Dave Bielawski, DSA Board Member
In writing this, I set out to explore “phygital” security features — the fusion of physical and digital elements in identity documents — but the subject quickly revealed its own complexity. Encrypted barcodes, embedded chips, digital signatures, privacy implications — each thread deserves its own deep dive. The core problem is this: we are losing the war against counterfeit identity documents, and the industry must act now.
Counterfeiters Are Winning
Counterfeiters have become so proficient at replicating security features on driver’s licenses that even forensic specialists struggle to distinguish genuine from fake. Expecting a bartender or bank teller to catch a sophisticated fake is not just optimistic — it’s irresponsible. We have set relying parties up to fail.
Digital Signatures Change the Game
While advanced security features are important to incorporate, the physical security arms race is one we cannot win on materials alone. Digital signatures are where the real advantage lies. A digitally signed chip that verifies biographical data against the issuing authority’s signature cannot be easily cloned. Add a separately signed barcode containing the document holder’s photo, and you have layers of assurance that no physical feature can match.
Tools and Training Must Follow
Technology alone solves nothing without the people and processes to support it. Bartenders, bank tellers, and online service providers all need proper authentication tools and the training to use them. Right now, most have neither — and that is an industry failure, not a user failure. Public education is equally critical. Every fake ID purchased funds the next generation of counterfeiting technology, making the problem harder and more expensive to solve. DSA’s “No Fake IDs” campaign is a strong start, but it needs significantly greater reach and urgency.
Privacy and Coordination Are Non-Negotiable
Authentication systems that query issuer databases must protect document holder privacy by design — no retained history, no exposed relying party identities. Meanwhile, the fragmented ecosystem of issuers, standards bodies, and relying parties must consolidate faster. That fragmentation is itself a vulnerability that counterfeiters exploit.
The tools exist. What is needed now is the collective will to deploy them — broadly, consistently, and without delay.
