The Identity Challenge: verifying travel document integrity, quashing breeder document fraud

As more people travel to more destinations than at any time in our history, passing through aviation security checkpoints and crossing international borders in the process, the challenge of verifying traveller identities has never been greater. This challenge is made more complex by rising expectations of shorter queues and reduced wait times, and the greater demands being placed upon comparatively few (and dwindling) numbers of trained staff available to perform the essential functions of verifying that travel documents are a) genuine, b) have not been reported as lost or stolen, and c) belong to the actual people presenting them. This is set within the prevailing need to ensure the person does not present a risk to aviation or, indeed, to the country they are leaving, travelling via or, ultimately, of their final destination. Matthew Finn delves into the issue of travel document integrity and breeder document fraud, both key factors in establishing a passenger’s genuine identity.

How can government and industry work effectively together to respond to the ‘identity challenge’? How can we ensure that only those passengers who pose no risk to either aviation or the countries along their route, are processed quickly and efficiently, whilst being absolutely certain that we are basing our risk assessment on people whose identity can be properly verified?
Much of the answer lies in the integrity of the travel document – our ability to determine that it is neither forged, nor counterfeit nor fraudulently obtained, and we can be absolutely sure it belongs to the person presenting it.

Raising the Bar: the Value of International Standards
The work of the International Civil Aviation Organisation (ICAO) has created a valuable set of standards in the development and advancement of high-tech documents for international travel. Specifically, ICAO Document 9303 provides detailed specifications for machine-readable passports, visas and ID cards (‘travel documents’) for use in crossing international borders.

Developments in traditional secure document printing have rendered the task of forging and counterfeiting travel documents considerably more difficult – but not impossible. The availability of specialist inks, laminates, paper, laser perforation, holograms, optically variable imaging devices and other ‘difficult to replicate’ features has meant that the modern day passport, as the most common example of a machine readable travel document (or MRTD), can be subjected to a range of controls to quickly determine its authenticity.

These developments have been made even more robust with the growing adoption of ‘electronic Machine Readable Travel Documents (eMRTDs)’ – next generation passports that contain biometric (and other) data in a contactless integrated circuit chip, adopting the absolute latest thinking and recommendations as set out in ICAO 9303.

On the one hand, the myriad of document security features present in a modern travel document enable a rapid examination to ensure it is genuine; on the other hand, by using a one-to-one verification to confirm that the biometric data contained in the chip matches that of the person presenting it, the control process is able to establish that the genuine travel document actually belongs to the person presenting it. Job done? Well, not quite.

Moving Goalposts
Security specialists around the world routinely talk about “the need to stay one step ahead” of those posing a risk or seeking to do us harm. Every measure needs a counter-measure. The advancements in document security and our ability to verify it is genuine and belongs to the person presenting it is, of course, an important step forward. But the goalposts are moving. And we need to keep up with – and develop counter-measures for – new trends and the constantly evolving challenge of managing and verifying identities.

In 2007, ICAO reported that document fraud amounted to 54% of forgery detections at the border. Of these, 16% were counterfeit documents, 19% were attributed to substitutions of the photo and a further 19% were as a result of substitutions to the biographic data page. For the same period, ICAO reported that identity fraud amounted to 31%, with 21% attributable to imposters and lookalikes and the remaining 10% to fraudulently obtained genuine travel documents – arguably the hardest to detect.

Only two years later that picture had changed dramatically. In 2009, identity fraud amounted to a staggering 71% of forgery detections, 48% attributable to imposters and lookalikes and a worrying 23% – more than double – attributable to documents that had been fraudulently obtained. Conversely, document fraud – traditionally the more common of the two and arguably the easier to detect – had dropped to almost half at 29%.

In real terms, this means that identity fraud is on the rise – and the rise is significant. More recent figures aren’t widely available, but it is safe to assume that this upward trend has continued and that our challenge now is more about determining that the document truly belongs to its holder rather than whether the document itself is a forgery or counterfeit.

International Cooperation
In March 2014, the world woke up to what has become the airline industry’s greatest mystery – the tragic disappearance of Malaysian Airlines flight 370. While the fate of that aircraft and all of the passengers and crew on board remains a complete mystery – even though the flaperon which was recently washed ashore in Reunion turned out to be from MH370 – and one which fuels speculation by security specialists and conspiracy theorists alike, one key fact drew considerable attention: that two passports, reported to the international police organisation, INTERPOL, as ‘stolen’, were able to be used by two of the passengers on board. There followed considerable speculation that the holders of these documents were linked to the aircraft’s disappearance and had links to terror organisations.

Ultimately, INTERPOL concluded that neither Pouria Nour Mohammad, 19, nor Seyed Mohammed Rezar Delawar, 29, both Iranian nationals, had any links to terrorism and were in fact seeking to circumvent document control procedures by travelling circuitously from Thailand to Europe via China in order to claim asylum in the EU.

MH370 put document control procedures in the spotlight with difficult questions being asked about how documents already reported as stolen could still be used by imposters for international travel. Understandably, public concern focused on how easy it would be for a terrorist, rather than an asylum seeker, to obtain and use a stolen passport and not be detected either by the airline or, indeed, the government performing outbound border control in the departure country.

In the months that followed, both INTERPOL and the International Air Transport Association (IATA) spoke about the need for international cooperation and the need for more stringent document control procedures that could verify, in real-time, whether a document being used by a passenger had ever been reported as stolen or lost and recorded as such in INTERPOL’s Stolen & Lost Travel Document (SLTD) database. There is now an urgent need for this capability to be widely available across the air transport industry and for airlines and air transport operators alike, not just governments, to be able to perform checks on passengers’ travel documents.

The good news is that a number of airlines, and Qatar Airways being first among them, are now working with INTERPOL and developing an industry-wide initiative known as i-Checkit which performs precisely that function.

The Promise of Biometrics
Against this backdrop, much has been said of the promise of biometrics and the role this particular technology can play in delivering a greatly enhanced document security capability. Adoption, however, has been incredibly slow. There remains a significant gap in terms of the capabilities some governments have – and others do not.