Identity document forgery

From Wikipedia, the free encyclopedia

"Fake ID" redirects here. For the pop punk band from Massachusetts, see Fake ID (band).

Identity document forgery is the process by which identity documents issued by governing bodies are copied and/or modified by persons not authorized to create such documents or engage in such modifications, for the purpose of deceiving those who would view the documents about the identity or status of the bearer. The term also encompasses the activity of acquiring identity documents from governing bodies by falsifying the required supporting documentation in order to create the desired identity.

Identity documents differ from other credentials in that they are intended only to be usable by the person holding the card. Unlike other credentials, they may be used to restrict the activities of the holder as well as to expand them.

Documents that have been forged in this way include driver's licenses (which historically have been forged or altered to conceal the fact that persons desiring to consume alcohol are under the legal drinking age), birth certificates and Social Security cards (likely used in identity theft schemes, or to defraud the government), and passports (used to evade restrictions on entry into a particular country).

Such falsified documents can be used for identity theft, age deception, illegal immigration, and organized crime.

Contents

[edit] Use scenarios, forgery techniques and security countermeasures

A distinction needs to be made between the different uses of an identity document. In one case, the fake ID may only have to pass a cursory inspection, such as flashing a plastic ID card for a security guard. At the other extreme, a document may have to resist scrutiny by a trained document examiner, who may be equipped with technical tools for verifying biometrics and reading hidden security features within the card.

Modern ID cards almost invariably carry a picture of the authorized user, a simple and effective form of biometric identification. However, forgery of simple photographic ID cards has become simple in recent years with the availability of low-cost high-resolution printers and scanners and photo editing software. Simple fake ID cards are commonly made using an inkjet or laser printer to print a replica document which is then laminated to resemble a real ID card. Most designs are made using computer programs, re-creating scanned copies of a license.

More complex ID cards are now being created by printing on a material called Teslin, which is a paper-like material that is actually a micro-porous plastic sheet. When butterfly pouches and holograms are applied, the card is then run through a heat laminator which creates a professional-looking ID card.

Numerous security printing techniques have been used to attempt to enhance the security of ID cards. For example, many modern documents include holograms, which are difficult to replicate without expensive equipment which is not generally available. Though accurate recreation of these holograms is extremely difficult, using a mixture of pigments and base can create a similar shiny multi-coloured look which may pass cursory inspection.

School IDs are easier to fake, as they often do not have the same level of security measures as government-issued IDs.

Many modern credentials now contain some kind of barcode. For example, many U.S. driving licences include a 2-dimensional code in PDF417 format, which contains the same information as on the front of the license. Barcodes allow rapid checking of credentials for low-security applications, and may potentially contain extra information which can be used to verify other information on the card.

In addition, some documents include a magnetic strip, which will also contain the same information, and may thus be checked against the machine-readable information on the barcode. Magnetic strips may also contain other secret identifying information. Although magnetic strips can also be faked, they provide another barrier to entry for the amateur forger.

Other hidden security devices can also be added, including embedded secure cryptoprocessor chips which are designed to be very difficult to forge, and RFID tags: the two technologies may also be combined, in the case of contactless smart cards.

Another effective technique is the use of online verification of security information against a central database. In many cases, online verification can detect simple copying of a document, by detecting attempted use in multiple places at the same time, and it also allows revocation of lost or stolen documents.

[edit] Systemic attacks

The combination of multiple high-security features, biometrics, and well-trained document inspectors with technical assistance can be very effective at preventing forgery. However, all of these security techniques can be rendered ineffective if the ID document is a "genuine fake", that is, a genuine document issued under false pretences.

One way of doing this is to present the document issuing authority with false credentials, which they will then endorse by issuing a new document. In this way, false identities and credentials can be "bootstrapped" over a period of time.

Another simpler way of generating false credentials is to suborn one of the officials involved the document issuing process. This may also be combined with the bootstrapping process above to mount complex attacks.

Corruption in the document-issuing process is hard to counter, since as the value of a credential increases, the economic incentives for corruption also increase. This is particularly true in the case of fake ID cards that combine many functions in one document, and for documents which are issued in large numbers, thus requiring many thousands of people to have authorizing powers.

Another systemic attack is to inject false information into the official database, in such a way that the database will recognize fake cards as being real.

[edit] External links

[edit] References

Languages