Physical to Digital: A Revolution in Document Security

Executive Summary

There is a revolution underway in the secured document field, as society migrates from using physical secured documents, such as banknotes and identity cards, to the use of smartphones and electronic payment cards for financial transactions and as carriers of our identity credentials.
There is a perception that this revolution is well underway and that the transition from physical to digital is inevitable, unstoppable and irrevocable. The drivers are user convenience and provider cost savings, allied to the technical community’s belief that it can deliver a new way of doing things. Perception trumps reality for now, though, as cash is still used for most retail purchases globally and passports are still required to enter a territory. Nonetheless, this transition is inevitable, so there is a need to consider the impact and implications of this change.
Physical documents are tangible, familiar, and with security and authentication features built in. Moreover, there are a thousand years of history and experience in the world of banknotes, passports and other secured documents, and a key driver for specifiers and designers is security and document protection. In this physical world, professional document examiners develop a sixth sense, a feeling for the document which comes with familiarity and practice.
The result is reflected in the low counterfeiting levels for banknotes and passports (eg. 0.003% of euro banknotes in circulation and 2% of passports worldwide), which compares to, say, the World Health Organization’s estimate that worldwide 10% of medicines are fake. More pertinently, the rate of fraud using payment cards is a large multiple of the banknote counterfeit rate – over 300 times more in the eurozone.
Digital financial transaction systems and identity credentials, for comparison, have barely a 20-year history. This field is technology driven, starting with the development of near field communication (NFC) chips on phones and the 2004 launch of Alipay in China, followed by the the launch of the iPhone in 2007. This ‘we can do it’ attitude leads to the large number of incidents of hacking, system crashes and identity theft which affect millions – sometimes hundreds of millions – of users, often jeopardising their key personal information.
Identity becomes a key factor in this move to digital systems, requiring users to establish their identity and then repeatedly prove it. This involves biometrics, encrypted digital signatures, hash codes, two-factor signatures, self-sovereign ID, encrypted apps, encrypted phones and much more. But all of this depends on the algorithms in the systems. Do we trust these algorithms too much? Is there a role for human senses in examining and authenticating digital identity and
financial transactions?
An immigration official can look at and scan a passport and look at the person presenting it. A retailer can check a banknote with their eyes, their fingers and simple equipment – but this takes time. When digital solutions are created, the primary goal is a more convenient product. Security brings friction, eroding that all-important convenience valued by the consumer. Security is required but is currently a secondary consideration in the development of these digital systems.
Digital identity is being introduced across health systems, driver’s licences and national ID cards, facilitating more efficient health care and easing the passenger experience, enabling kerb-to-seat progression without showing any documents at an airport. Significantly, though, no immigration agency allows the same convenience for arriving international passengers, who all have to show a passport or ID card, sometimes to a machine, sometimes to a person, but always with the person there as backup to the machine.
This white paper asks whether the way forward in this transition, this revolution, is to look for ways to draw on the best of both worlds, the physical and the digital. Can the commitment to security and protection that drives the physical secured document field be inculcated among digital system developers and adopters – and if so, how? Reconnaissance aims to stimulate and facilitate this important discussion through its newsletters, conferences and other publications.