Security Document Counterfeiting
Counterfeiting of security documents, such as money, is an increasing problem that now poses a real threat to the strength of global monetary systems. Software and high quality photographic and printing technology are making it easier for criminals to produce and pass counterfeit notes into the monetary system. Counterfeit currency can be used to support the underground, untaxed economy, and it is a global threat that could erode financial systems.
The main reason that counterfeiting remains a major concern is the ease and speed with which large quantities of counterfeit currency can be produced using counterfeit software combined with high quality photographic and printing equipment. The occurrence of counterfeiting is likely to increase because these technologies are more readily available, and the techniques are more easily understood by an increasingly larger segment of the criminal population.
Whilst, these technologies do not reproduce the watermarks, color shifting, embedded security threads, microprinting, and the general feel of the note, or the slightly raised print produced by engraved plates, in day-to-day transactions these features are often overlooked so that counterfeit notes are often accepted as legal tender. Counterfeit money can move through banks, money exchanges, casinos, and is even carried overseas, and there are growing opportunities for counterfeit currency to be passed into the monetary system. Most of the large economies around the world are therefore now committed to introducing new technologies, as well as additional regulations and processes to make identification of counterfeit notes easier, to thereby reduce the incidence of counterfeit notes entering the monetary system.
Another concern is that there are governments who knowingly support counterfeiters, and some are complicit in producing counterfeit currency. A related problem is that all of the major U.S. and European banks have established multiple correspondent relationships throughout the world so they may engage in international financial transactions for themselves and their clients in places where they do not have a physical presence. Many of these do not meet current regulatory or reporting requirements, and therefore make it difficult to gain sufficient information to actively combat counterfeiting.
In addition to the growing problem of currency counterfeiting, the risks associated with money laundering are also a major concern for many governments for two reasons:                1. Deregulation of global financial systems means that it is now harder to combat money laundering; and        2. The funds involved in money laundering are increasing rapidly.        
There are two stages involved in money laundering: placement and layering, and integration.
Placement is the movement of cash from its source and placing it into circulation through financial institutions, casinos, shops, bureau de change and other businesses, both local and abroad. Placement can be carried out through many processes including currency smuggling, bank complicity, deregulated currency exchanges, blending to enable funds from illicit activities to be obscured in legal transactions, and using the proceeds to purchase less conspicuous assets.
The purpose of layering is to make it more difficult for law enforcement agencies to detect the trail of illegal proceeds. Layering methods can include converting cash to other monetary instruments such as banker's drafts and money orders, or selling assets bought with illicit funds.
The final stage of integration is the movement of previously laundered money into the economy, mainly through the banking system, to make transactions appear to be normal business earnings.
The first thing to note about money laundering is that criminals prefer to deal in cash because of its anonymity. In most financial transactions, there is a financial paper trail to link the person involved. Physical cash, however, has disadvantages. It is bulky and difficult to move. For example, 44 pounds of cocaine worth $1 million is equivalent to 256 pounds of street cash. The street cash is more than six times the weight of the drugs. The existing payment systems and cash are both problems for criminals, even more so for large transnational crime groups. This is where criminals and terrorists are often most vulnerable.
By limiting the opportunity for counterfeit notes, and funds from illicit activities to enter the economy at the money placement and layering phases, it becomes possible to restrict a wide range of money laundering activities.
To do this requires a detailed knowledge of cash flow movements that can only be gained by introducing the ability to track and trace the flow of individual notes within the monetary system, and the ability to link large reportable cash transactions to an individual's identity.
As a consequence, governments have endeavored to:                Improve international co-operation through governments to address money laundering and counterfeiting concerns; and,        Establish additional national controls for the distribution and supply of currency within a country.        
Concerted efforts by governments to fight money laundering have been going on for the past fifteen years. The main international agreements addressing counterfeit and money laundering include: the United Nations Vienna Convention against Illicit Traffic in Narcotics Drugs and Psychotropic Substances (the Vienna Convention) and the 1990 Council of Europe Convention on Laundering (Adopted in November 1990, the Council of Europe Convention establishes a common criminal policy on money laundering. The convention lays down the principles for international co-operation among the contracting parties.).
The role of financial institutions in preventing and detecting money laundering has been the subject of pronouncements by the Basic Committee on Banking Supervision, the European Union, and the International Organization of Securities Commissions.
