The use of contactless chips in identity documents is commonplace today, often overshadowed by flashy new security features that emerge in the market. The industry spends significant resources (time, money, and manpower) developing physical security features that will outsmart fraudsters. This scenario has made it easy and appealing for fraudsters to target and damage or misuse the chip, which receives far less attention.
Keesing Technologies wanted to know exactly how big the problem of contactless chip fraud is. What is the scope of the problem on a global scale? What types of fraud are chips subjected to? As you will read later in this article, we are seeking answers to those questions by launching a global initiative to analyze identity document fraud trends and vulnerabilities related to contactless chip security.
First, it may be helpful to review the important role the contactless chip plays in securing today’s passports and ID cards.
Why use contactless chips in passports and ID cards?
The contactless chip has been used in passports since 1998 when Malaysia integrated it in its passport. As of 2022, over 150 countries and authorities have issued documents with contactless chips. The use of chips makes border control more efficient and allows for biometric verification. To strengthen document security, the International Civil Aviation Organization (ICAO) has mandated that, effective January 1, 2028, Basic Access Control (BAC) will be deprecated, and Electronic Machine Readable Travel Document (eMRTD) chips must implement Password Authenticated Connection Establishment (PACE) only. All eMRTDs implementing PACE and BAC issued before January 1, 2028 shall remain compliant throughout their period of validity.1
The contactless chip holds key data about the identity document and the holder, including the holder’s photograph. All of this data is protected by the issuer who includes a cryptographic digital signature on the chip. This signature, when verified, shows that data on the chip comes from the right source and has not been changed. Only the issuer can produce this signature, but everyone who needs to is able to verify that the signature and the data match. If the signature matches, the data can be trusted; if not, it’s a sign of potential tampering.
Contactless chip fraud: A quietly evolving threat
Over the past few years, chip fraud has quietly evolved into one of the most significant threats to both physical and remote authentication of identity documents. While contactless chips were introduced to enhance security and streamline verification, their misuse and manipulation are now challenging authentication and verification authorities, document issuers, and forensic specialists worldwide.
One of the main challenges in addressing chip fraud lies in the language we use to describe it. Across the secure document industry, discussions often suffer from inconsistent terminology with different organizations using varying or overly broad definitions. This lack of uniformity makes it difficult to form a comprehensive understanding of how contactless chip fraud is actually occurring.
To close this gap, Keesing Technologies has launched an initiative to analyze identity document fraud trends and vulnerabilities related to contactless chip security. Working with 37 national document fraud teams globally, we gathered data on forgery types and chip integrity, aiming to promote industry-wide consistency and strengthen the fight against chip-based fraud.
Defining the threats
To support this effort, we adopted the following definitions:
- Fake chip– a replicated, replaced, or cloned chip
- Deactivated chip – a chip intentionally destroyed by physical or electronic means.
These distinctions are essential for building a shared understanding across law enforcement, forensic laboratories, and issuing authorities.
A call for data — and industry collaboration
To ensure an accurate and representative analysis, our team requested data for 2023 and 2024 related to:
- Total chip fraud detected, categorized by:
- Fake chip
- Deactivated chip
- Other types of chip-related fraud, such as counterfeit, forged, stolen blank, or imposter cases.
- Additional insights related to:
- Methods of chip tampering
- Cloning techniques
- Emerging chip vulnerabilities (i.e., new methods fraudsters use to compromise chips, and vulnerabilities authorities discover in chips).
All contributions were anonymized and aggregated.
What the data revealed
The results are both revealing and concerning. 86.5% of the organizations contacted did not record whether the chip was functioning when a forgery was detected. Among those that did, the pattern was striking nearly all forgeries of eDocuments involved a deactivated or defective chip, while only a very small number of fake chips were reported.
This highlights a critical gap in how chip functionality is monitored and recorded. Aligning definitions through the ICAO or International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) working groups could be instrumental in creating comparable datasets across borders, helping to ensure that chip fraud is measured and reported consistently worldwide.
Asking the broader industry for their views
To gauge the perception of the industry overall, we posted a poll on LinkedIn, asking:
“In your view, what’s the biggest emerging risk to chip-based document security?”
The preliminary results of our poll are as follows:
Unanswered questions — and the path forward
The findings of our call for data raise important questions for the secure document community:
- Should the contactless chip be treated as a first-line security feature rather than a supporting one?
- Should document issuers make it easier for investigators to detect chip tampering?
- And finally, should the chip itself be better protected from physical or electronic compromise?
These questions don’t yet have definitive answers, but they highlight an urgent need for collaboration, clearer standards, and innovation in how the industry safeguards contactless technology. One solution, for example, might be to develop chips that clearly show evidence of tampering.
Join us in the fight against contactless chip fraud
As chip-based identity documents become the global norm, ensuring their integrity will require a shared understanding and commitment from document producers, forensic experts, and authentication authorities alike. The conversation around chip fraud is just beginning and its outcome will shape the future of secure identification. We would like to invite stakeholders, experts, and readers to get involved, share data, and contribute their views. Please contact us at the Keesing ID Academy to participate.
Sources/References:
1 International Civil Aviation Organization (ICAO), Document 9303: Machine Readable Travel Documents, 8th Edition 2021, Part 11: Security Mechanisms for MRTDs.
