ID documents are valuable and must be protected against criminal attempts to counterfeit or tamper with them. The personal data, and in particular the photograph, is especially at risk. In this article, Nick Nugent reviews the traditional defences, and looks at how new personalisation security features are very well placed to protect the most vulnerable elements of the document. The many advantages of personalisation security are explored, and the enormous potential of such features is demonstrated by examining a recent example.
There are generally considered to be three broad categories of ID fraud, sometimes referred to as the ‘triple threats’:
• Counterfeiting: the making of a fake document; a simulation of the real thing.
• Alteration or tampering: the manipulation of information on a genuine document.
• Impersonator or ‘lookalike’: the application for a genuine document when not entitled, or posing as the authorised bearer of a genuine document.
The first two attacks are defended by features and characteristics within the document itself. The third category is not an attack of the document but instead seeks to compromise the application or verification system, often using false supporting documentation, the so-called breeder documents. As the ID document obtained by this type of fraud is genuine and unaltered, this attack is generally not defended against by document security features, although a high-quality portrait may help expose an impersonator or ‘lookalike’.
Securing the ID document
When designing an ID document, there are some well established security best practices:
• Effective security features are difficult to simulate or alter, but easy to verify.
• Examiners of IDs are looking for differences between the document in front of them and a genuine one, which may not be in front of them and of which they might have little knowledge.
• Security features are designed to highlight these differences to the official who examines the ID and can be level 1 (overt), level 2 (covert) or level 3 (forensic).
• Although all are needed in a high-value ID, level 1 features are particularly important.
• Electronic security in the form of chips, PKI and biometrics, complements and enhances physical security. It is not a substitute for physical security features.
• Effective security relies upon a network of features arranged throughout the document in layers, as no single security feature is impregnable.
There are several layers in which to add features during ID manufacture (see figure 1). An important principle of ID security is to ensure strong defences against all types of attack, and this is best achieved by incorporating features into all the five layers.
The potential for these layers is detailed in table 1. As is evident from this table, a long list of good, strong features exists for paper substrates, security (pre-) print and high-security laminates, as well as the multiple layered defences ensuring cryptographic security and biometric privacy to be found in electronic chips (figure 2). Conversely, the weaker layers of ID document security are plastic substrates and the personalisation technology. It is here that greatest opportunity exists to improve the security of the overall document.
Securing ID substrates
In order to address the challenge of securing a plastic ID, a useful question to ask is “What makes currency secure?” The paper, or indeed polymer, media used in currency must appear different from commercially available material. The differences are created by specialist design and manufacturing processes, and by the incorporation of structures and substances within the substrate which are the ‘security features’. Table 2 highlights some example features used in paper currency.
Like its paper counterpart, the polymer used for currency is a specialist and restricted material, differentiated from commercial polymer film by various incorporated devices including windows, integrated holographic elements and lens features. Currency substrates – paper or polymer – are then further secured using restricted processes and materials, involving specialist design packages, security printing and foiling. Personalisation is typically limited to a unique serial number and, of course, variations between denominations within a family of banknotes. In contrast, ID documents must be personalised in order to link them to their bearers. Since the advent of digital print engines in the early 1990s, the ID industry has regarded the sole function of personalisation to be the addition of personal biographical data, especially the bearer’s portrait. However digital personalisation is much more than this; it is an opportunity to add security.
Adding security during the personalisation process
Of particular importance to first-line document examiners is overt security, and demand is high for level 1 security features that resist counterfeiting/alteration, and can be easily verified with confidence and little training. The personalisation process is an ideal time to add this strong level 1 security, and figure 3 shows several examples of personalisation security features. These features add tremendous value by:
• Utilising variable data, which is more challenging to counterfeit in volume.
• Reducing the value of stolen components to the criminal, because the components don’t include the security feature until the point of personalisation.
• Utilising specialist personalisation engineering as well as expertise in configuring and implementing it.
• Achieving a truly personal security feature, which can be more confidently verified by an examiner with no device and with minimal training.
• Differentiating the personalisation engine from a commercially available one.
• Providing a great positive impact to the bearer; seeing their face or name within a high-tech feature can create a personal pride in the document and the technology used within it.
