Design projects can be managed in many ways, however, the ones that have a pre-defined structured approach and are easier to comprehend, tend to be most successful in meeting customer needs. Toni Kaskiala takes us through a two part series where he approaches document design from a graphic designer’s point of view. As described in Part 1 of this series, the first logical step would be to complete a product design specification. Once a design brief, theme or concept statement has been written, the threat profile is identified and the product specification is then tailor-made, agreed upon, and all the necessary inputs for the product design specification are gathered.[1] Only then, can the product or family of products according to the specifications be created, which is the topic of this second article.

Two major factors of consideration running throughout the entire design process is that of budget and time­frame. Although these key aspects have a major impact on the outcome of every facet of any design project, the author has in this instance strictly narrowed the scope to approaching the document design from a graphic designer’s perspective and leaving these two variables out of the equation.DE_24392_Fig01Figure 1: Classical steps from specification to finished product.

Design process

A step-by-step design process consists of stages which each provide the answer to a different question. The early stages deal with questions such as: What is the purpose of the product and what will the product do? Later stages focus on questions such as: What does the product say and how does it look and feel? The early stages of the project are more technically rather than aesthetically oriented. The structured design process approach, is an adaptation of the classical version (figure 1), which includes the following stages with relevant deliverables depicted below:

Functional layouts

These are technical drawings and blueprints that describe the size and location of the main elements, such as the portrait, data fields, security features, chips, inlays etc. Functional layouts are used to confirm there will be sufficient space for all the necessary and desired components, including graphic elements such as coats of arms, flags, symbols and salutations.

Conceptual designs

This expresses the new graphic design, the theme and the message the design conveys. The aim is to give an impression of the look and feel of the new document with relatively simple methods and sketches, often accompanied by detailed notes, before creating more elaborate designs and drafts which can be time-consuming.


A draft is a more detailed graphical artwork based on the conceptual design, with the first-level security features in place. Drafts are usually the iterative part of the design process in which the exact form of every security detail and feature on the document is deter­mined. At this stage, there is an opportunity to focus on the purpose and the specific function of each feature separately and how they interact together. This is also the point where the originals for special elements like Watermarks, DOVID designs, gold foiling or embossing can be completed. In terms of originals, from the designer’s point of view, the challenges are often related to copyright or generating realistic simulations of the final result.

Prototypes, samples and demonstrators

All of these are used to make sure the end result will be as expected. Of the features that are impossible to simulate, a sample for analysis is recommended. If real processes are used to create samples, it is also an opportunity to ramp-up the production.

Final security design

This concerns the complete ID document(s) and it should meet all the requirements of the product design specification. Final output is usually produced in an electronic form and as a hard copy, which are normally expected to be approved and signed by the Authority.

Print or press proofs

These are created on real substrates using a printing press and mass production tools. The purpose is to sign the reference colours for future print runs and to understand the normal variation for colour densities.

Pilot batch

This is a relatively small batch of 5,000 to 15,000 copies which are produced ahead of the remainder of the order. Being able to test this batch ahead of full production lowers the risk of delivering an entire first order which does not meet the specifications. A pilot batch passes through many processing steps and each step gives important reference and valuable information. A pilot batch is often used to produce official specimens which can be distributed well in advance of a roll-out.

A detailed design process most likely includes all stages and deliverables mentioned with many reviews in between. A customer-friendly design process is also flexible and can be adapted to meet various needs. Both the product and the design process need to be user-oriented.DE_24392_Fig02Figure 2: Core teams needed for a successful Collaborative Design Forum.

Collaborative Design Forum

Collaboration with customers and stakeholders lies at the heart of a good design process. Setting up a multi­disciplinary project team of five to eight members is the key to success. The purpose of a Collaborative Design Forum (CDF) (figure 2) is to ensure that the design meets the requirements of all stakeholders and to guide the design through the approval stages in the most efficient manner. The CDF can also act as a suitable forum to deconflict technical, prioritisation and timescale issues. The goal is to design a product in such a way that its authenticity can be indisputably trusted, using cutting-edge technologies of the highest standard, as well as means and materials with limited availability that make security documents exceptionally difficult to copy, forge or counterfeit.

Design processes involve numerous approvals and sign-offs which must be carefully planned in order to avoid delays to the programme. Developing a joint understanding of the key decision points is crucial as some of the early decisions will be critical for the rest of the project. The decisions early on require an active participation from appropriate stakeholders, in order to avoid changes at a later stage, which may not be possible without serious disturbances or delays to the programme. For example: materials such as inlay, DOVID, polycarbonate, paper or lamination plates cannot be changed afterwards without significant additional costs and delays.

