With everything going digital today, personal information must be well guarded, especially on sensitive documents like passports. Despite the care undertaken by many to avoid sharing their passport details online, many people hardly take notice of the MRZ at the bottom of these documents. This encodes vital information that, if revealed, can result in identity theft and other related frauds.
Modern passports, known as Machine-Readable Passports (MRP), incorporate MRZs to streamline travel processes and improve security when crossing borders. When applying for travel documents like visas or at a consulate, it’s crucial to ensure that the Machine-Readable Zone (MRZ) on your passport is properly encoded to prevent issues during the verification process.
Thus, understanding the importance of the MRZ and taking prudent measures toward protecting it becomes a key step toward online security!
Here are some key elements to understand to protect your passport online:
The Human Readable Zone (HRZ)
The Human Readable Zone (HRZ) is the part of a passport, visa or ID document specifically designed for manual inspection by individuals. In the example of Mr. Bean (above), we learn that he was born 6 Jan 1955 in Enfield, UK. We can also read the passport number, and the date the passport was issued (and when it expires). Unlike the Machine Readable Zone (MRZ), which encodes information in a standardized format for automated systems, the HRZ presents personal details in plain, easy-to-read text.
To sum up, the HRZ is the visually readable area on passports and IDs containing key details about the document holder. It is located above the MRZ and serves as the primary reference for officials conducting manual checks.
The key features of the HRZ
The HRZ uses a clear, standardized font to make it universally accessible without the need for specialized training or tools.
The personal information displayed is:
- The full name
- The date of birth
- The passport number
- The nationality
- The document issue and the expiration date
- Some biometric elements (often includes a passport photo and signature for visual cross-verification)
Why is the HRZ important?
The HRZ plays a crucial role in ensuring smooth and secure identity verification, particularly in scenarios where digital systems are unavailable.
- Manual verification: Enables border control officers and other officials to perform identity checks without relying on technology.
- Cross-referencing with MRZ: Acts as a backup for verifying the accuracy of machine-readable data, ensuring that MRZ errors or tampering can be detected.
- Universal accessibility: Supports identity verification in locations with limited infrastructure or incompatible scanning systems.
Because it is made to be read by humans, people regularly post their documents online by only hiding the HRZ, thinking they're safe enough!
The Machine Readable Zone (MRZ) on passports
The Machine Readable Zone (MRZ for short) is the 2 lines of text at the bottom of the passport. If you look at your passport, the first line of the MRZ has a 3 letter abbreviation for your country, followed by your name (all separated by “<“). The Mr. Bean passport is clearly fake, as it only states “GB” instead of the expected “GBR” that is used officially.
The second line of the MRZ appears to be more gibberish, but there are important values there (and this is where you might accidentally leak your private information. It kicks off with your passport number + a checksum digit), followed by your nationality, your date of birth (+1 digit checksum), your sex, and finally the expiration date of your passport.
The Mr. Bean passport above correctly shows his passport number and nationality. It begins to break down on date of birth – the MRZ reports as: 6 November 1981 (different from the human readable zone by several decades). It also shows the issuance date to be 42 April 2000 (hmmm).
The key features of the MRZ
Passports worldwide use the standard TD3 format. The MRZ on your passport will contain two lines, each with 44 characters.
This format is designed to include comprehensive information such as :
- The document type (e.g. P for Passport)
- The issuing country code (like FRA for France)
- The passport holder's name in a standardized format
- The passport number (that you can also find in the HRZ)
- The nationality
- The date of birth
- The sex (M/F). You can also now find an X marker for non binary persons in some countries, like the United States or Argentina
- The passport expiration date
- The check digits for error detection
The MRZ is designed to store essential information in a standardized format, making it easier for gov agencies and international organizations to verify the authenticity of travel and identity documents. MRZ technology is not limited to passports; it is also used in various types of ID cards and visas issued by many states, ensuring uniformity in global travel and identification systems.
Why is the MRZ important?
The Machine Readable Zone (MRZ) is like the superhero cape of your passport—it doesn’t look flashy, but it packs a punch when it comes to speed, security, and efficiency. This little strip of coded text contains all the essential details about you, like your name, passport number, and birthdate, but it’s designed for machines to read in seconds.
That means no more tedious manual typing or room for human error! Whether you’re breezing through airport security for a travel or opening a bank account, the MRZ gets things moving fast. However, unlike biometric passports which include added security layers, traditional MRPs are more vulnerable to misuse if the MRZ data is compromised.
