Passport and ID Document Verification in the US
Complete guide to US passport verification and ID document checks: MRZ zones, RFID chips, ICAO Doc 9303, REAL ID, state driver's licenses
Summarize this article with
ChatGPT
Claude
Perplexity
Gemini
GrokPassport verification is the foundation of identity assurance for any organization that must confirm who it is dealing with. The US Department of State issued over 24 million passports in fiscal year 2024, while USCIS processed approximately 1.1 million Green Cards. For regulated businesses subject to FinCEN's Customer Due Diligence (CDD) requirements under the Bank Secrecy Act, the ability to authenticate these documents accurately and at speed determines whether onboarding is secure or merely fast.
This article is for informational purposes only and does not constitute legal, financial, or regulatory advice. Regulatory references are accurate as of the publication date. Consult a qualified professional for guidance specific to your situation.
This guide covers the security features embedded in modern US identity documents, the verification methods available, the ICAO standards that underpin machine-readable travel documents, US-specific document types and checks, and the fraud techniques most commonly encountered in practice.
Security features of modern identity documents
Modern passports and identity documents rely on multiple overlapping security layers. Each layer targets a different verification method โ visual inspection, optical analysis, or electronic reading โ so that defeating one layer does not compromise the entire document.
Machine Readable Zone (MRZ)
The MRZ is a block of structured text at the bottom of the document's data page, readable by optical scanners. On a US passport, it consists of two lines of 44 characters encoding the document type, issuing state (USA), surname, given names, passport number, nationality, date of birth, sex, expiry date, and personal number. Each data field is followed by a check digit calculated using a modular arithmetic algorithm defined in ICAO Doc 9303.
US Green Cards (Permanent Resident Cards) use the TD1 format: three lines of 30 characters. State driver's licenses and identification cards do not contain a standard ICAO MRZ, though they use PDF417 barcodes on the reverse that encode personal data in a machine-readable format defined by the AAMVA (American Association of Motor Vehicle Administrators).
RFID / NFC chip
US biometric passports (issued since August 2007, identifiable by the e-passport symbol on the front cover) contain an RFID chip storing a digitized facial photograph and the MRZ data. The chip is protected by Basic Access Control (BAC), which uses data printed on the data page as the access key, and Passive Authentication (PA) to confirm the data has not been altered since issuance.
US Green Cards issued since May 2010 also contain an RFID chip with biometric data. The Department of State Bureau of Consular Affairs oversees passport chip standards, while USCIS manages Green Card chip specifications.
Visual and optical security features
| Security feature | US passport | Green Card | Verification method |
|---|---|---|---|
| Hologram | Bald Eagle kinegram on data page | Holographic stripe with Statue of Liberty | Tilt under direct light |
| OVI (optically variable ink) | Color-shifting ink elements | OVI elements on card face | View at two angles |
| Microprinting | Microscopic text throughout visa pages | Microtext around photo border | 10x magnifier |
| Ghost image | Secondary laser-engraved photo | Laser-engraved secondary image | Transmitted light |
| UV-reactive elements | Fluorescent Great Seal on data page, UV patterns on visa pages | UV-reactive elements embedded in card | 365 nm UV lamp |
| Laser perforation | Laser-perforated data on polycarbonate page | Not applicable | Transmitted light |
Watermark and intaglio printing
US passports contain security watermarks visible by transmitted light. The polycarbonate data page (introduced in the Next Generation Passport program) uses laser-engraved personalization and intaglio printing (raised ink detectable by touch) โ features that cannot be replicated by standard inkjet or laser printers.
Verification methods: manual versus automated
The choice between manual and automated verification depends on document volume, acceptable risk levels, and regulatory requirements. For US financial institutions, FinCEN's Customer Due Diligence Rule (31 CFR ยง 1010.230) establishes the baseline for identity verification, while sector-specific regulators (OCC, FDIC, SEC, FINRA) impose additional requirements.