[Not a valid template]
Characteristics that can be secured further by personalization
An approach that is rapidly gaining interest within the ID industry is to design the substrate with particular characteristics that can then be further secured using personalisation. This can be achieved using colour systems – for example ribbon or inkjet – or by laser engraving. Features that utilise a modified substrate and laser personalisation include:
• Polycarbonate construction that enables tactile engraving.
• Embedded DOVIDs that can be written through.
• Lens structures that can be written through, giving multiple, variable laser images. Examples are MLI (Multiple Laser Image) and CLI (Changeable Laser Image).
• Windows that can be engraved, and seen from both sides.
• Foiled windows that can be ablated, where metal is selectively removed by laser energy.
In each case, ID security has been optimised by considering the overall design of the document, not just one layer at a time. This holistic approach enables a modified substrate to be further secured using specialist personalisation engineering, and ensures that the features in the pre-print and/or laminate are integrated with the features in the other layers. The use of ablated foiled windows is particularly interesting and will be examined in more detail later.Not all personalisation security features require lasers; some are available from colour systems. For example inkjet and ribbon systems both offer UV fluorescent personalised features, as well as a multitude of techniques for hiding information within the visible personalisation, that can then be revealed by a magnifier, decoding lens or reader. Significant development is underway across the industry for additional personalisation security features, both laser and colour. Furthermore, not all personalisation security requires a modified substrate. Laser perforation is an example, where variable information, such as a face or a number, is introduced into the paper or plastic substrate using holes, burnt with a laser.
Some of the older technologies for personalised security have suffered from their poor clarity when used to produce an image of the card holder, making it more difficult for document examiners to compare the feature image with the primary image and with the card holder. More recently lasers have been used in personalised security features to create high-resolution images that are easily verified. Security is further optimised when combining multiple personalisation technologies, for example using laser and colour together to make counterfeiting more complex.
New personalised security feature
The value of personalisation security has prompted the development of several new security features. A recently launched technology that perfectly exemplifies the principles and advantages of personalisation security is the SAFEWindow™ security feature (see figure 4), which is one of the Datacard® Security at Time Of Personalization™ solutions. This feature has proved very popular amongst document examiners, who value its simplicity of concept and design, and in particular the ease and confidence with which it may be verified.
The device consists of a metallised foil window integrated within the ID substrate. The window is constructed so that the vacuum-deposited metal layer may be selectively removed during laser personalisation using the process of ablation. The result is that personal variable information, including the portrait, is created within the window in a form that is extremely difficult to counterfeit or alter. The ablated foil image matches the primary image on the document, and thus discourages attempts to alter either. This security feature is particularly strong against the threat of portrait modification by addition of information, (for example a new hairstyle, beard or glasses), as in order to do this the fraudster would need to add metal back into the window. Further defences against tamper come into play if there is a criminal attempt to delaminate the card into separate layers, as the foil layer is frangible and designed to show damage in such circumstances. Of course, strong security features are not just resistant to simulation or alteration, they must also be easy to verify. The high-resolution image is clearly visible to the naked eye and, when held up to light provides an image that can be authenticated in seconds. Unlike some holographic features, a wide variety of lighting conditions can be used to verify using SAFEWindow™. Another, unique, aspect of the device is how the image is viewed both as a negative image, when light is reflecting off the foil, or as a positive image when held up to the light and viewed in transmission with the light coming through the laser ablated portion of the foil.
Examination authorities such as police or border agencies prefer a level 1 feature to be eye-catching and to be interesting to look at, without demanding so much attention that other aspects of the document might be overlooked. The device is very flexible in design, and may be integrated into the document to suit the issuer’s requirements. This is possible because the feature can be produced in a variety of sizes and shapes, the shape of a country for example, and include intricate and even multiple windows. Another advantage is that the feature is ablated using similar laser systems to that used for engraving polycarbonate, helping minimise capital expenditure.
Personalization security is an important weapon in the defence of ID documents against counterfeiting and alteration. Although such features have been around for several years, it is only recently that the product development activity in this area has matched the need for this very effective form of defence, and a new generation of personalisation security features has begun to emerge.