Passport security design: 2016 report Anatomy of a secure travel document


​​​​​​​​​​​​​​​Last updated 06 January 2017

​You'll probably agree that designing a passport that protects against current and future attacks represents today a major challenge for national printers and public authorities.

The threats posed by fraudsters are now as broad as they are serious.

In response, numerous technological developments have emerged. But harnessing them into a single effective strategy can prove a real headache.

The good news is that the resistance of your passport can be increased dramatically, using a series of field-proven and cost-effective techniques. The key lies in a unique global methodology for passport security design, developed in collaboration with our most advanced customers worldwide.

In this article, we'll explain the five main methods of attack used by fraudsters.

Then outline our seven step guide to addressing them.

But before that, here's a quick reminder….

For citizens, passports protect their identities and are the best proof of ID they have.

Passport security features The five major passport fraud techniques - and how to deal with them

Now for the bad news.

Passports and ePassports are not immune to attack. Increasing use of microprocessor technology has raised the bar but not put off the fraudsters. They have simply become more sophisticated. To ensure robust protection, authorities must focus on the design and processes when creating their new national travel documents.

So where should we begin?

The first task is to establish a customer-specific threat profile. This should be based on known threats.

Just as important is good collaboration at the security design stage between the customer and supplier. Above all else this should ensure that the new passport is protected properly against the five main threats.

Let's start with counterfeiting.

#1 Counterfeiting

Counterfeiting is the complete reproduction of the document.

This can involve:

  • Using substitute materials to imitate original documents (paper, polycarbonate)
  • Scanning a valid document for modification using computer software
  • Reproduction of background and logos using alternative printing technologies
  • Final lamination using commercial laminates
  • Re-creating the document using computer software
  • Using original material that may be commercially available

To prevent the creation of fake passports, the key is to design a document that is very difficult to copy, produce and personalize.

Fortunately this can be achieved by multiplying effects:  combining tactile and optical features, different technologies, and using material and inks not available in the public domain within a complex design.

For example...

...a specific color mix and very fine details that are hard to scan and print without high-end professional equipment.

Passport security features  

#2 Alteration

Alteration is where fraudsters try to change the data in a genuine document.

Typically this includes:

  • Photo alteration or substitution
  • Alteration of the biographical data, in the visual or machine readable zone (MRZ)
  • Deletion of entries on visa/observations pages
  • Mechanical and chemical erasure of biographical data
  • Delaminating attacks
  • Alteration of the personalization data on the data page. For example, additional marking on top of the existing personalization data, or the application of a thin foil overlay to alter it.

So how do we deal with this?

  • Personal data should be inserted inside the document structure, not just on the surface. This will make it difficult for fraudsters to reach, alter or recreate it.  
  • Personal data should be interlocked with security features. The forged passport will therefore show clear and visible traces of alteration.
  • Duplication of the personal data, using various techniques, also makes the work of the fraudster much harder.

​​​Design passport

#3 Recycling

In this case, we're afraid, recycling isn't a good thing.

It involves the creation of fraudulent documents, using material from legitimate documents, and the removal and substitution of entire pages or visas.

How will the fraudsters do this fake passport?

  • Removing security features from a genuine document for reuse in a falsified one
  • Using "recycled" genuine passport security features in a new falsification
  • Interchanging pages between one passport and another

To prevent this kind of attack, all elements have to be closely interlocked and integrated.  A holistic passport security design is therefore critical.

As an example in the picture below, the hinge linking the booklet to the data page makes it extremely hard to remove without damaging the two parts. In addition, it integrates UV sensitive ink lines that would be demanding to align if another data page is inserted.

Passport secure hinge

#4 Stealing

This is the theft of an original, genuine blank document. It could take place at any stage of the passport life cycle, from manufacture right through to the point of personalization - during transit or in storage. Fraudulent passports in that case can be very hard to detect because they are genuine documents.

It's obvious, but needs stressing...

...the integrity of manufacturing, transportation, storage and accounting of blank documents is critical to the entire security chain.

Using a combination of advanced technologies for personalization forces fraudsters to try and master them all.

To ensure reliable tracking, we recommend numbering all travel documents at the end of the manufacturing process.

Reporting is also key. Interpol shares data on 250,000 stolen or lost Syrian and Iraqi passports, including blank documents.

#5 Misuse of a genuine document belonging to a similar-looking person

Examples of this include:

  • An unauthorized person using a valid genuine passport
  • Use of registered lost or stolen documents by look-alikes of the real holder
  • Cloning logical data from a similar looking person

It might appear difficult to address these threats at the document level.

However, the danger of a stolen passport can be minimized by using a high quality personalization technology to additional personalized elements including the repeated occurrence of the holder's portrait in several places in the document.

And don't forget the core benefit of an ePassport.

This allows the identity of the holder to be compared with his/her biometric data (such as finger prints and facial image), as stored in the microcontroller, and the convenient use of databases such as Interpol 's Stolen and Lost Travel Documents database.

Passport control

The keys to Passport Security Design

So much for the theory - What is a good passport design? And how is it achieved?

Here's our seven step guide to success.

#1 Combine and connect all the elements into a single strong document

Why does this matter?

It means that the document cannot be split apart, manipulated or the information tampered with, without leaving some easily traceable marks.

