Card, mobile credential, payment and security
Best-in-class card materials, personalization, and security features guard against alteration and simulation attacks
Document and card security today is far more complicated than a list of features or materials. To meet modern fraud threats, card issuers – from governments to campuses – need to design documents with comprehensive approaches to protect against attacks along multiple fraud vectors. With foresight and planning, issuers can link and layer the right design, personalization modalities, and security elements to maximize security.
Not so long ago, staying ahead of counterfeiters was as easy as opting for a newer card design and employing a secure printing technology. That was typically enough to keep credentials secure and fakes easy to spot.
“A few years ago, a spoof was good enough,” says John O’Rourke, Director, Product Management for IDEMIA Identity & Security, N.A. “Counterfeiters would use a blank piece of PVC and an ink jet printer to create a card with a similar appearance, but today, that is not what we are fighting.”
Modern counterfeiters are sophisticated, well-financed enterprises with access to industrial card production equipment, advanced materials and techniques. A host of counterfeit ID vendors operate globally, and with such sophisticated operations, the legitimate secure credential vendor community must continue to innovate to stay ahead of fraudsters. And they must do this while still providing secure credentials at price points that are still affordable.
Today, the primary threat comes from a robust offshore counterfeiting industry, protected by the veil of Bitcoin and motivated by the vast potential market of underage drinkers in the US.
By some estimates, the market for fake identification cards is in excess of $100 million in the United States alone. And, while a small percentage of the market for fraudulent credentials consists of hardened criminals, the vast majority of all fake ID purchases are being used as “drinking licenses” by underage people.
Secure card design must combine the right layout, materials, personalization, and security features to guard against alteration and simulation attacks.
The law enforcement problem is that while underage drinking is an issue, it tends to fall below the radar when compared to other more serious criminal uses for fake IDs — “think identity theft and much worse,” explains O’Rourke. These uses of counterfeit IDs greatly concern federal investigators, whose jobs are made harder by the increasing sophistication of the fakes.
The large number of underage drinkers creates something of a subsidy for the highly criminal end of the spectrum. According to US census data, roughly 20 million people are between 16 and 20 years old, and that number stays relatively steady from year-to-year.
Where underage drinkers of the past may have turned to a back-alley establishment with a printer and a laminating machine, today the market has shifted online. And we aren’t even talking about the dark web here.
A simple Google search will yield a menu of commercial providers — many using highly advanced materials and equipment. And, because the transactions are largely done through Bitcoin, they are anonymous and untraceable — not to mention untaxed.
The large, stable demand for fake IDs has attracted a number of online counterfeit providers that are motivated by the highly profitable market. Counterfeit suppliers now compete based on price as well as the quality of fakes offered. For less than $100, a nearly perfect replica credential is available for virtually any jurisdiction, replicating sophisticated security features, intact holograms and even scannable barcodes and magnetic stripes.
The valid secure credential vendor community offers fraud-resistant card substrates to mitigate counterfeiters. Whether it is PVC composite, Teslin, polycarbonate or polyester, there are advocates out there who claim their card material is the counterfeit killer.
Unfortunately, while some substrates are better than others, any card material can be counterfeited. PVC composite is the traditional “sandbox” that fraudsters like to play in, but all materials are available to a fraudster willing to pay the price.
“The most important thing is to approach the credential knowing that no single design element and no single card material will make the card secure,” says O’Rourke. “Multiple layers of fraud deterrence are the only effective approach to building secure credentials.”
Modern counterfeiters are sophisticated, well-financed enterprises with access to industrial card production equipment, advanced materials and techniques
In the past, securing the credential was all about making an unalterable document — something that was highly tamper resistant. But card technology advanced with solid body card substrates and personalization embedded within the document. This made tampering with real credentials more difficult.
So fraudsters shifted tactics.
Now, the vast majority of the counterfeits simulate document material and features, rather than altering original documents. This opened the door to mass production of fake IDs as it is no longer necessary to have an original document to modify.
Secure card design must combine the right layout, materials, personalization modalities, and security features to balance the security protection against alteration and simulation attacks. This must also be weighed against the business needs of card life in the field, location of personalization equipment, and, of course, cost.
The counterfeit ID industry has grown rapidly as an ever-increasing demand combines with the anonymity of the web and crypto currency. Easy access to raw materials and advanced printing equipment enables modern counterfeiters to simulate IDs from virtually any jurisdiction.
The physical card materials can no longer stand alone as the primary security feature.
The key is to issue cards that can be made as secure as possible in the environment required, and at a price point that works — and to make sure that the credentials are employing as many deterrence factors as possible to keep ahead of the rapidly evolving counterfeit industry.
A new secure credential paradigm is needed that extends beyond a list of physical materials and basic security features. This new paradigm must encompass multi-modal personalization, an array of security features, the right materials and a linked and layered design to counter multiple sophisticated fraud vectors.