In December 1988, the G-10's Basle Committee on Banking Supervision issued a “statement of principles” with which the international banks of member states are expected to comply. These principles cover identifying customers, avoiding suspicious transactions, and co-operating with law enforcement agencies. In issuing these principles, the committee noted the risk to public confidence in banks, and thus to their stability, that can arise if they inadvertently become associated with money laundering.
The “United Nations Convention against Transnational Organized Crime” was tabled for signing in December 2000. The Convention urges governments to cooperate with one another in the detection, investigation and prosecution of money laundering. Signatories are obliged to reinforce requirements for customer identification, record-keeping and the reporting of suspicious transactions. Signatories are also recommended to set up financial intelligence units to collect, analyze and disseminate information.
Since the events of Sep. 11, 2001, UN Member States have emphasized the links between terrorism, transnational organized crime, the international drug trade and money laundering. The UN Security Council adopted resolution 1373 (2001) and it established the Counter-Terrorism Committee (CTC), which is mandated to monitor the implementation of the resolution urging States to prevent and suppress the financing of terrorist acts.
Other potential macroeconomic consequences of unchecked money laundering that have been noted by the International Monetary Fund (IMF) are inexplicable changes in money demand, contamination effects on legal financial transactions, and increased volatility of international capital flow and exchange rates as a consequence of unanticipated cross-border asset transfers. The latter point is especially important and poses a significant risk to the EU financial system as money laundering has a direct effect on the Foreign Exchange Market (FOREX) of an economy, which is vulnerable to the volume of cash involved in the trade.
Banks are susceptible to risks from money launderers on several fronts. There is a thin line between a financial institution suspecting that it is being used to launder money and the institution becoming criminally involved with the activity. Banks that are exposed as laundering money are likely to face costs associated with the subsequent loss of business on top of vast legal costs. At the very least, the discovery of a bank laundering money for an organised crime syndicate is likely to generate adverse publicity for the bank. Banks passing counterfeit notes to customers will also result in declining business as clients take business elsewhere. However, a much graver risk that banks face is that of criminal prosecution for laundering money. EU laws and directives state that if a financial institution in the EU is found to be assisting a money launderer and failed to follow the appropriate procedures as laid out by EU directives, the individual employee and respective supervisors, including company directors, are personally liable to imprisonment or fines. This is the reason why the EU directives on money laundering include the “know your customer” initiative.
As a result due diligence measures have been implemented by financial service providers under regulatory supervision to ensure the integrity of those conducting business with the institution.
These consist of four sub-categories:                1) identification;        2) know your customer;        3) record keeping; and        4) suspicious activity reporting.        
These are all time consuming and difficult to manage.
In addition to international efforts to combat counterfeiting and money laundering, most OECD governments have introduced a wide range of domestic statutes governing the distribution, and management of currency. Some of these are needed to support international approaches, and others have been introduced to reduce local opportunities for terrorists or criminals to derive benefit from counterfeiting or money laundering activities. While it is not possible to consider all of these, a few U.S statutory requirements are considered here to highlight the emerging requirements that any new currency validation and tracking system might be required to meet to support national and international objectives.
Within the U.S., national distribution and supply of U.S. currency is regulated by the U.S Monetary Policy, and implemented by the Federal Reserve and the Department of Treasury, and monitored by the Secret Service. The Bureau of Engraving and Printing (BEP), which is a division of the U.S. Department of Treasury, serves as the United States' security printer. It produces the Nation's currency, most of its postage stamps, and other security documents (The first important distinction is that while the Federal Reserve issues Federal Reserve notes, the Treasury issues coins. Consequently, the Federal Reserve determines the amount of new currency of each denomination to be printed annually by the US Bureau of Engraving and Printing (BEP)).
In the case of currency, the Federal Reserve Banks verify all notes deposited with them by the banking industry on a note-by-note basis. During this verification, deposited currency is counted for accuracy, counterfeit notes are identified, and unfit notes are destroyed. The BEP, in conjunction with the Department of Treasury, Federal Reserve and Secret Service, are continuously working on changes that are required to protect the integrity of the monetary system.
Additionally, the Internal Revenue Code (IRC) requires anyone involved in a trade or business, except financial institutions, to report currency received for goods or services in excess of $10,000. The Bank Secrecy Act (BSA) mandates the reporting of certain currency transactions conducted by financial institutions, the disclosure of foreign bank accounts, and the reporting of the transportation of currency exceeding $10,000 across United States borders.