Plus, it’s a global team player—standardized to work everywhere, from New York to Tokyo. And don’t worry, it’s got your back on security too, with clever anti-tampering features that keep fraudsters at bay.
The MRZ is the quiet hero of modern identity checks, making life easier, safer, and a whole lot quicker.
What Happens if I Publicly Post my Passport?
From a passport or a visa to a national ID card or another government-issued certificate, the MRZ ensures that sensitive data is securely stored and can be efficiently checked during online or physical identity verification.
Even if you carefully obfuscate your passport, you can leak information from the MRZ section of your passport.
Here is a photo of my passport, where I’ve drawn a giant yellow box over the entire human readable region:
Trust me, this is my passport.
If I run this passport (with the MRZ zone exposed) through the Mindee Passport Extraction API, it correctly identifies all of my information – as it can extract it from the MRZ. The curl command looks like:
<pre><code>curl -X POST
https://api.mindee.net/products/passport/v1/predict
-H 'X-Inferuser-Token: {myAPItoken}'
-H 'content-type: multipart/form-data;
-F file=@/path/to/my/passport.jpg</code></pre>I receive a JSON result (here are a few snippets of ‘sharable’ information that were correctly extracted):
<pre><code>"country": {
"probability": 1,
"segmentation": {
"bounding_box": []
},
"value": "USA"
},
"given_names": [{
"probability": 0.2,
"segmentation": {
"bounding_box": [
[0.056, 0.915],
[0.479, 0.915],
[0.479, 0.939],
[0.056, 0.939]
]
},
"value": "DOUGLASS"
}],
...</code></pre>The API can read the MRZ and extract all of the private data that I so carefully hid in the human readable zone.
Unlike biometric passports, which include added security layers, traditional MRPs are more vulnerable to misuse if the MRZ data is compromised.
Hackers can exploit improperly protected MRZ data to forge documents or apply for fake certificates, making it crucial to implement secure solutions for processing and storing this information. This is why it is recommended to never share your passport online: even if you think you're safe, your personal info might still be on display!
How to Protect my Personal Information?
So, what are people exposing on social media?
The young man knew not to post the entire photo of his passport, but the MRZ gave away his passport number (I’ve contacted him to let him know).
If you don't want this situation to happen to you, here are some practical steps to ensure your sensitive information stays secure:
To ensure your MRZ information remains secure, always check that the services you use comply with international data protection standards and state-level regulations.
Finding Fake Passports
Poorly forged documents (like Mr. Bean’s passport above) will have discrepancies between the Human Readable and the MRZ. In a recent article in Angola, a woman claims that her passport was forged and used in crimes. The article includes an image of “her” passport:
If we read the bottom line of the MRZ, nothing matches the top of the passport. The can be tested with the Mindee API.
The MRZ Zones are predicted as:
{
"mrz1": {
"probability": 0.27,
"segmentation": {
"bounding_box": [
[0.147, 0.803],
[0.861, 0.803],
[0.861, 0.882],
[0.147, 0.882]
]
},
"value": "PNAGOISABEL<<DOS<SANTOS<<<<<<<<<<<<<<<<<<<<<"
},
"mrz2": {
"probability": 1.0,
"segmentation": {
"bounding_box": [
[0.148, 0.867],
[0.865, 0.867],
[0.865, 0.951],
[0.148, 0.951]
]
},
"value": "N1473613<8AGO8909176M18090600444874<N01<1356"
}
}
Extracting the passport number “N1473613” – it clearly does not match the number on the passport “N1471383”.
Issuance date in the MRZ: 17 Sept 2008. On the passport it states 6 Sept 2018.
The “M” following the issuance date provides the incorrect gender.
The Expiration date appears as 18-Sept 1989, while the passport states 6 Sept 2021.
This passport is clearly fake based on these details. The icing on the forgery cake is the signature. This woman is clearly not “Bruce Lee”.
To sum up, general adoption of MRZ technology has reduced processing times for travelers while ensuring that personal data is secure and easily verified through specific characters. However, the MRZ zone is often overlooked by passport holders, who are unaware that private data is encoded in these two lines.
As governments and organizations continue to digitize the application process for travel and identity documents like visas, ensuring the security of MRZ data remains a critical step in protecting personal identities. These two lines should be kept as secure as the rest of your passport, as they have exactly the same information in them.
To learn more about information extraction from passports, look no further than the Mindee API.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere. uis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.