Comparison of verification methods
| Criterion | Manual verification | Automated verification |
|---|---|---|
| Time per document | 3 to 5 minutes | Under 10 seconds |
| Fraud detection rate | 40 to 60% (trained agent) | 95 to 99% |
| Cost per verification | $2.50 to $6.00 (agent time) | $0.10 to $0.50 |
| Scalability | Linear (1 agent = 1 document) | Near-unlimited |
| Consistency | Variable (fatigue, training) | Constant |
| Audit trail | Depends on internal procedures | Built-in logging |
| MRZ validation | Visual reading, no check digit validation | Full algorithmic validation |
| RFID chip reading | Requires dedicated reader | NFC reading via smartphone |
Manual verification
Manual verification remains common in law offices, real estate title companies, and smaller financial institutions. It relies on visual inspection of holograms, watermarks, and microprinting, combined with comparing the photograph to the document holder. Agents may use supplementary tools like the USCIS Systematic Alien Verification for Entitlements (SAVE) program to confirm immigration status for specific benefit eligibility contexts, though this does not authenticate the physical document itself.
Manual checks typically achieve moderate confidence at best, which is insufficient for high-risk onboarding scenarios such as financing and leasing or regulated financial services subject to BSA/AML obligations.
Automated verification
Automated verification combines OCR, image analysis, NFC chip reading, and algorithmic MRZ validation. Solutions like CheckFile process a document in under 10 seconds: reading and validating the MRZ (including all check digits), detecting visual security features, extracting file metadata, and performing facial comparison against a live selfie.
For organizations processing high volumes, automated verification is the only practical approach. Refer to our industry verification guide for sector-specific implementation guidance.
ICAO standards and machine-readable zones
The International Civil Aviation Organization (ICAO) defines the standards for machine-readable travel documents in the ICAO Doc 9303 series, applicable across all 193 ICAO member states, including the United States.
Structure of Doc 9303
Doc 9303 comprises 13 parts covering the full lifecycle of machine-readable travel documents:
- Part 1: Introduction and terminology
- Part 3: Common specifications for machine-readable travel documents (MRTDs) โ TD1 (card), TD2 (small format), and TD3 (passport) formats
- Part 4: Specifications for machine-readable passports (MRP)
- Part 9: Deployment of biometric identification
- Part 11: Security mechanisms for MRTDs
- Part 13: Visible digital seal (VDS) specifications
MRZ format for passports (TD3)
The TD3 format uses two lines of 44 characters. Line 1 contains the document type (P), the issuing state code (USA for United States), surname, and given names. Line 2 contains the passport number, nationality, date of birth, sex, expiry date, optional data, and check digits. Each data block is followed by a check digit calculated using the algorithm defined in Part 4 of Doc 9303.
MRZ format for Green Cards and ID cards (TD1)
US Permanent Resident Cards (Green Cards) use the TD1 format: three lines of 30 characters. Line 1 contains the document type, issuing state, and document number with check digit. Line 2 contains date of birth, sex, expiry date, nationality, and optional data. Line 3 contains the holder's name. A composite check digit on line 2 validates the entire data set.
ICAO compliance ensures interoperability across all member states, which is critical for businesses operating internationally. The US is also a participant in the Visa Waiver Program, which requires Electronic System for Travel Authorization (ESTA) applicants to hold ICAO-compliant e-passports โ reinforcing the importance of chip-based verification for US-facing operations.
Ready to automate your checks?
Free pilot with your own documents. Results in 48h.
Request a free pilotUS-specific identity documents: types and verification points
The United States issues several identity document types, each with distinct security features and verification requirements. Unlike many countries, the US does not have a single national identity card, making the passport and state-issued driver's licenses the primary government-issued identity documents.
US passport
The current US passport (Next Generation Passport, issued since 2021) features a polycarbonate data page with laser-engraved personalization. Key verification points:
- RFID chip with BAC and Passive Authentication
- Bald Eagle kinegram hologram on data page
- Laser-engraved personalization on polycarbonate page
- UV-reactive security features on multiple pages
- MRZ TD3 format (two lines, 44 characters)
The Department of State Bureau of Consular Affairs manages passport issuance and security standards.
US Passport Card
The US Passport Card is a wallet-sized travel document valid for land and sea travel between the US, Canada, Mexico, Bermuda, and the Caribbean. It contains an RFID vicinity-read chip (different from the passport's contactless smart chip) and a TD1 MRZ. It is not valid for international air travel but is accepted as a List A document for Form I-9 purposes and as a REAL ID-compliant identity document.
