Passport and ID Document Verification: Complete Guide
Complete guide to passport verification and ID document checks: MRZ zones, RFID chips, ICAO Doc 9303, Australian documents, fraud detection methods.
Summarize this article with
ChatGPT
Claude
Perplexity
Gemini
GrokPassport verification is the foundation of identity assurance for any organisation that must confirm who it is dealing with. The Australian Passport Office issues millions of passports, while the Department of Home Affairs processes significant volumes of visas and travel documents. For reporting entities subject to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, the ability to authenticate these documents accurately and at speed determines whether onboarding is secure or merely fast.
This guide covers the security features embedded in modern identity documents, the verification methods available, the ICAO standards that underpin machine-readable travel documents, Australian document types and checks, and the fraud techniques most commonly encountered in practice.
Security features of modern identity documents
Modern passports and identity documents rely on multiple overlapping security layers. Each layer targets a different verification method โ visual inspection, optical analysis, or electronic reading โ so that defeating one layer does not compromise the entire document.
Machine Readable Zone (MRZ)
The MRZ is a block of structured text at the bottom of the document's data page, readable by optical scanners. On an Australian passport, it consists of two lines of 44 characters encoding the document type, issuing state (AUS), surname, given names, passport number, nationality, date of birth, sex, expiry date, and personal number. Each data field is followed by a check digit calculated using a modular arithmetic algorithm defined in ICAO Doc 9303.
Australian driver licences issued by state and territory authorities (e.g., Roads and Maritime Services in NSW, VicRoads in Victoria) do not contain a standard MRZ, though each licence has a structured card number and document number.
RFID / NFC chip
Australian biometric passports (issued since 2005) contain an RFID chip storing a digitised facial photograph and the MRZ data. The chip is protected by Basic Access Control (BAC), which uses data printed on the data page as the access key, and Extended Access Control (EAC) for biometric data, restricted to authorised government agencies.
Visual and optical security features
| Security feature | Australian passport | ImmiCard | Verification method |
|---|---|---|---|
| Hologram | Kangaroo and emu kinegram | Holographic overlay | Tilt under direct light |
| OVI (optically variable ink) | Colour-shifting ink on data page | OVI elements | View at two angles |
| Microprinting | Microscopic text in design elements | Microtext | 10x magnifier |
| Ghost image | Secondary photo in watermark area | Laser-engraved secondary image | Transmitted light |
| UV-reactive elements | Fluorescent patterns under UV | UV fibres embedded in substrate | 365 nm UV lamp |
| Laser perforation | Personalised perforations on data page | Not applicable | Transmitted light |
Watermark and intaglio printing
Australian passports contain a multi-tone watermark visible by transmitted light, incorporating Australian imagery. The data page uses intaglio printing (raised ink detectable by touch), a feature that cannot be replicated by standard inkjet or laser printers.
Verification methods: manual versus automated
The choice between manual and automated verification depends on document volume, acceptable risk levels, and regulatory requirements. The Australian Government's Digital Identity framework and the Document Verification Service (DVS) through IDMatch set the benchmark for identity verification standards.
Comparison of verification methods
| Criterion | Manual verification | Automated verification |
|---|---|---|
| Time per document | 3 to 5 minutes | Under 10 seconds |
| Fraud detection rate | 40 to 60% (trained agent) | 95 to 99% |
| Cost per verification | AUD 3 to 7 (agent time) | AUD 0.10 to 0.60 |
| Scalability | Linear (1 agent = 1 document) | Near-unlimited |
| Consistency | Variable (fatigue, training) | Constant |
| Audit trail | Depends on internal procedures | Built-in logging |
| MRZ validation | Visual reading, no check digit validation | Full algorithmic validation |
| RFID chip reading | Requires dedicated reader | NFC reading via smartphone |
Manual verification
Manual verification remains common in solicitors' offices, real estate agencies, and smaller financial institutions. It relies on visual inspection of holograms, watermarks, and microprinting, combined with comparing the photograph to the document holder. Agents may consult the Department of Home Affairs VEVO service to confirm visa status, though this does not authenticate the document itself.
