In 2016, the EU Commission published its ‘Action plan to strengthen the European response to travel document fraud’. This article will discuss some major achievements under this umbrella: Part 1 of this publication will describe the collaborative process of introducing the new EU visa as well as the new EU residence permit card. It will show how Europe can successfully work together on complex technical issues, establishing more secure travel documents but also considering the compromises needed for cost-efficient production.

Travel document fraud – gravely neglected for some time in the past – has recently gained attention in the framework of migration flows and terrorist attacks. Fraudulent travel documents, although almost never the sole goal of crime, become a necessary tool connected to most criminal activities, especially when it comes to crossing international borders.

On 8 December 2016, the EU Commission communi­cated its ‘Action plan to strengthen the European response to travel document fraud’ in order to improve the security of travel documents produced and issued under the full responsibility of the EU Member States.[1] The action plan addresses improvements to document security for the following categories:

  • registration of identity;
  • issuance of documents;
  • document production (security features, enrolment of biometrics);
  • document control (electronic checks on non-EU nationals’ travel documents, database checks, training, tools, biometrics in travel documents). 

Part 1 of this publication will concentrate on the third category, document production, and highlight the projects of the new Schengen visa as well as the new EU residence permit for third-country nationals. Part 2, to be published in the next issue of this journal, will address the impact of the recently adopted regulation on ID cards for the Member States. Furthermore, new challenges for the secure issuance of travel documents will be discussed in Part 2.

This by no means indicates that there has been no progress in other fields. More information on the action plan can be found in the EU Commission’s progress report of 16 October 2018.[2]

New EU visa

Fig01
Seizure of counterfeit documents in a distribution centre in Athens in 2013; mainly counterfeit visas and residence permit stickers.

The EU visa document is constantly under enormous counterfeit pressure, which has increased since the migration crisis. During the last few years, European authorities have discovered large numbers of EU visa sticker counterfeits of increasing quality, imitating most of the document’s security features in very high detail.

The security concept of the visa sticker dates back to 1995 (based on Regulation (EC) No. 1683/95 laying down a uniform format for visas, with major updates in 2002 and 2009). As such, the EU Commission decided to develop a new document concept including a state-of-the-art security design to react to the current counter­feit threat, without significantly increasing the costs for the document itself. The decision to have a physical document for the visa was taken regardless of the availability of a Visa Information System (VIS), because access to these systems may not be guaranteed at all times and in every control situation (for example, at land and sea borders as well as at airline check-in).

Within the responsibility of the Article 6 Committee on a uniform format for visa, the requirements for the new visa document were defined, and the Commission launched a competition among the Member States and security printing companies. Table 1 shows the require­ments (only examples given) for the new visa document.

RE_25108_Tabel01
Requirements for the new EU visa (examples).

Responding to these requirements, nine proposals were evaluated. Based on its overall concept, the German proposal was chosen to be enhanced by input from the other Member States. The new EU visa features a com­pletely refreshed design using state-of-the-art security printing for white light (VIS), UV and IR illumination, a security printing design optimised for machine verifica­tion, as well as an upgraded DOVID (Diffractive Optically Variable Device, i.e. a class of advanced copy protection features such as holograms or Kinegrams®).

Fig02
EU visa sticker. Left: 2011 Polish version. Right: 2019 German sample version shown with a – not yet issued – 2D barcode; white light (above) and UV 365 nm (below).

Based on the EU visa regulation[3], the visa and residence permit subgroup of the Article 6 Committee undertook the task to develop the final technical specification of the new EU visa as a classified annex to the Commission implementing decision C(2018)674. But not only paperwork was created: to improve the quality of the visa stickers and limit variations across the various producers, a zero series and reference material (‘visa kit’) were produced as the baseline for Member States and producers to adhere to. The project, funded by the EU’s Internal Security Fund (ISF), was run by Germany’s Bundeskriminalamt, teamed with Bundes­druckerei GmbH, and finished on time and budget.

The technical specification was finally adopted by the Commission implementing decision C(2018)674 and officially notified to the Permanent Representations of the Member States by 21 March 2018. As Member States are required “… to apply the Regulation at the latest 15 months after the adoption of the further technical specifi­cations…”, they had to start issuing the new visa sticker at the latest on 21 June 2019 but are allowed to use up the existing stocks for another six months, i.e. until 21 December 2019 at the latest.

An update still to come: the digital seal

The new visa sticker represents the current state-of-the-art technology with regard to security printing and DOVID technology, making it very difficult to counterfeit. However, the threat of stolen blanks illegally issued by fraudsters remains as high as for the previous docu­ment. To date, several thousand visa stickers are recorded lost or stolen in the German national watch list system alone, forming an enormous potential basis for misuse, which will be almost impossible to detect.

