therefore, show clear and visible traces of alteration.
- Duplication of the personal data, using various techniques, also makes the work of the fraudster much harder.
In this case, we're afraid; recycling isn't a good thing.
It involves the creation of fraudulent documents, using material from legitimate documents, and the removal and substitution of entire pages or visas.
How will the fraudsters do this fake passport?
- Removing security features from a genuine document for reuse in a falsified one
- Using "recycled" genuine passport security features in a new falsification
- Interchanging pages between one passport and another
To prevent this kind of attack, all elements have to be closely interlocked and integrated. A holistic passport security design is, therefore, critical.
As an example, in the picture below, the hinge linking the booklet to the data page makes it extremely hard to remove without damaging the two parts. Besides, it integrates UV sensitive ink lines that would be demanding to align if another data page is inserted.
This is the theft of an original, genuine blank document.
It could take place at any stage of the passport life cycle, from manufacture right through to the point of personalization - during transit or in storage. Fraudulent passports, in that case, can be very hard to detect because they are genuine documents.
It's obvious but needs stressing...
...the integrity of manufacturing, transportation, storage and accounting of blank documents is critical to the entire security chain.
Using a combination of advanced technologies for personalization forces fraudsters to try and master them all.
To ensure reliable tracking, we recommend numbering all travel documents at the end of the manufacturing process.
Reporting is also crucial. Interpol shares data on 250,000 stolen or lost Syrian and Iraqi passports, including blank documents.
#5 Misuse of a genuine document belonging to a similar-looking person
Examples of this include:
- An unauthorized person using a valid, genuine passport
- Use of registered lost or stolen documents by look-alikes of the real holder
- Cloning logical data from a similar-looking person
It might appear challenging to address these threats at the document level.
However, the danger of a stolen passport can be minimized by using high-quality personalization technology to add personalized elements, including the repeated occurrence of the holder's portrait in several places in the document.
And don't forget the core benefit of an ePassport.
This allows the identity of the holder to be compared with his/her biometric data (such as fingerprints and facial images), as stored in the microcontroller, and the convenient use of databases such as Interpol 's Stolen and Lost Travel Documents database.
Secure Passport - The 7 keys
So much for the theory - What is a good passport design? And how is it achieved?
Here's our seven-step guide to success.
#1 Combine and connect all the elements into a single strong document
Why does this matter?
It means that the document cannot be split apart, manipulated or the information tampered with, without leaving some easily traceable marks.
#2 Define the right materials (parts), unique processes and product construction that will be used
The set of passport security features employed to protect a document should encompass diverse and special technologies, the use of rare materials, and processes that require in-depth expertise.
#3 Mix the artwork and security design as early as possible
So what's the story here?
Passports and ID documents are also a showcase for the country issuing them. They should engender pride in the holder. It is essential that the security of these documents is integrated closely with the artwork chosen by the customer, and leads to an aesthetically pleasing product.
Why is it important?
This approach will create a coherent and harmonious product. Carefully chosen colours and styles should balance and, when different secure elements and repeated information are connected, they should still be detectable and recognizable easily. It should also hide the information that is meant to be hidden, or put into the background.
But that's not all.
Using the same design features among various documents, such as passports, ID cards, driving licenses and resident permits, will maximize the value and efficiency of training of officers to be able to authenticate the genuine document.
#4 Protect the document and the citizen's data
Always bear in mind that security is derived from the passport design and manufacture, as well as the personalization process.
We know that passport security features work best when combined and integrated into the document.
That's why we advise duplication of personalization elements (usually the holder's picture and the document number) within security features at different security levels. We also recommend using various techniques to reproduce all of them.
#5 Remember "less is more."
Here's something else to bear in mind.
Usability is key. The means of controlling authenticity is a significant factor to consider when defining a set of security features.
Passport security features that are too complex or expensive to be authenticated provide no additional protection.
As security documents are small in size, the number of Level 1security features should be kept to a minimum. These are the elements that can be verified by a quick visual check. With just a few 'eye-catchers' in place, the most important features can be recognized swiftly and easily.
A "less is more" approach maximizes the visibility and usability of the document. The aim is to make it complex in terms of the details, but simple for control officers.
And there's more.
Documents with a high level of durability will survive the required validity period without significant visual change. They will, therefore, make more difficult targets for the fraudsters.
A high level of conformance between all genuine documents will also make copying and counterfeiting more difficult. That's because the difference between a fake and a genuine passport will be easier to detect.
When finalizing a new design passport, remember that every manufacturing process has variation. The passport should, therefore, be designed in a way that minimizes the impact of these changes.
High security for passport and why paper still matters in 2020
#6 There's no magic bullet – you need to combine them
Sorry, but there's no magic bullet.
A single feature can never provide all the security you'll need. The real answer lies in choosing the right number of different elements. Then combining and connecting them to create what we refer to as multifunctional features.
In other words...
...a passport combining several techniques will make the life of a counterfeiter truly frustrating.
On top of that, make sure there's a trail to follow.
Detecting modification of the data in a passport can be simplified by using protection methods that make it easy to spot attempts at substitution. The key is to use technologies that are difficult to source and to copy, such as paper with a watermark and security thread, and inks sold only to registered printers. These will make it hard for the counterfeiter to pass the first line of inspection.
Here's a good example.
MLI (multiple laser image) as a single/separate element and in a simple format is regarded as having lost its strength and security role. However, combine it with the rest of the passport security design, and it's a different story. In conjunction with offset printing, visible and invisible UV and positive relief features, and utilizing the latest advances in lamination plate technologies, MLI remains one of the most robust visible (level1) document security features.
Take it from us. Polycarbonate is more secure.
We recommend the use of a polycarbonate data page. It's more difficult to forge than a paper data page and offers a broader range of visual security features.
Welcome to the one-block concept.
All security features, including irreversible laser-engraved personalization information, are safely located and protected within the genuine polycarbonate data page.
This is referred to as the one-block concept.
An excellent and most recent example is the new Finnish passport launched in January 2017.
Polycarbonate is unique in supporting highly fraud-resistant Level 1 security features; that is to say those visible to the naked eye.
These features, which are authenticated easily by the relevant authorities, include tactile surface elements, changeable or multiple laser images (CLIs or MLIs), windows and irreversible laser-engraved personalization and now colour portraits.
#7 Count on the electronic passport
We've said it before. But it's worth repeating.
Never forget it's called an ePassport for a reason. The microcontroller plays an essential role in fraud protection. Even if the forger does manage to write data in the microcontroller, it will not be signed by the issuing authority's certificate.
The microcontroller in a blank passport is locked by a transport key that is known only by the passport manufacturer and the issuing authority.
How can we help you get the most of passport security design?
At Thales, we believe in taking a comprehensive approach to security. That's why we strive to provide secure, durable and innovative solutions.
As experts of both documents and related solutions, Thales strongly supports the ICAO TRIP (Traveler Identification Program) initiative and shares the vision that there must be a global fight against fraud by securing all the links in the security chain.
We offer extensive experience and support, enabling our customers to meet their expectations for distinctive documents that are as secure as they are attractive.
We're proud to have succeeded in designing some of the most secure and attractive passports, IDs and driver licenses to appear in recent years.
Collaboration with customers lies at the heart of our process. We help them to deliver unique travel documents that become works of art and symbols of pride in the hands of millions.
Now it's your turn
What do you think?
If you've something to say on passport security design, a question to ask, or have found this article useful, and please leave a comment in the box below. We'd also welcome any suggestions on how it could be improved or proposals for future articles.
We look forward to hearing from you.