DOCUMENT SECURITY ISSUES



Similar documents
TAKING A HOLISTIC APPROACH BEST PRACTICES FOR OVER-THE-COUNTER GOVERNMENT ID CARD PROGRAMS. Mary Olson, Senior Marketing Manager, Citizen Solutions

Combatting Counterfeit Identities: The Power of Pairing Physical & Digital IDs

More Power and Performance With Each Printed Card

ZEBRA CUSTOM LAMINATE QUOTE REQUEST FORM Custom Laminate Quick Reference Guide: Added Security to Meet Your Needs

Complete. security. begins with 3M

Printing/Encoding and Engraving Solutions

Understanding Technologies for Creating High-Security ID Cards

Full scope of document security solutions

Full page passport/document reader Regula model 70X4M

PROTECT YOUR BUSINESS FROM LOSSES WHILE ACCEPTING CREDIT CARDS

The security features which are not visible on a photocopy

Smart Card Security How Can We Be So Sure?

Zebra Card Printers Supplies List P330i/P430i with UHF Gen 2 RFID Encoder

Credential and Workflow Design with TruCredential. DataCard Corporation. All rights reserved.

Discover Germany s Electronic Passport

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.

THE LEADING EDGE OF BORDER SECURITY

For more information, please refer to our Check Armor FAQ: forms/checkarmorfaq.pdf

NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics

EMR 1, / 1, , CMS

Understanding Digital Signature And Public Key Infrastructure

Copyright 2011 TROY Group Inc.

ID Document Scanning and Biometric Solutions

Optical Memory Cards in Federal Government

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Durability of Smart Cards for Government eid

Enhanced Check Security Features Padlock Icon

State of Vermont Office of Vermont Health Access (OVHA) Pharmacy Benefit Management Program

The Software Supply Chain Integrity Framework. Defining Risks and Responsibilities for Securing Software in the Global Supply Chain.

EMV EMV TABLE OF CONTENTS

DATACARD ARTISTA VHD RETRANSFER COLOR PRINTING MODULE. Innovative Technology for the Datacard MX6000 Card Issuance System

W.A.R.N. Passive Biometric ID Card Solution

Statement of. Carlos Minetti. Discover Financial Services. Before the. Subcommittee on Oversight and Investigations. of the

How To Process Credit Card Receipts

A Guide To Selected U.S. Travel/Identity Documents For Law Enforcement Officers

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

Figure 1: Attacker home-made terminal can read some data from your payment card in your pocket

OKLAHOMA LAWS RELATING TO IDENTITY THEFT

Smart Cards and Biometrics in Privacy-Sensitive Secure Personal Identification Systems

CONNECTICUT IDENTITY THEFT RANKING BY STATE: Rank 19, 68.8 Complaints Per 100,000 Population, 2409 Complaints (2007) Updated November 28, 2008

Checking Identification

CHECK FRAUD. Federal Reserve System

Best Practices for the Use of RF-Enabled Technology in Identity Management. January Developed by: Smart Card Alliance Identity Council

Preventing fraud in epassports and eids

EMV and Restaurants: What you need to know. Mike English. October Executive Director, Product Development Heartland Payment Systems

Version 15.3 (October 2009)

MARYLAND IDENTITY THEFT RANKING BY STATE: Rank 10, 85.8 Complaints Per 100,000 Population, 4821 Complaints (2007) Updated January 29, 2009

EMV and Small Merchants:

Law Enforcement Guide to False Identification and Illegal ID Use

Fighting Identity Fraud with Data Mining. Groundbreaking means to prevent fraud in identity management solutions

Policy for Protecting Customer Data

Ultimate code quality on a wide variety of substrates. Coding and marking sample guide. CO2 Laser

QUESTIONS & ANSWERS. How did the Department decide on the cost of the Passport Card?

Identity Verification Program Guide

ATM FRAUD AND COUNTER MEASURES

Security Failures in Smart Card Payment Systems: Tampering the Tamper-Proof

Implementation of biometrics, issues to be solved

Payment Card Security Elements and Card Acceptance. Instruction

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION

Defending the Internet of Things

What are the minimum internal control standards for lines of credit?

PIN Pad Security Best Practices v2. PIN Pad Security Best Practices

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

How To Spot & Prevent Fraudulent Credit Card Activity

FRAUD TECHNIQUE: IDENTITY DOCUMENT VERIFICATION

LOST, STOLEN OR SKIMMED

With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.