Already during the early discussions for the introduction of the new visa in 2014, the German and French dele­gations suggested the introduction of a ‘digital seal’: a 2D barcode that contains a digitally signed represen­tation of the visa sticker’s personal data (for example, the MRZ). The barcode would be created during the application process for the visa, sending the data of the applicant enrolled at the embassy to the national VIS database for approval. A national central signing service would generate the barcode as an image file, containing the MRZ of the visa and a digital signature, to be simply printed on the visa label by the embassy, much like the portrait and the alphanumeric data. The service that generates the barcode and signature uses the same public key infrastructure (PKI), as it is well-established for the issuance of passports and residence permits and would for instance use the ICAO Public Key Directory (PKD) for the distribution of the public keys needed for the verification of the authenticity of the barcode.

The digital seal could be easily checked by document readers or even smartphones, scanning the barcode, verifying the signature and comparing the now trust­worthy MRZ in the barcode with the one printed on the visa under evaluation. By doing so, for the first time, the authentic issuance of the visa sticker could be verified, and the use of illegally personalised stolen blank documents would be effectively prevented.

Back in 2015, Member States could not agree on the introduction of the digital seal, but the visa sticker design at least contains a ‘quiet zone’ reserved for the 2D barcode for a later upgrade. But there is progress: in the meantime, ICAO has published its latest technical report on digital seals[4], some Member States have adopted the concept for national, decentrally issued documents, and the technical subgroup of the Article 6 Committee has been tasked to reconsider the introduc­tion of this feature, as a broad majority of the Member States supported the initiative in an Article 6 Committee meeting in February 2019.

New EU residence permit for third-country nationals

In parallel with the development of the visa, it was the common goal of the EU Commission as well as the Member States to raise the current level of counterfeit deterrence of the electronic residence permit card (eRP) as specified in Regulation (EC) No 1030/2002 as last amended by Regulation (EC) No 380/2008 to that of a state-of-the art high-security document. Following the same approach as for the visa, the requirements for the new residence permit card were defined, and a competition among the submitted Member States’ proposals was organised by the EU Commission. Table 2 shows the requirements (only examples given) for the residence permit card.

Tabel02
Requirements for the new residence permit card (examples).

Among the seven proposals presented by the Member States, the visa and residence permit subgroup chose the Spanish proposal as the winning design. The sub­group decided that valuable features and properties presented by others Member States as part of their proposals shall be incorporated in the Spanish concept if technically feasible.

Fig03
EU residence permit card. Left: the previous card (the Spanish version is depicted here). Right: the new residence permit card. For the new card, the Spanish version without personalisation is shown as it appears in[5] with the data fields annotated.
Controversial debate on national options

Much like for the visa sticker, the EU Commission expressed the strong intention to develop the new EU residence permit card as much as possible as a fully harmonised document. This would not only include the layout and print design, but also the security features of the card itself. However, the Member States wished to maintain a certain degree of flexibility with respect to a national choice of additional security features on top of the EU-harmonised security printing. Such an approach would not only meet their specific security requirements, but also the need for strong cost limitation in the much more complex and diverse card production environment (as compared to the paper-based visa). For the previous residence permit, this degree of flexibility was provided by a list of accepted optional security features.

After lengthy and intense discussion, a compromise was reached by defining three levels of requirements that were finally incorporated in the technical specification:

  • Level I: mandatory security features;
  • Level II: additional mandatory security features;
  • Level III: optional national security features.

Level I: Mandatory security features

These features can and must be equally produced by all Member States. Compared to the previous version, the new residence permit card will already improve with respect to, for example:

  • advanced security printing design, including some country-specific microlettering;
  • several rainbow printing plates, including UV printing;
  • new and advanced DOVID design.

Level II: Additional mandatory security features

These features are defined as mandatory, while the specific technology to integrate them and their actual position on the card remain at the discretion of the individual Member State. These are:

  • tactile features (front and/or reverse side);
  • upgraded DOVID: EU-defined transparent DOVID patch or transparent kinematic overlay incorporating the EU-defined DOVID;
  • secondary photo (front and/or reverse side);
  • optically variable device on reverse side;
  • personalisation techniques: laser engraving or other comparable secure technology as long as the personalisation is integrated within the card body (for example, secure inkjet).

All these features must be chosen in a way that they do not interfere with the visual appearance of the harmonised design of the residence permit card.

