Identity document forgery

From Wikipedia, the free encyclopedia
  (Redirected from Fake ID)
Jump to: navigation, search
For the 2003 film, see Fake ID (film).
West German customs employee checking an alleged fake document.

Identity document forgery is the process by which identity documents issued by governing bodies are copied and/or modified by persons not authorized to create such documents or engage in such modifications, for the purpose of deceiving those who would view the documents about the identity or status of the bearer. The term also encompasses the activity of acquiring identity documents from governing bodies by falsifying the required supporting documentation in order to create the desired identity.

Identity documents differ from other credentials in that they are intended only to be usable by the person holding the card. Unlike other credentials, they may be used to restrict the activities of the holder as well as to expand them.

Documents that have been forged in this way include driver's licenses (which historically have been forged or altered as an attempt to conceal the fact that persons desiring to consume alcohol are under the legal drinking age), birth certificates and Social Security cards (likely used in identity theft schemes, or to defraud the government), and passports (used to evade restrictions on entry into a particular country). At the beginning of 2010, there were 11 million stolen or lost passports listed in the global database of Interpol.[1]

Such falsified documents can be used for identity theft, age deception, illegal immigration, and organized crime.

Use scenarios, forgery techniques and security countermeasures[edit]

Lee Harvey Oswald's fake service card with the name Hidell.

A distinction needs to be made between the different uses of an identity document. In one case, the fake ID may only have to pass a cursory inspection, such as flashing a plastic ID card for a security guard. At the other extreme, a document may have to resist scrutiny by a trained document examiner, who may be equipped with technical tools for verifying biometrics and reading hidden security features within the card. To make forgery more difficult, most modern IDs contain numerous security features that require specialised and expensive equipment to duplicate. School IDs are typically easier to fake, as they often do not have the same level of security measures as government-issued IDs.

Modern fake ID cards almost invariably carry a picture of the authorized user, a simple and effective form of biometric identification. However, forgery of simple photographic ID cards has become simple in recent years with the availability of low-cost high-resolution printers and scanners and photo editing software. Simple fake ID cards are commonly made using an inkjet or laser printer to print a replica document which is then laminated to resemble a real ID card. Most designs are made using computer programs, re-creating scanned copies of a license.

More complex ID cards are now being created by printing on a material called Teslin or Artisyn, which are paper-like materials that are actually micro-porous plastic sheets. When butterfly pouches and holograms are applied, the card is then run through a heat laminator which creates a professional-looking ID card.

Numerous security printing techniques have been used to attempt to enhance the security of ID cards. For example, many modern documents include holograms, which are difficult to replicate without expensive equipment which is not generally available. Though accurate recreation of these holograms is extremely difficult, using a mixture of pigments and base can create a similar shiny multi-coloured look which may pass cursory inspection.

In addition, some documents include a magnetic strip, which will also contain the same information, and may thus be checked against the machine-readable information on the barcode. Magnetic strips may also contain other secret identifying information. Although magnetic strips can also be faked, they provide another barrier to entry for the amateur forger. Other hidden security devices can also be added, including embedded secure cryptoprocessor chips which are designed to be very difficult to forge, and RFID tags: the two technologies may also be combined, in the case of contactless smart cards.

Another effective technique is the use of online verification of security information against a central database. In many cases, online verification can detect simple copying of a document by detecting attempted use in multiple places at the same time, or completely false IDs, as the information on the ID will be found to be invalid. A simple method of confirming that an ID is genuine is to print a serial number on it unique to the card and stored on a centralised database. If checked, it will quickly become clear that the ID is false; either the number on the ID is not registered for the holder, or no ID has the number at all. Online verification also has the advantage that it allows easy revocation of lost or stolen documents.

Many modern credentials now contain some kind of barcode. For example, many U.S. driving licences include a 2-dimensional code in PDF417 format, which contains the same information as on the front of the license. Barcodes allow rapid checking of credentials for low-security applications, and may potentially contain extra information which can be used to verify other information on the card.

Systemic attacks[edit]

The combination of multiple high-security features, biometrics, and well-trained document inspectors with technical assistance can be very effective at preventing forged documents from being easily produced. Instead of acquiring the expensive specialised equipment needed to make fake documents, it may be more economical to produce a "genuine fake"; a legitimate document, but one which contains false information.

One way of doing this is to present the document issuing authority with false credentials, which they will then endorse by issuing a new document. In this way, false identities and credentials can be "bootstrapped" over a period of time.

Another simpler way of generating false credentials is to suborn one of the officials involved in the document issuing process through bribery or intimidation. This may also be combined with the bootstrapping process mentioned above to mount complex attacks.

Corruption in the document-issuing process is hard to counter, since as the value of a credential increases, the economic incentives for corruption also increase. This is particularly true in the case of fake ID cards that combine many functions in one document, and for documents which are issued in large numbers, thus requiring many thousands of people to have authorizing powers, thus creating a longer chain of people who can possibly be exploited. Detection of a "genuine fake" document is also a difficult process; as such a fake is a legitimate document, it will pass any tests for forgery. To detect such fakes, it is necessary to perform a background check on the individual in question to confirm the legitimacy of the document's information. Nowadays, drivers licenses and identification cards are verified by scanning the magnetic stripe on the back of the license or by using an ultraviolet light to view images printed by the government on the identification which are only visible under ultraviolet light.

See also[edit]

References[edit]