Address Today’s Traveler Needs: A Holistic Approach to Credential Security
Scaling operations to meet growth and demand, no matter the organization, is complex and requires continued focus. Today, the aviation industry faces a host of challenges – ranging from logistics to security to customer satisfaction – thanks to strong organic growth.
As we continue to see a significant increase in air travel across the globe, passenger demand is expected to be even stronger in 2024, according to the International Civil Aviation Organization (ICAO).
Knowing this, airport authorities, operators, and government agencies are aligned around common objectives: supporting this growth to create efficiencies, create a more sustainable flight journey, and improve the passenger journey while maintaining the highest standards of safety, security and privacy.
Travelers are looking for a faster, easier, smoother experience. And aviation industry leaders would prefer to address these concerns without necessarily building a new terminal, adding Transportation Security Administration (TSA) officers, or increasing security checkpoints.
The Evolution of Secure Credentials
Secure credentials are a key element not just for airport security, but more broadly for governments, security agencies and other card issuers around the world.
Credentials come in many forms, depending on the country and state, the end use of the credential, and other factors. Driver’s licenses, government IDs, physical passports, and electronic passports (e-Passports), for example, are essential tools for verification and authentication, and their integrity is critical.
Just as the state of travel evolves, so do the credentials that facilitate travelers’ journeys. More than 160 countries now also issue e-Passports, which are the latest generation of physical passports. Unlike the previous non-electric “machine-readable” generation of passports, e-Passports now carry a chip (and antenna) to enhance credentials’ authentication. Around the world, e-Passports are some of the most advanced travel documents produced today.
Over the years we have seen several generations of e-Passport chips and security protocols, beginning with facial imaging and later, biometrics, followed by encrypted contactless communication and other enhanced security features.
However, one safeguard remains constant: protecting the physical credentials, including those portions of e-Passports that specifically house the microchip.
To secure and protect embedded data in e-Passport inlays and electronic covers, many passport issuers incorporate a flexible, protective, highly bondable and inherently tamper-resistant material – for example, PPG TESLIN substrate – into the document to protect the chip.
Staying at the Forefront of Trends and Threats
We recognize that secure credential format, design, and technology must continuously advance to meet industry trends and challenges.
Two notable areas shaping the secure credentials space are digitalization, and fraud and counterfeiting.
Let’s first examine the role that technology and the evolution of digital credentials play for airports and government agencies.
The adoption of technology within this space – as in many other industries – was accelerated, if not catapulted, by the COVID-19 pandemic. Mirroring other areas of their lives, consumers show a strong preference for having as much data and access as possible in the palm of their hand or on their wrist, further shifting the balance to digital versus physical documents.
Simply put, secure credentials are evolving, albeit at a gradual pace.
This is the case in the U.S., where, in a small number of participating states and at select TSA checkpoints, passengers can use their smartphone or smartwatch’s digital wallet to store and present their digital license or ID.
With this new option, how does one of the leading smartphone manufacturers ensure security on par with that of traditional physical document authentication? Ultimately, across all aspects of secure credentials, the answer lies in a multi-pronged approach – addressing protection from many angles to counter any holes in the virtual safety net. Smartphones containing digital IDs are also inherently guarded by built-in safety features like biometric authentication such as facial recognition.
Layers of Protection
The complexities of digitalization mean that the transition from physical to digital – in the airport industry and more broadly for secure credentials – has been, and will continue to be, steady and measured.
This is practical on several fronts. As we know, digital can fail; if a system crashes, a physical document serves as backup. In fact, the TSA still requires that all passengers have their physical IDs on hand in those states that allow digital IDs.
As much as innovation prevails, it’s risky to put all the eggs in one proverbial security basket: we aren’t yet in a place where credentials can or should be 100 percent digital. Rather, digital should be a complement to physical. This multi-level protocol helps ensure security and that all checks and balances are in place.
Along the same lines, the physical document itself is crucial. Experts agree that the most effective credential designs employ a holistic approach, using diverse card construction materials, combined with multiple levels of advanced security features.
This combination of materials and features comes into play with another key industry issue: fraud and counterfeiting. In today’s never-ending battle against these threats, there is no single, ideal way to construct the perfect, long-lasting, secure credential.