Level III: Optional national security features

These features cannot be harmonised without incurring significantly increased costs, as they would imply major changes in the production environment of the respective Member State. The use and location of such features is intrinsically connected to the way manufac­turers produce the cards and may involve certain patent rights or change the cost/benefit ratio significantly. According to Annex 2 of the Commission implementing decision C(2018)7767, there are only a few allowed:

On the front side:

  • a transparent element (window or border) with defined size and position – if present, the window shall contain a portrait of the holder;
  • encoded portrait authentication methods.

On the reverse side:

  • a transparent element (window or border) with defined size and position – if present, the window shall contain a portrait of the holder;
  • additional storage medium (for example,
    contact chip);
  • invisible UV luminescent fibres;
  • card edge personalisation.
1_RE_25108_Fig04
Schematic illustration of the security level gained by the mandatory security features (according to level I) and the additional mandatory features (according to level II), both for the previous and the new residence permit card.

Again, based on the EU residence permit regulation[5], the visa and residence permit subgroup of the Article 6 Committee developed the final technical specification of the new residence permit as a classified annex to the Commission implementing decision C(2018)7767. In addition, a zero series and reference material were provided to the Member States by the Spanish project lead, the Real Casa de la Moneda (FNMT).

The technical specification for the residence permit was finally adopted by the Commission implementing decision C(2018)7767 and notified to the Permanent Representations of the Member States by 10 April 2019. As Member States are required “… to apply the Regulation at the latest 15 months after the adoption of the further technical specifications…”, Member States have to issue the new residence permit cards at the latest on 10 July 2020 but are allowed to use up the existing stocks for another six months, i.e. until 10 January 2021.

Summary

This part of the publication concentrates on two selected activities of the EU’s reaction on recent threats and challenges for travel documents: it describes the com­plex way towards the new generation of the EU visa and the residence permit card. According to the respective regulations, by the end of 2019 all EU Member States will have started issuing the new visa sticker; we will see some early adopters begin to issue the new residence permit card by the end of the year 2019.

The successful development projects for the new visa and the new residence permit, both funded by the EU’s Internal Security Fund (ISF), are excellent examples of how Europe can work together on complex technical issues which equally concern all Member States, establishing more secure travel documents well above the ‘least common denominator’ but also taking into account the necessary compromises needed for cost-efficient production for all partners involved.

Today, these documents mark the latest state-of-the-art technology in security document design and production, but given the migration pressure towards Europe, the authors are already noticing that counter­feits are appearing on the market, becoming iteratively better as they are measured to the reality of document control and the success of illegal border crossing. Therefore, it is very important that we do not wait again for decades to update those documents, as new counterfeit trends appear and will prove to be more or less successful. The introduction of a digital seal for the visa could be considered as the first bridge towards the digital, cryptographically secured future of travel documents. For the visa, this may even lead to a fully electronic database solution without a physical docu­ment, widely accessible by border guards, airlines and other partners, although the authors strongly believe in the benefits of a two-factor authentication: owner­ship of the secure document (last but not least as a trusted backup) and the cryptographically secured verification of database entries.

However, there are other challenges to be addressed with the same urgency as the one described above: European ID cards, a convenient way to travel within and into borderless Europe, show a dazzling diversity when it comes to document security. In addition, the enrolment of personal and biometric data, establishing the to-be-trusted foundation for secure travel docu­ments, requires attention, too. Stay tuned for Part 2 of this publication to learn more about recent develop­ments in those domains of the EU Action Plan.

Acknowledgments

This publication reports on work that was funded by the ISF programme of the EU Commission. The authors would like to thank the members of the project teams of Bundeskriminalamt, unit KT 54 in Wiesbaden, Bundes­druckerei GmbH in Berlin (explicitly Mr. Duncan Faulkner) and the international colleagues of the Article 6 visa and residence permit subgroup for controversial but always fair discussions and substantial support.

References

  1. COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL Action plan to strengthen the European response to travel document fraud; COM/2016/0790 final.
  2. REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on the implementation of the Action Plan to strengthen the EU response to travel document fraud; COM/2018/696 final.
  3. REGULATION (EU) 2017/1370 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 4 July 2017 amending Council Regulation (EC) No 1683/95 laying down a uniform format for visas.
  4. ICAO Technical Report, Visible Digital Seals for Non-Electronic Documents, Version 1.7, 21 March 2018.
  5. REGULATION (EU) 2017/1954 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 October 2017 amending Council Regulation (EC) No 1030/2002 laying down a uniform format for residence permits for third-country nationals.
Dr Uwe Seidel
+ posts

Dr Uwe Seidel is Head of the Identity Document Systems department of the German Bundes-kriminalamt, which involves overseeing R&D projects for increasing the counterfeit resistance of German official documents. He is an active member of ICAO's NTWG as well as a regular speaker at international conferences.

Previous articleZim resurrects its dollar note
Next articleThe battle of our privacy