When It Comes to Security Features, Less Is More

Identity documents have come a long way since their introduction in 1414 by King Henry V of England, as part of the Safe Conduct Act. For the next 500 years, various proofs of identity emerged but most people didn't need to carry one. The need to use identity documents not only for identifying but also authenticating the holder of the document became apparent during the first year of World War I with the Lody spy scandal. Carl Hans Lody was a German spy who managed to get an emergency US passport from the American consulate in Berlin using the identity of a real American citizen: Charles A. Inglis. Since the passport document lacked security features such as the holder's photographs or fingerprints, Lody was able to travel freely to the UK to conduct his spying mission.

Since that time, securing international and national identity documents has been a priority for every government. “Securing" in this context means making it close to impossible to counterfeit (produce a fake) or forge (modify) a real identity document. After all, even in our era of digital identity, microcontrollers, Public Key Infrastructures and complex cryptography, physical documents still play the most important role in identifying and authenticating an individual in day-to-day situations. 

Consequently, many physical security features were developed for or adapted to the identification world (many of them coming from the banknote industry). A non-exhaustive list of those security features includes: secure inks with optical variable effects, holograms of different type and complexity, secure printing with very high resolution, advanced printing methods and techniques (like rainbow printing), invisible taggants, embossing, clear windows, UV print, infrared, ghost portraits, etc.

Nowadays, identity cards can carry as many as 30 different security features. As a reminder, an ID1 (international standard) identity card is only 3.37 x 2.125 inches (85.6 x 53.9 mm). When it comes to a passport booklet, the number of security features can go up to 80!

With that in mind, the obvious question is: "How useful is it to have so many security features on one single document?"

As it turns out, not very useful at all. It is not conceivable that someone, whether he is a trained law enforcement officer or an ordinary clerk, can check each and every security feature during an identity control. A quick check would most probably be limited to making sure the photograph looks vaguely similar to the document holder and, in most cases, taking a general look at the document to see if it appears genuine. The most vigilant controllers will have a look at the hologram that might be overlapping the photograph (seeing if it is shiny or not) or check one of the ghost portraits and maybe feel the tactile effects on the card. How many times have you experienced a border control officer putting a passport data page under a UV lamp and then going straight to checking the visa pages and stamping your passport to validate your entry in the country without checking anything else?

So, what is the point of having so many security features in those situations? One can argue that there’s no harm in packing as many security features as possible on an ID document, but I couldn't agree less.

Fraudsters and counterfeiters are continuously improving their skills and techniques. The most common security features are now replicated with a high level of precision. In some cases, genuine security features can be harvested from a lost or stolen document and reused on a fake one. Counterfeiters have made tremendous progress in the past few years when it comes to holography, embossing, security printing and specialized ink. The danger is compounded since equipment that was previously very expensive and specialized is now very accessible and sold freely on the internet.

What happens when the most easily and commonly checked security feature on a National ID is also the easiest security feature to counterfeit? Unfortunately, people will still rely on that security feature to validate documents. They are not harmless additions—they are putting any new and otherwise very advanced identity documents at great risk of being counterfeited. Weak security features should not have their place on any ID document anymore. Weak security features are completely deceptive. It is like installing the most advanced burglary alarm in your home but forgetting to lock the front door.

Of course, we can’t manage without security features completely. A few things need to be secured on an ID document, such as the card construction and the personalized data including the portrait. And this can actually be achieved by a couple—or even, in some instances, a single—security feature. Many other security features still have their place on an identity document, particularly when they can be nicely integrated in the overall background design of the document

The difference between a weak and a secure ID document is definitely not the number of security features you will find on it. What will make a document secure against counterfeiting and forgery is to have the right combination of strong overt security features.