With fraud, or alteration, the perpetrator starts with a real document and changes an element such as the photo, name, birth date, or expiration date. To combat fraud, credential issuers must work to prevent tampering through document design. Some substrates used in physical credentials boast this performance benefit – they are tamper-evident. If someone tries to tamper with a document, they will damage the integrity, permanently distorting the card, immediately exposing any attempt at delamination. Alteration is obvious because they cannot cleanly reassemble the layers.
The other area of concern is counterfeiting, by far the most popular and frequent type of document fraud. Here, perpetrators attempt to create replica credentials with different materials and technology to make it look like the real thing.
The greatest vulnerability lies in an ineffective card design that lacks multiple, well-arranged security features that are easy to authenticate and difficult to replicate.
Locking In Data for Secure Protection
Security experts and credential issuers worldwide need secure, scalable solutions. In the case of physical documents and those complemented by digital features, they seek solutions that are durable, deter forgery, enhance credential authentication, are tear-resistant, can handle wear and tear, and provide tamper-evident protection for at least 10 years of service life.
One effective option with extensive impact is to utilize composite material solutions for the design of state-of-the-art credentials, as they offer equal or better security and enhanced durability at a lower cost compared to mono-polymer solutions.
Decision makers should confirm with their synthetic paper supplier that it can be custom-formulated and purchased from a single source to enable tracking and verification of program-specific credentials through their service lives. Not all manufacturers can offer this benefit.
While these measures make credentials more difficult to counterfeit, document issuers can further ensure the integrity of secure credentials by incorporating a security feature embedded with customized security markers that can only be traced to and authenticated by the credentialing organization to which it was sold.
Shielding Travelers from Risk
Whereas the need for stronger identity and credentialing security can be partially addressed through document design, additional concerns loom with identify theft on the rise. The risk to travelers: data skimming, which can happen when someone tries to fraudulently access data within the passport chip.
The majority of e-Passports issued and in circulation use early technology that is less secure (Basic Access Control or BAC, as well as Extended Access Control or EAC) and are potentially vulnerable to data skimming fraud.
Travelers want their e-Passports to protect against unauthorized access to their personal data, as do credential issuers. With this in mind, governments and passport designers seeking to strengthen personal identity protection can incorporate RF shielding material in passports with e-Covers, e-Data pages, or e-Middle pages – an additional credential component to prevent data skimming.
Upon closing the passport page, the RF shielding material insulates the electronic component, delivering effective RF signal blocking, thus preventing skimmers from establishing good communications. This complementary physical layer is in addition to the embedded security in the encrypted chip.
This secures travelers’ personal data and adds another layer of security to their new or existing e-Passport designs with a minimal increase in production costs.
Consider the analogy of your front door at home outfitted with the latest high-tech lock. It’s secure, but technology is rapidly evolving and theft is on the rise, so you decide to also build a fence around your house. RF shielding material is the physical fence around the embedded digital security strategies of electronic credentials.
By enabling these additional features, countries and their governments can meet the critical need of providing better, more enhanced fraud protection for their citizens, thus increasing the security of the individuals the credentials are intended to protect.
Continuing to Scale and Adapt
Ultimately, there isn’t a singular method for delivering a scalable, comprehensive solution. Experts agree that strong document security, which is key to keeping up with industry growth and the demands of today’s travelers, requires a holistic, multilayer approach.
Similarly, the industry is unlikely to see worldwide buy-in or country-to-country alignment for any one credential system or security protocol in the near future. Infrastructures are inconsistent and credential usage varies by country.
Still, industry leadership and other stakeholders are tasked with planning and executing in line with global trends and challenges, while weighing operational implications such as costs and feasibility.
Progress and success are the result of collaboration among government security agencies, issuing authorities, and system integrators around the world, along with dedication by manufacturers, material suppliers and other experts to constantly innovate.
Juliane Hefel is general manager of PPG’s specialty coatings and materials business. The business creates solutions that enhance the surfaces and materials critical in our daily lives, including PPG TESLIN substrate, used in security documents like passports and drivers’ licenses.