New Account Reference Guide

Fraud Protection, You and Your Bank

Your Key to Security. KeySecure The Tracing System for Product Authentication

A Model of Unforgeable Digital Certificate Document System

Scratchcard Testing. Guideline

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

Security by Politics - Why it will never work. Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA

The Advantages of Security Features

Protecting the POS Answers to Your Frequently Asked Questions

Smart Cards for Payment Systems

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic

UNT Cash Control and Departmental Deposit Handbook

CRESCENDO SERIES Smart Cards. Smart Card Solutions

Payments Fraud: It's Not Fun & Games

Card Acceptance Best Practices Playing it Safe at the Point of Sale

Basic Passport Checks 4 COLOUR SIMPLE VERSION

UNDER AGE & PROXY SALES: A GUIDE FOR LICENSEES

EMV's Role in reducing Payment Risks: a Multi-Layered Approach

How To Choose An Electronic Signature

Transcription:

DOCUMENT SECURITY ISSUES Part of a Series of Datacard Group White Papers for the Secure Document Issuer DESIGNING AN ID DOCUMENT FOR ENHANCED SECURITY Overview Governments today are being driven to increase resources allocated for the design and production of secure ID documents. Advances in reproduction and printing technology have moved ID fraud into the realm of tech-savvy fraudsters, expanding the threats to secure document programs around the world. To improve security and reduce fraud, many planners today are developing sophisticated IDs with security features that are cross-linked at the time of personalization. This paper is intended as a reference for government officials considering how best to issue secure IDs. Because there are trade-offs with each model and different requirements for each issuing agency, there is no best method. MARCH 2007

Keep it simple Spending more on ID security does not necessarily yield better security. An ID overloaded with security features may end up being just as vulnerable as one with insufficient protection. There are numerous examples of expensive IDs which were compromised, as well as distinctive designs which issuers favored and were easily compromised. Most experts agree that at most two or three security elements in a design can be communicated and recalled by all but the well-trained document examiner. In today s documents much of the design work is oriented toward conveying a sense of security. Some features must be included to confirm the authenticity of the document itself, complemented by other features that protect the data from alteration or substitution. The end result should provide clear, unambiguous evidence that both the document and the data it carries are genuine. One strong security feature is not enough A high level of security provided by one specific technology may be mistakenly viewed as sufficient to protect an ID and in fact some vendors may promote one security element without acknowledging its limitations. An effective ID must be treated as a system, and as with any mission-critical system, includes a level of redundancy to maintain security if one element fails or is compromised. For example, the early version of the US DoD Common Access Card relied on one visible security feature to authenticate the card. Although useful for validating the card, the security element provided no protection against alteration of the photo or personal data. Similarly, one US Government program relied entirely on the security of an IC chip embedded in the card, but provided no back-up in the event that the chip failed either unintentionally, or because of deliberate abuse. If a primary verification feature fails, there must still be strong security features that can be used to allow an inspector to reasonably confirm the document s authenticity. Engage Security Professionals Developing a secure document should start with a threat analysis, evaluating the risks associated with varying levels of compromise. Unless skilled design professionals are available in-house, use of an independent security design professional is a critical step in developing a secure document. A skilled designer can incorporate a balance of overt and covert security features to minimize the likelihood of counterfeiting or alteration during the life of the document. Although many vendors are familiar with elements of a secure design, the best outcomes will likely result from recommendations by an experienced and independent design service. Include features for each level of inspection Some security features should be included for each level of examination. Some features are designed to provide multiple levels of protection or deterrence. Educational tools and reference aids need to be provided to the public or user organization as first level examiners. Special tools need to be provided to second level examiners, ranging from simple magnifiers to card or document readers (e.g. magnetic stripe, barcode, or IC chip readers). Depending upon fraud threats associated with a document, designs should include features which provide counterfeit resistance to assure that an inspector can reasonably determine that the document is genuine. Traditional security printing as used for currency is still generally effective for 2 nd level inspection. Application of an Optically Variable Device (OVD) is another important method for 1 st level examination.