Of course it is not easy to approve intermediate versions of the future document without being able to see and feel the final product. This is the fundamental challenge of customised products. However, with a proper design process in place and good tools, it is not only possible to create computer simulations and printouts but also samples, demonstrators and mock-ups to show what the final product would look like and how some of the details and features would work.DE_24392_Fig03Figure 3: Tree of a Holistic security design.

Design principles

When designing high security documents, the primary task is to seal the data it carries and protect the docu­ment against all kinds of attacks described in more detail in Part I.[1] In order to prevent future attacks, we must know the past and partly predict the future. Appropriate security measures must be selected to counter potential future threats. There are endless lists, tasks and ideas a designer can should accomplish. In order to ease the complexity, it is perhaps good to have some guiding principles to follow. These principals are mainly just ideas, some subjective and many of them are not even worth mentioning, however a few important factors which are influential for a holistic security design, are listed below in Figure 3. Some of these subjective principals are discussed further in more details.

Integration is everything

Selection of security features and solutions should
be based on their ability to protect a specific part
of the document or data and to reinforce other
security features. The designer has a great
responsibility as the feature does not add
security by default and if poorly integrated
it can even provide a false sense of security.
Careless integration can render a state-of-
the-art feature completely useless. At the end of
the day it may not be possible to verify the feature
is genuine.[2] However, ‑security features also have expiry dates and an outdated security feature
cannot be saved by the designer’s integration skills.

An important aspect of security is the effective integration of technology and design. The first step in designing a security feature is to ensure that end users understand what the feature is supposed to do and that they are able to use the feature correctly. So the integration of the feature must make it intuitive to the user[3]. Strong designs ensure that neither the feature nor the elements within the feature are treated as separate components, but are unified in such a manner that they cannot be separated from one another and attacked individually by the counterfeiter. In addition to this basic principle, successful security design repeats certain themes and details and connects them technically and visually, turning the final product into a self-authenticating document.

Stronger together

It is usually not up to the designer to select security features and technologies, but the challenge is to get the full potential out of them. Combining security features improves the strength of them and is a strong force multiplier. It is easy to tell when design integrates elements and features successfully. The surrounding will highlight the feature while letting it speak for itself.

A well-defined product consists of a good mixture of new and established technologies, mass production processes and personalisation processes, and durable materials of different kinds, both visible and hidden. The combination of all of these should result in multi­functional features that maximise the ‘feel-look-tilt experience’.

A good security design is a perfect balance between the graphic design and the security features: it combines and connects all the elements to form one strong document which cannot be taken apart or manipulated and in which information cannot be changed without showing evidence of tampering.

Less is more

As ID documents have a wide range of users, design is strongly driven by user-centric thinking. Users need to be able to find information quickly and that is easier if the design is relatively simple and has certain ‘quiet zones’. The details are the best place for adding com­plexity and hidden data. For an optimal human docu­ment authentication the number of eye-catchers or focal points for product size of ID-1 or ID-3 can hardly be more than few (2-4). Also, the position and choice of the focal points / fixations are important as it is proven that there is a tendency to fixate on portraits, for example. Eye movement studies also indicate that authentication improves with experience. The way critical elements are oriented and combined is of paramount importance regardless of experience[4]. In the case of first-level eye-catchers, less would be more. Second and third-level checks, however, are often carried out by professionals and the way elements are checked takes priority over their placement.

Process-centric design

The rare materials and innovative processes used to prevent forgery often push the boundaries of manu­facturing. Innovative processes with rare materials are used for security products and manufacturing capa­bilities are often pushed for better results. However these limits should never be exceeded. Design for manufacturing and process-centric thinking aim to maximise the strengths of each process and minimise the weaknesses. Designs that take processes into consideration are the ones that output the best possible products in terms of quality. Security designs should also benefit from the unique processes by considering some of the manufacturing finger prints to be actually valuable details which are hard to replicate by other means. For example the interactions of laser beam with offset and embossing could be considered as a recognisable feature rather than a defect.

Choosing the right materials and construction as well as using layers affects the level of security of the document. Not all of the features, elements and print will be visible to the user, however designers often have to consider all options available when they incorporate these into the three-dimensional structure of a single block. An example of such a block is the polycarbonate data page in passports.

‘Halo effect’

However, the visibility of security features to users is still relevant as mentioned by Van der Horst in his research.[5] He concluded that higher appreciation of a banknote’s appearance corresponded with increased confidence in its authenticity and increased appre­ciation of its quality, also known as the ‘halo effect’. There is no reason to doubt that the halo effect applies to ID documents as well. As an appreciated design builds trust in the product, the quality of the appearance is one of the key design principles.