Permanent Resident Card (Green Card)
The current Green Card (Form I-551, redesigned 2023) is a polycarbonate card with RFID chip, laser-engraved photograph, holographic stripe, and TD1 MRZ. Green Cards are issued with a 10-year validity for permanent residents and a 2-year validity for conditional residents. Expired Green Cards do not invalidate the holder's immigration status but should not be accepted as current identity documents for CDD purposes.
State driver's license and REAL ID
State driver's licenses are the most commonly presented identity document in the United States. The REAL ID Act of 2005, with full enforcement beginning May 7, 2025, establishes minimum security standards for state-issued driver's licenses and identification cards. REAL ID-compliant cards are marked with a gold star and are required for boarding domestic flights and accessing federal facilities.
Key security features vary by state but typically include:
- PDF417 barcode (AAMVA standard) on reverse
- UV-reactive elements
- Microprinting
- Tactile features (raised lettering or patterns)
- Holographic overlay or embedded hologram
- Ghost image of the holder's photograph
Since each state designs its own card, verification requires knowledge of 56 different document templates (50 states + DC + 5 territories). Automated systems maintain databases of all current and recent templates.
Document verification reference table
| Document | Maximum validity | MRZ | RFID chip | Federal database check | Priority controls |
|---|---|---|---|---|---|
| US passport (2021+) | 10 years (adult) | TD3 (2 lines) | Yes (RFID) | SAVE / CBP systems | Chip + MRZ + hologram |
| US passport (pre-2021) | 10 years (adult) | TD3 (2 lines) | Yes (RFID, post-2007) | SAVE / CBP systems | Chip + MRZ + watermark |
| US Passport Card | 10 years (adult) | TD1 (3 lines) | Yes (vicinity-read) | SAVE / CBP systems | Chip + MRZ + hologram |
| Green Card (2023+) | 10 years / 2 years | TD1 (3 lines) | Yes (RFID) | USCIS SAVE | Chip + MRZ + laser photo |
| State driver's license (REAL ID) | Varies by state (4-8 years) | None (PDF417 barcode) | No | No federal database | Barcode + hologram + UV |
| Employment Authorization Document (EAD) | 1-2 years | TD1 (3 lines) | Yes (RFID) | USCIS SAVE / E-Verify | Chip + MRZ + hologram |
Common fraud techniques and detection methods
Identity document fraud in the United States falls into four main categories, each requiring different detection approaches. The FBI Financial Crimes Unit and the Secret Service report that identity fraud facilitated an estimated $43 billion in losses in the US in 2024, with document fraud serving as the entry point for a substantial share of financial crimes.
Complete counterfeits
The fraudster produces an entirely fabricated document. Low-quality counterfeits are detectable through the absence of functional holograms, typographic errors, and missing watermarks. High-quality industrial counterfeits require analysis of microprinting, substrate composition, and RFID chip verification (absent or non-compliant on counterfeits).
Complete counterfeits are increasingly targeting state driver's licenses rather than passports, because the 56 different state templates create complexity that manual reviewers struggle to master. The Document Security Alliance reports that counterfeit state IDs are the most commonly encountered fraudulent documents in US financial services.
Alteration of genuine documents
The fraudster modifies an authentic document: replacing the photograph, changing dates or names, or erasing and reprinting data. Detection relies on:
- Analysis of laminate integrity (lifted or resealed laminate visible under oblique light)
- Consistency between printed data and MRZ-encoded data
- Comparison of MRZ data with RFID chip data (any discrepancy indicates tampering)
- PDF417 barcode data comparison with printed data on state IDs
Impersonation (genuine document, wrong holder)
The fraudster uses a genuine document belonging to another person of similar appearance. This is the most difficult fraud type to detect through document verification alone. Countermeasures combine:
- Facial comparison between the holder and the document photograph (facial biometrics)
- Biometric data verification from the RFID chip (where reader is available)
- Liveness detection to exclude screen presentations and deepfakes
Stolen or lost documents
Documents reported stolen or lost are sometimes reused by third parties. The State Department maintains records of reported lost/stolen passports, accessible to law enforcement and authorized government systems. For state driver's licenses, no single national invalidation database exists, though many states participate in the AAMVAnet system for interstate verification. Automated systems should flag documents with expiry dates that do not match the holder's apparent age or application context.