Assuring that the data is genuine i.e. has not been altered or forged may require entirely separate techniques depending on how the document is produced. For example, laser engraving or indent printing permanently alters the document substrate, reducing the threat of tampering or data substitution. Laser engraving can also be used to disturb the surface, creating a tactile effect useful for document authentication. For many ID documents, transparent DOVDs (diffractive OVDs) are applied over the personal data to provide tamper evidence in the event that someone tries to alter a photo, birth date, expiry number, etc. Some transparent DOVDs are combined with laminates or overlays to also provide tamper resistance against alteration. Photos and personal data in the U.S. passport, for example, are protected by a transparent DOVD that is tamper-resistant because the overlay is so thin and fragile, and tamper-evident because an attempt at alteration destroys the OVD effect. Figure 1 Levels of inspection > Level 1 - apparent to the casual observer > Level 2 checked by a trained inspector with simple tools > Level 3 analyzed by a forensic specialist using lab equipment The Datacard Optigram laminate, and the Kinegram foil sheeting made by OVD Kinegram AG are two examples of secure, restricted-use DOVDs that can be incorporated in a document design to add resistance to counterfeiting and alteration. Third level features are typically used for investigative purposes. Their primary value comes from forensic analysis of counterfeiting or forgery methods and the resulting link analysis. Third level features can also be demoted to second level as more advanced third level features become available, or in the event that second level features become compromised. Cross-link security elements for a multi-layered approach An emerging strategy for security is to cross-link document features at the time of personalization. The outcome is a document that has unique features that are not present in the pre-printed document, and are not generated by the personalization equipment without presence of an original document. For example, new data can be derived and embedded into a document based on the pre-numbering of that card (or data page) and personal data from the cardholder. The Datacard PB6500 Passport Issuance System and Datacard MX6000 Card Issuance System are examples of high-security personalization systems which can add cross-linked features to a passport or ID card. The Datacard Laser Engraving module or the Datacard Artista VHD Retransfer Color Printing Module can produce microtext data linked to other fields or properties of the document, yielding a crosslinked element unavailable using commercial off-the-shelf printers. The flexibility of those systems allows a new range of advanced personalization technology that can permanently link the document to the variable data on the ID. Figure 2 below is an example of a high security ID card with multiple layers of security and cross-linked data. Protect all components of your ID System Effective security for an ID document requires protecting system components. Blank documents and any custom security elements (e.g. security laminates, optically variable ink, etc.) must be produced in a

secure facility, controlled in their storage and accessibility, and transferred via secure carriers. Strong authentication methods should also be in place to control access to the system to assure that only legitimate documents are issued, and protect against data corruption or substitution during processing. Anticipate change The effectiveness of security designs is now measured in a few years. For example, most currency designers expect to replace designs within 5-7 years. Technology is moving quickly, and criminals can readily gain access to the latest commercial products to produce reasonable facsimiles. The security features selected for an ID should incorporate anticipated threats as well as current threats from counterfeiting and alteration, recognizing that the best programs will stay only slightly ahead of the determined and well-funded criminal. Conclusion Recognizing that tamper-proof technology cannot be made, most government programs require strong tamper-resistant features in an ID card. Making the document difficult to alter or counterfeit is the first step in defending the integrity of an ID program. If someone is motivated to attack the ID, there must be some tamper-evident feature to make the alteration attempt apparent visually or electronically. Optically variable topcoats are widely used because they are permanently damaged if alterations are made, yielding strong tamper-evidence. Ideally the OVD should be physically registered so that it protects specific data elements and provides the consistent and predictable appearance that supports document inspection. The choice of security technologies to protect a document will always involve trade-offs between cost and security. The highest security will generally be obtained with restricted or limited use technologies, which by their nature will be more expensive. The more widely available any technology becomes, the higher the likelihood that it can be fraudulently used. Many planners today require systems that anticipate introduction of new or enhanced security features on a routine basis during the life cycle of an ID document. Figure 2. High Security ID Card Example Rainbow Durable Composite Card Substrate Datacard Optigram Security Laminate OVD Optically Variable Device High Resolution Color Printing Photo w Fine Line Pattern Indent Printing Laser Engraved Photo Laser Engraved Microprint Digitized Signature Ultraviolet Luminescent Ink in card body, variable personalization & security laminate OCRB Machine Readable Data Protective Topcoat OVI Optically Variable Ink Preprinted Micro -text

Additional Resources For additional information about security features used for secure ID documents visit: AAMVA American Association of Motor Vehicle Administrators website contains extensive information about standards, including extensive listing of available security elements http://www.aamva.org/knowledgecenter/standards/ European Union EUR-Lex website containing Council Regulation (EC) No 2252/2004 on standards for security features and biometrics in passports and travel documents http://eur-lex.europa.eu/en/index.htm Other standards documents are available for a fee from ISO and ICAO

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information