Automated verification
Automated verification combines OCR, image analysis, NFC chip reading, and algorithmic MRZ validation. Solutions like CheckFile process a document in under 10 seconds: reading and validating the MRZ (including all check digits), detecting visual security features, extracting file metadata, and performing facial comparison against a live selfie.
For organisations processing high volumes, automated verification is the only practical approach. Refer to our industry verification guide for sector-specific implementation guidance.
ICAO standards and machine-readable zones
The International Civil Aviation Organization (ICAO) defines the standards for machine-readable travel documents in the ICAO Doc 9303 series, applicable across all 193 ICAO member states, including Australia.
MRZ format for passports (TD3)
The TD3 format uses two lines of 44 characters. Line 1 contains the document type (P), the issuing state code (AUS for Australia), surname, and given names. Line 2 contains the passport number, nationality, date of birth, sex, expiry date, optional data, and check digits.
MRZ format for ImmiCards and ID cards (TD1)
ImmiCards use the TD1 format: three lines of 30 characters. Line 1 contains the document type, issuing state, and document number with check digit. Line 2 contains date of birth, sex, expiry date, nationality, and optional data. Line 3 contains the holder's name.
ICAO compliance ensures interoperability across all member states, which is critical for businesses operating internationally.
Ready to automate your checks?
Free pilot with your own documents. Results in 48h.
Request a free pilotAustralian identity documents: types and verification points
Australia does not have a national identity card, making the passport the primary government-issued identity document for Australian citizens. However, several state and territory documents are widely used.
Australian passport
The current Australian passport features a dark blue cover and contains a polycarbonate data page with laser-engraved personalisation. Key verification points:
- RFID chip with BAC and EAC protection
- Kinegram hologram (kangaroo and emu)
- Laser-perforated personalisation on data page
- UV-reactive security features on multiple pages
- MRZ TD3 format (two lines, 44 characters)
The Australian Passport Office provides reference material on passport security features.
State and territory driver licences
Each Australian state and territory issues its own driver licence with distinct security features. While they do not contain MRZ or RFID chips, they include multiple security features: UV-reactive elements, microprinting, tactile surfaces, holographic overlays, and guilloche patterns. Driver licence numbers vary by state but follow structured formats that can be cross-validated.
ImmiCard
ImmiCards are credit-card-sized polycarbonate documents issued to non-citizens who hold a substantive visa but do not have a travel document. They contain an NFC chip with biometric data, a laser-engraved photograph, and a TD1 MRZ.
Document verification reference table
| Document | Maximum validity | MRZ | NFC chip | DVS check | Priority controls |
|---|---|---|---|---|---|
| Australian passport (current) | 10 years | TD3 (2 lines) | Yes (RFID) | Yes, via IDMatch | Chip + MRZ + hologram |
| State driver licence | 5โ10 years (varies) | None | No | Yes, via IDMatch | Hologram + UV + licence number |
| ImmiCard | Until visa expiry | TD1 (3 lines) | Yes (NFC) | Via VEVO | Chip + MRZ + laser photo |
| Medicare card | 1โ5 years | None | No | Yes, via IDMatch | Card number validation |
| Foreign passport | Varies | TD3 (2 lines) | Varies | Not via DVS | MRZ + visual security features |
Common fraud techniques and detection methods
Identity document fraud in Australia falls into four main categories, each requiring different detection approaches. The Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) monitor identity fraud trends across the country.
Complete counterfeits
The fraudster produces an entirely fabricated document. Low-quality counterfeits are detectable through the absence of functional holograms, typographic errors, and missing watermarks. High-quality industrial counterfeits require analysis of microprinting, substrate composition, and NFC chip verification (absent or non-compliant on counterfeits).