Fraud detection matrix
| Fraud type | Key indicators | Manual detection | Automated detection |
|---|---|---|---|
| Complete counterfeit | Missing hologram, wrong typeface, no watermark | Moderate (trained agents) | High (image analysis) |
| Alteration | MRZ/printed data mismatch, laminate damage | Low to moderate | High (MRZ/RFID comparison) |
| Impersonation | Physical resemblance, no document anomaly | Very low | High (facial biometrics + liveness) |
| Stolen/lost document | Valid document, reported status | None (without database access) | High (status check integration) |
For a comprehensive overview, see our industry document verification guide.
Take action
CheckFile verifies 180,000 documents per month with 98.7% OCR accuracy. Test the platform with your own documents โ results within 48h.
Frequently Asked Questions
Is passport verification legally required for US businesses?
Yes, for firms subject to the Bank Secrecy Act and FinCEN's Customer Due Diligence Rule (31 CFR ยง 1010.230). This includes banks, broker-dealers, mutual funds, futures commission merchants, and introducing brokers in commodities. The CDD Rule requires these institutions to identify and verify the identity of customers, including verifying identity documents. Beyond BSA-covered institutions, any employer must examine identity documents as part of the I-9 process, and many state-regulated industries (insurance, real estate, cannabis) have their own identity verification requirements.
What is REAL ID and how does it affect document verification?
The REAL ID Act, enacted in 2005 with full enforcement beginning May 7, 2025, sets minimum security standards for state-issued driver's licenses and identification cards. REAL ID-compliant cards are marked with a gold star and are required for boarding domestic flights and accessing federal facilities. For businesses conducting identity verification, REAL ID-compliant documents offer a higher baseline of trust because they require in-person identity proofing at issuance, including verification of Social Security Number, US residency, and lawful immigration status. However, non-REAL-ID cards remain valid for many purposes including Form I-9.
Can automated verification read all types of US identity documents?
Automated systems can read and validate MRZ data on passports, passport cards, Green Cards, and EADs, and read RFID chip data on biometric documents. For state driver's licenses (which lack ICAO MRZ but have PDF417 barcodes), verification relies on barcode decoding, image analysis, security feature detection, and template matching against all 56 state designs. Solutions like CheckFile support all major US document types plus over 6,000 document types from 200 countries.
How should businesses handle expired documents?
Expired passports and Green Cards should not be accepted as primary identity evidence for CDD purposes under BSA/AML regulations. However, an expired US passport may serve as a List B identity document for Form I-9 purposes (it establishes identity but not work authorization), and some organizations accept recently expired documents as supporting evidence in combination with a current document. Each business should define its policy based on its risk appetite and regulatory requirements.
Is automated document verification compliant with US privacy law?
Yes, provided the processing complies with applicable federal and state privacy requirements. At the federal level, the Gramm-Leach-Bliley Act (GLBA) governs financial institutions' handling of customer information. State laws including the California Consumer Privacy Act (CCPA), Illinois Biometric Information Privacy Act (BIPA), and Texas Capture or Use of Biometric Identifier Act impose additional requirements for biometric data processing, including consent and disclosure obligations. Review our security page for details of our compliance architecture.
Moving to automated passport and ID verification
Manual identity document checks cannot keep pace with the volume and sophistication of modern document fraud. Automated verification combines MRZ reading, image analysis, RFID chip authentication, and facial biometrics to achieve detection rates above 95%, with processing times under 10 seconds per document.
CheckFile supports businesses across all regulated sectors in deploying automated document verification. Whether you operate in financing and leasing, banking, insurance, or real estate, our platform integrates with existing workflows via REST API. Review our pricing or contact our team to arrange a demonstration using your own document types and workflows.
Stay informed
Get our compliance insights and practical guides delivered to your inbox.