Using documents as evidence
Additional guidance for when physical documents are used in identification processes.
Help us create the best guidance possible
If you would like anything added to or clarified in this guidance, email the Identification Management team identity@dia.govt.nz.
Introduction
Find definitions for key terms used in this guidance — Identification terminology.
This guidance will evolve and expand over time to meet the needs of users and is part of the wider Identification Standards.
Qualities of physical documents
Physical documents used in identification processes can range in type and quality. Some have sophisticated security features, while others can be a simple printout from a computer.
They may be complex such as multi-page books or large sheets of paper, or they may be small credit-card-sized items. Physical documents can be made of different materials — paper, card, plastic, fabric, silicon or metal.
As credentials, physical documents can be versatile and used as evidence in both information and binding assurance processes.
Information limitations
Most documents used as credentials provide limited amounts of verified information.
Robust documents have better security features used to assess how genuine they are. Although they often contain identifying information, they rarely include eligibility and capability information needed for decision making.
Sight original documents
Technological advancements such as digital colour printers facilitate the alteration or forging of documents.
Photocopied or scanned documents, even if they have been certified by a Justice of the Peace, are easy to alter and are therefore unreliable as evidence.
It’s important to only accept original documents or copies that are certified by the issuing authority. This allows examination of all security features that are not immediately obvious and are difficult to replicate, such as watermarks and embossing.
If the authenticity of a document is questionable, verify the authenticity of that document with the issuing authority.
Expired documents
The expiry of a document is usually associated with its purpose, not necessarily the information it contains. Any information in a document can change after it’s created, regardless of whether the document has expired or not.
For example, when a passport has expired, it doesn’t mean the information in it has.
However, the longer a document has been expired, the more likely information in it has changed. Expired documents are also likely to have out-of-date security features, making them easier to tamper with or forge. If an image in the document is relied on for binding, it may be less clear or more difficult to match to the owner.
When accepting expired documents, it is important to consider if additional documents or steps are needed to mitigate risks.
Privacy implications
While the Privacy Act 2020 covers the wider implications of collection, disclosure and use of personal information, the following information applies specifically to identification.
When presenting documents, holders often provide more information than is needed. This can be further compounded when a copy is also taken of the document.
Consider if it is more appropriate to:
- record that the document was sighted, on what date and by which staff member
- record the relevant information from the documents, or
- keep a copy of the document.
Recording a document as sighted carries no additional responsibility. Keeping copies of documents imposes responsibilities to protect the copies and the information they contain.
Overseas-issued documents
Documents from other countries can vary widely in the identification processes used to establish them and their security features. For example, a document from one country might be computer printed on special paper, containing a watermark and an embossed seal, while a document from another country is handwritten on regular paper with a stamp.
These variations can cause undue discrimination based on country of origin when enrolling Entities.
English translations should only be accepted if they are:
- accompanied by the original document — originals can be re-translated if there is any doubt about the translation
- carried out by the issuing authority of the document, an embassy of the issuing country or an authorised translation service in New Zealand.
Many countries don’t have regulations regarding the translation of documents which means that even the presence of stamps and seals gives little assurance as to the authenticity of the translation.
Verification with an overseas authoritative source is not possible in most cases. Therefore, training in document recognition is important for increased assurance.
Levels of information accuracy and quality
Documents contain a mixture of levels of information accuracy. All documents are a copy of information contained in a register or database, which can be authoritative or not. Therefore, it is unlikely a document will ever have any information higher than level 3, with respect to control IA3.03, and often information will be lower.
The availability of security features in a document and the degree to which these are checked will determine the quality of the document for the control. Staff need to be appropriately trained in document recognition to complete these checks.
Training in document recognition techniques helps to determine if documents have been fraudulently prepared or altered.
Using documents for binding
Binding an Entity to Entity Information establishes that the information, regardless of its level of assurance, relates to the Entity claiming it.
Documents can be used for binding information to Entities as they can fulfil requirements in the Binding Assurance control BA3.02.
Binding Assurance Standard — BA3.02 Control
A document is an existing Credential that has equal or greater assurance level than the binding factors needed for its desired level. The level of assurance a document can achieve will depend on whether the information contained in it is consistent with any of the Entity Information being collected and the degree to which it meets the binding factor requirements.
For a document to be used as an Authenticator on an ongoing basis, it should be registered in Entity Information.
Single document meeting multiple objectives
A single document does not usually meet all the controls required to enrol an Entity at higher levels of assurance. When it does, consideration should be given to the risk of relying on a single document that could have been compromised.
It’s unlikely that a single document will contain all the information needed to enrol an Entity. A document can contain the required information but not necessarily the aspects for determining quality or binding of the information to the Entity presenting it.
Policies will be needed on the specific document combinations required to meet all objectives and controls. It’s important that there are processes for exceptions, such as when specified documents cannot be provided by certain Entities or groups of Entities, for example, children.
Ways to spot a fraudulent document
There are 3 main types of document fraud.
1. Genuine document — wrong owner
- A person presents a document that is genuine but belongs to someone else. It might be lost or stolen. For example, when someone changes their appearance to match the photo in someone else’s passport.
- Check for more than one document — especially if the document doesn’t have a photo such as a birth certificate.
2. Genuine document — altered
- A person presents a genuine document that has been altered in some way. For example, changing a photograph or name
- Check that the document:
- looks like the document image in the relevant factsheet in Factsheets on commonly used documents
- is consistent — the names are all the same, the lettering is the same
- does not have unusual wear and tear — for example peeling plastic covering.
3. Fake document
- A person presents a completely fake document.
- Check that the document:
- looks like the document image in the relevant factsheet in Factsheets on commonly used documents
- is consistent — the names are all the same, the lettering is the same
- does not have unusual wear and tear — for example peeling plastic covering.
- feels right — paper thickness and plastic covering.
Particularly if the risk is high, it’s good practice to check more than 1 document. Ensure the details provided are realistic (for example, the person looks to be the age they claim) and where possible, verify the information via another source.
Resources to assist with document recognition
When relying on documents for evidence, new frontline staff need to be at least trained to recognise the types of documents that they will most frequently be presented with and shown what features to look for when examining them.
The following resources are available to assist with recognising documents:
- Factsheets on commonly used documents — outline the key features, operational and legislative requirements where applicable, and the processes involved in applying for and issuing the documents.
- Immigration New Zealand — advice relating to any aspects of New Zealand Immigration Permits, Certificates of Identity or Visas.
- OperationalPolicy&Design@dia.govt.nz — email for advice about security features of documents issued by the Department of Internal Affairs.
- Keesing Technologies — provide reference databases of documents used for identification and training courses in document recognition. They require registration and payment for use.
- The Document Examination Section of the New Zealand Police provides a wide range of services, including training staff in document examination techniques such as detection of counterfeit and/or altered documents. Cost recovery charges can apply. Contact the Document Examination Section by emailing the Chief Document Examiner: gordon.sharfe@police.govt.nz.
Related advice
The following resources are also related to this topic:
- Information Assurance Standard
- Implementing the Information Assurance Standard
- Factsheets on commonly used documents
Contact
Te Tari Taiwhenua Department of Internal Affairs
Email: identity@dia.govt.nz
Utility links and page information
Last updated