#2 Define the right materials (parts), unique processes and product construction that will be used

The set of passport security features employed to protect a document should encompass diverse and special technologies, the use of rare materials, and processes that require in-depth expertise.

Passport design methodology 

#3 Mix the artwork and security design as early as possible

So what's the story here?

Passports and ID documents are also a showcase for the country issuing them. They should engender pride in the holder. It is important that the security of these documents is integrated closely with the artwork chosen by the customer, and leads to an aesthetically pleasing product.

Why is it important?

This approach will create a coherent and harmonious product. Carefully chosen colors and style should balance and, when different secure elements and repeated information are connected together, they should still be detectable and recognizable easily. It should also hide the information that is meant to be hidden, or put into the background.

But that's not all.

Using the same design features among various documents, such as passports, ID cards, driving licenses and resident permits, will maximize the value and efficiency of training of officers to be able to authenticate the genuine document.

Passport design polycarbonate 

#4 Protect the document and the citizen's data

Always bear in mind that security is derived from the passport design and manufacture, as well as the personalization process.

We know that passport security features work best when combined and integrated in the document.

That's why we advise duplication of personalization elements (usually the holder's picture and the document number) within security features at different security levels.  We also recommend using different techniques to reproduce all of them.

#5 Remember "less is more"

Here's something else to bear in mind.

Usability is key. The means of controlling authenticity is a very important factor to consider when defining a set of security features.

Passport security features that are too complex or expensive to be authenticated provide no additional protection.

As security documents are small in size, the number of 'Level 1' features should be kept to a minimum. These are the elements that can be verified by a quick visual check. With just a few 'eye catchers' in place, the most important features can be recognized swiftly and easily.  

A "less is more" approach maximizes visibility and usability of the document. The aim is to make it complex in terms of the details, but simple for control officers.

And there's more.

Documents with a high level of durability will survive the required validity period without significant visual change. They will therefore make more difficult targets for the fraudsters.

A high level of conformance between all genuine documents will also make copying and counterfeiting more difficult. That's because the difference between a fake and a genuine passport will be easier to detect.

When finalizing a new design passport, remember that every manufacturing process has variation. The passport should therefore be designed in a way that minimizes the impact of these changes.

#6 There's no magic bullet – you need to combine them

Sorry, but there's no magic bullet.

A single feature can never provide all the security you'll need. The real answer lies in choosing the right number of different elements. Then combining and connecting them together to create what we refer to as multifunctional features.

In other words...

...a passport combining several techniques will make the life of a counterfeiter truly frustrating.

On top of that, make sure there's a trail to follow.

Detecting modification of the data in a passport can be simplified by using protection methods that make it easy to spot attempts at substitution. The key is to use technologies that are difficult to source and to copy, such as paper with a watermark and security thread, and inks sold only to registered printers. These will make it hard for the counterfeiter to pass the first line of inspection.

Here's a good example.

MLI (multiple laser image) as a single/separate element and in a simple format is regarded as having lost its strength and security role. However, combine it with the rest of the passport security design and it's a different story. In conjunction with offset printing, visible and invisible UV and positive relief features, and utilizing the latest advances in lamination plate technologies, MLI remains one of the most powerful visible (level1) document security features.

Take it from us. Polycarbonate is more secure.

We recommend the use of a polycarbonate data page. It's more difficult to forge than a paper data page and offers a wider range of visual security features.

Welcome to the one-block concept.

All security features, including irreversible laser-engraved personalization information, are safely located and protected within the genuine polycarbonate datapage. This is referred to as the one-block concept.

Passport security features on datapage 

Polycarbonate is unique in supporting highly fraud-resistant Level 1 security features; that is to say those visible to the naked eye. These features, which are authenticated easily by the relevant authorities, include tactile surface elements, changeable or multiple laser images (CLIs or MLIs), windows and irreversible laser-engraved personalization and now color portraits.

#7 Count on the electronic passport

We've said it before. But it's worth repeating.

Never forget it's called an ePassport for a reason. The microcontroller plays an important role in fraud protection. Even if the forger does manage to write data in the microcontroller, it will not be signed by the issuing authority's certificate. Furthermore, the microcontroller in a blank passport is locked by a transport key that is known only by the passport manufacturer and the issuing authority.

How can we help you getting the most of passport security design? ​

At Gemalto, we believe in taking a comprehensive approach to security. That's why we strive to provide secure, durable and innovative solutions.

As experts of both documents and related solutions, Gemalto strongly supports the ICAO TRIP (Traveler identification Program) initiative and shares the vision that there must be a global fight against fraud by securing all the links in the security chain.

We offer extensive experience and support, enabling our customers to meet their expectations for distinctive documents that are as secure as they are attractive.

We're proud to have succeeded in designing some of the most secure and attractive passports, IDs and driver licenses to appear in recent years.

Collaboration with customers lies at the heart of our process. We help them to deliver unique travel documents that become works of art and symbols of pride in the hands of millions.

Passport security design 

Now it's your turn

What do you think?​

If you've something to say on passport security design, a question to ask, or have simply found this article useful, please leave a comment in the box below. We'd also welcome any suggestions on how it could be improved, or proposals for future articles.

We look forward to hearing from you.​