Alteration of genuine documents
The fraudster modifies an authentic document: replacing the photograph, changing dates or names, or erasing and reprinting data. Detection relies on:
- Analysis of laminate integrity (lifted or resealed laminate visible under oblique light)
- Consistency between printed data and MRZ-encoded data
- Comparison of MRZ data with NFC chip data (any discrepancy indicates tampering)
Impersonation (genuine document, wrong holder)
The fraudster uses a genuine document belonging to another person of similar appearance. Countermeasures combine:
- Facial comparison between the holder and the document photograph (facial biometrics)
- Biometric data verification from the NFC chip (where reader is available)
- Liveness detection to exclude screen presentations and deepfakes
Stolen or lost documents
Documents reported stolen or lost are sometimes reused by third parties. The Document Verification Service (DVS) through IDMatch enables verification of Australian government documents. Automated systems should flag documents with expiry dates that do not match the holder's apparent age or application context.
Fraud detection matrix
| Fraud type | Key indicators | Manual detection | Automated detection |
|---|---|---|---|
| Complete counterfeit | Missing hologram, wrong typeface, no watermark | Moderate (trained agents) | High (image analysis) |
| Alteration | MRZ/printed data mismatch, laminate damage | Low to moderate | High (MRZ/NFC comparison) |
| Impersonation | Physical resemblance, no document anomaly | Very low | High (facial biometrics + liveness) |
| Stolen/lost document | Valid document, reported status | None (without database access) | High (DVS check integration) |
For a comprehensive overview, see our industry document verification guide.
Frequently asked questions
Is passport verification legally required for Australian businesses?
Yes, for reporting entities subject to the AML/CTF Act 2006. This includes banks, credit unions, remittance providers, digital currency exchange providers, gambling operators, and bullion dealers. The AML/CTF Rules require customer due diligence including verification of the customer's identity on the basis of documents or information obtained from a reliable and independent source.
What is the DVS and how does it affect document verification?
The Document Verification Service (DVS), operated through IDMatch, allows organisations to verify the information on Australian government-issued identity documents (passports, driver licences, Medicare cards, citizenship certificates) against the issuing agency's records. It confirms whether the document details match โ but does not confirm the person presenting the document is the document holder.
Can automated verification read all types of Australian identity documents?
Automated systems can read and validate MRZ data on passports and ImmiCards, and read NFC chip data on biometric documents. For state driver licences (which lack MRZ and NFC), verification relies on image analysis, security feature detection, and cross-validation of the structured licence number. Solutions like CheckFile support all major Australian document types plus over 6,000 document types from 200 countries.
How should businesses handle expired documents?
Expired passports and driver licences should not be accepted as primary identity evidence under the AML/CTF Act. However, an expired document may serve as supporting evidence in combination with a current document. The 100 point identity check system specifies that expired documents carry reduced point values. Each business should define its policy based on its risk appetite and regulatory requirements.
Is automated document verification compliant with the Privacy Act 1988?
Yes, provided the processing complies with the Australian Privacy Principles: data minimisation, purpose limitation, and storage limitation. Processing biometric data (facial comparison) falls under the definition of sensitive information under the Privacy Act 1988 and requires consent or a specific legal basis. Review our security page for details of our compliance architecture.
Moving to automated passport and ID verification
Manual identity document checks cannot keep pace with the volume and sophistication of modern document fraud. Automated verification combines MRZ reading, image analysis, NFC chip authentication, and facial biometrics to achieve detection rates above 95%, with processing times under 10 seconds per document.
CheckFile supports businesses across all regulated sectors in deploying automated document verification. Whether you operate in financing and leasing, banking, insurance, or property, our platform integrates with existing workflows via REST API. Review our pricing or contact our team to arrange a demonstration using your own document types and workflows.
This article is for informational purposes only and does not constitute legal, financial, or regulatory advice. Consult a qualified compliance professional for guidance specific to your situation.
Take action
CheckFile verifies 180,000 documents per month with 98.7% OCR accuracy. Test the platform with your own documents โ results within 48h.
Stay informed
Get our compliance insights and practical guides delivered to your inbox.