Design best practices

The following best practices could help make the design process smoother and the outcome more predictable:

  • Perform small-scale tests whenever possible.
  • Produce samples using real processes and fail fast. Whether it is the product or the process, in the testing phase it is often more interesting to fail than to succeed. It helps prevent costly failures later on and increases the chances of a successful product.
  • Identify ‘the new and unknown’ of the product, as those elements are most likely to lead to surprises.
  • Aim to define measurable targets and limits, such as line thickness, microtext size, embossing details and colour densities.
  • Identify key points to focus on and build a back-up plan if inevitable changes occur.
  • Understand the purpose of each approval and build in contingency time for reasonable adjustments.

Trends in passport and document design

It is hard to predict the future of cutting-edge design, yet there are some trends with staying power:

  • The most important single element portrait is often displayed on the document multiple (even up to 7) times using different techniques. This trend will most likely spread and continue.
  • ID documents are more than a set of critical elements and features. Each part and area of the document should be utilised. Even the edges can be per­sonalised, providing the document with extra protection.[6]
  • The description of unique pages as an optional security feature has created a trend in that direction. Not only variations in page numbers, but also changes in motifs, images, landscapes or drawings are getting increasingly common.
  • The number of machine readable elements is increasing to reflect the growing popularity of e-Gates at border control. The challenge for the designer is to make sure the elements are robust without compromising on the document’s other requirements.


In principle, designing ID documents is like any other design project, but the purpose they serve carries a huge additional burden of responsibility. Any mistake made at an early stage may cause considerable delays down the production line, and it is even questionable whether changes are even possible at a later stage without impacting on time and cost.

The holistic security design method gives a structured framework and tools to facilitate an efficient design approach. Incorporating the Product Design Specifi­cation it is tested as the best practice for security document design and is the recommended design principle to follow for creating secure and robust products.


1 Kaskiala, T. (2018). Product design specifications: Helping ID document designers make better decisions from the beginning. Keesing Journal of Documents & Identity, Vol. 57, pp. 32-35.

2 Andersson, H., Johansson, M (2016). What happens when designer gets it wrong – The consequences and causes from forensic point of view. IBDA INSIGHT 12, Nov., pp. 47-48.

3 Surrency, M. (2016). Interview. IBDA INSIGHT 11, Jun.,
pp. 26-28.

4 Raymond, J. Raymond J. E. & Jones, S. P. (2019) Strategic eye movements are used to support object authentication. Scientific Reports, in press.

5 Van der Horst, F. (2016). The halo effect of banknotes: Arguments for good banknote design. IBDA INSIGHT 11,
pp. 62-63.

6 Intergraf (2013). The end of official dullness. Infosecura,
Nr. 55, pp. 8-11.

Further reading

  • De Heij, H. (2012). Designing Banknote Identity. DNB Occasional Studies, Vol. 10, No. 3, De Nederlandsche
    Bank NV. Amsterdam.
  • De Heij, H. (2010). Key elements in banknote design – Part 1: the product perspective. Keesing Journal of Documents & Identity, Vol. 32, pp. 1-7.
  • De Heij, H. (2010). Key elements in banknote design – Part 2: the process perspective. Keesing Journal of Documents & Identity, Vol. 33, pp. 1-5.
  • Howell, C.H. (2017). Science and creativity – the UK passport story – security document design. Keesing Journal of Documents & Identity, Vol. 52, pp. 32-33.
  • Van Roon, J. (2014). Avoiding amorphousness – the ins and outs of intelligent security design. Keesing Journal of Documents & Identity, Vol. 45, pp. 24-29.
  • Zlotnick, J., Brough, J., and Eberhardt, T. (2016). Interrupting traditional counterfeiting workflow: Part 1: Colour and split fountains. Keesing Journal of Documents & Identity, Vol. 49, pp. 14-19.
  • Fawer, U, (2009). The Czech Republic e-Passport. Keesing Journal of Documents & Identity, Vol. 30, pp. 1-3.
+ posts

Toni Kaskiala has worked for Gemalto for 13 years, developing, imple­menting and designing security products, and also spent a few years as a Development Manager of their ID production site. Toni holds several patents related to producing security documents and security features. Over the years he has been involved in over 100 delivered projects and has been fortunate to work closely with many clients. Currently, Toni leads the Security Design Department, which creates between 20 and 30 cards and 2 to 5 passports every year.

Previous articleOnly 500 people own world’s rarest passport
Next articleThe beginnings of Keesing Technologies