With everything going digital today, personal information must be well guarded, especially on sensitive documents like passports. Despite the care undertaken by many to avoid sharing their passport details online, many people hardly take notice of the MRZ at the bottom of these documents. This encodes vital information that, if revealed, can result in identity theft and other related frauds.
Thus, understanding the importance of the MRZ and taking prudent measures toward protecting it becomes a key step toward online security!
Here are some key elements to understand to protect your passport online:
The Human Readable Zone
The Human Readable Zone (HRZ) is the part of a passport or ID document specifically designed for manual inspection by individuals. In the example of Mr. Bean (above), we learn that he was born 6 Jan 1955 in Enfield, UK. we can also read the passport number, and the date the passport was issued (and when it expires). Unlike the Machine Readable Zone (MRZ), which encodes information in a standardized format for automated systems, the HRZ presents personal details in plain, easy-to-read text.
What is the HRZ?
The HRZ is the visually readable area on passports and IDs containing key details about the document holder. It is located above the MRZ and serves as the primary reference for officials conducting manual checks.
The key features of the HRZ
The HRZ uses a clear, standardized font to make it universally accessible without the need for specialized training or tools.
The personal information displayed is:
- Full Name
- Date of Birth
- Passport/ID Number
- Nationality
- Document Issue and Expiration Dates
- Biometric Elements: Often includes a passport photo and signature for visual cross-verification.
Why is the HRZ important?
The HRZ plays a crucial role in ensuring smooth and secure identity verification, particularly in scenarios where digital systems are unavailable.
- Manual Verification: Enables border control officers and other officials to perform identity checks without relying on technology.
- Cross-Referencing with MRZ: Acts as a backup for verifying the accuracy of machine-readable data, ensuring that MRZ errors or tampering can be detected.
- Universal Accessibility: Supports identity verification in locations with limited infrastructure or incompatible scanning systems.
The Machine Readable Zone (MRZ) on Passports
The Machine Readable Zone (MRZ for short) is the 2 lines of text at the bottom of the passport. If you look at your passport, the first line of the MRZ has a 3 letter abbreviation for your country, followed by your name (all separated by “<“). The Mr. Bean passport is clearly fake, as it only states “GB” instead of the expected “GBR” that is used officially.
The second line of the MRZ appears to be more gibberish, but there are important values there (and this is where you might accidently leak your private information. It kicks off with your passport number + a checksum digit), followed by your nationality, your date of birth (+1 digit checksum), your sex, and finally the expiration date of your passport.
The Mr. Bean passport above correctly shows his passport number and nationality. It begins to break down on date of birth – the MRZ reports as: 6 November 1981 (different from the human readable zone by several decades). It also shows the issuance date to be 42 April 2000 (hmmm).
Publicly posting your passport
Even if you carefully obfuscate your passport, you can leak information from the MRZ section of your passport. Here is a photo of my passport, where I’ve drawn a giant yellow box over the entire human readable region:
Trust me, this is my passport.
If I run this passport (with the MRZ zone exposed) through the Mindee Passport Extraction API, it correctly identifies all of my information – as it can extract it from the MRZ. The curl command looks like:
I receive a JSON result (here are a few snippets of ‘sharable’ information that were correctly extracted):
The API can read the MRZ and extract all of the private data that I so carefully hid in the human readable zone.
Exposing the MRZ
So, what are people exposing on social media?
The young man knew not to post the entire photo of his passport, but the MRZ gave away his passport number (I’ve contacted him to let him know).
Finding Fake Passports
Poorly forged documents (like Mr. Bean’s passport above) will have discrepancies between the Human Readable and the MRZ. In a recent article in Angola, a woman claims that her passport was forged and used in crimes. The article includes an image of “her” passport:
If we read the bottom line of the MRZ, nothing matches the top of the passport. The can be tested with the Mindee API:
The MRZ Zones are predicted as:
Extracting the passport number “N1473613” – it clearly does not match the number on the passport “N1471383”.
Issuance date in the MRZ: 17 Sept 2008. On the passport it states 6 Sept 2018.
The “M” following the issuance date provides the incorrect gender.
The Expiration date appears as 18-Sept 1989, while the passport states 6 Sept 2021.
This passport is clearly fake based on these details. The icing on the forgery cake is the signature. This woman is clearly not “Bruce Lee”
Conclusion
The MRZ zone is often overlooked by passport holders, who are unaware that private data is encoded in these two lines. These two lines should be kept as secure as the rest of your passport, as they have exactly the same information in them. To learn more about information extraction from passports, look no further than the Mindee API.