The Internal Revenue Service (IRS) is one of the key agencies involved in money laundering investigations. Tax evasion, public corruption, health care fraud, money laundering and drug trafficking are all examples of the types of crimes that revolve around cash. A financial investigation often becomes the key to a conviction.
In addition to providing physical protection to the leaders of the United States of America, the Secret Service has set as its highest investigative priority the identification and suppression of counterfeit currency production and distribution networks. With 60% of genuine U.S. currency circulating outside of the U.S, the dollar continues to be a target for transnational counterfeiting activity.
The main objective of the U.S. Patriot Act 2001 is to amend certain laws within the constitution of the United States of America to assist with the national and global fight against terrorism. These laws relate to reporting requirements for currency received in non-financial trade or business. These include the name, address, and identification information of the person from whom the currency was received, the amount of currency received, the date and nature of the transaction, and the identification of the person filing the report.
In their effort to avoid using traditional financial institutions, many criminals are forced to move large quantities of currency in bulk form through airports, border crossings, and other ports of entry where the currency can be smuggled out of the United States and placed in a foreign financial institution or sold on the black market. The transportation and smuggling of cash in bulk form may now be one of the most common forms of money laundering, and the movement of large sums of cash is one of the most reliable warning signs of drug trafficking, terrorism, money laundering, racketeering, tax evasion and similar crimes.
To support the above international and national initiatives, the technology industry has also initiated a number of programs. For example, IBM and Searchspace have joined forces to launch the IBM Anti-Money Laundering Service, a hosted computer service to help meet new U.S. Patriot Act requirements, which requires firms to implement new technologies to detect and prevent money laundering schemes by terrorists and other criminals. Unisys also provides anti-money laundering and fraud detection services. These services have been provided to police forces and leading financial institutions.
Given the wide range of approaches adopted to support international co-operative efforts to limit terrorist and criminal activity, there is a growing recognition that organized crime is increasingly operating through more fluid network structures rather than more formal hierarchies.
This therefore requires the use of new methods and technologies in order to comply with the wide range of regulations and recommendations needed to combat laundering and counterfeiting. These new methods and technologies should make it easy to validate notes, automate many of the statutory cash transaction reporting requirements, and provide the capability for security agencies to detect crime patterns through cash flow tracking.
An existing solution to the problem involves the use of note tracking using RFID integrated circuits.
Due to the Euro's broad cross-border reach, the European Central Bank (ECB) and criminal investigators in Europe are concerned about increases in counterfeiting, as well as a possible increase in money laundering. There are now over 10 billion bank notes in circulation, with 4.5 billion being held in reserve to accommodate potential leaps in demand. Last year, Greek authorities were confronted with 2,411 counterfeiting cases while authorities in Poland arrested a gang suspected of making and putting over a million fake euros into circulation.
Because of these concerns, the application of RFID (Radio Frequency Identification) technology to paper currency is currently being investigated by the European Central Bank and Hitachi.
Hitachi Ltd. announced plans in July 2003 for a integrated circuit designed for high denomination currency notes that would pack RF circuitry and ROM in a 0.4-mm square circuit that is only 60 microns thick. The Hitachi “mu-integrated circuit” will be capable of wirelessly transmitting a 128-bit number when radio signals are beamed at it. Besides acting as a digital watermark, such RFID integrated circuits could speed up routine bank processes such as counting. A stack of notes can be passed through a reader with the sum determined automatically, similar to the way that inventory is tracked in an RFID-based system.
However there are a number of difficulties that associated with such a solution.
First, there are concerns about the high costs associated with producing and integrating each integrated circuit into a note. Manufacturing processes are also considered a major hurdle to embedding a low-cost antenna and integrated circuit in bank notes.
There are also concerns about the robustness of a integrated circuit solution. Bank notes have a thickness of only about 80 microns. Once a 60 micron thick RFID integrated circuit is connected to its antenna, it is likely to be well over 100 microns thick. They will therefore be at risk of snagging on an object or surface, and being torn out of the note paper. Notes rubbing against each other in a wallet may cause the RFID integrated circuits to tear out of the notes. Another major concern is the robustness of the integrated circuit itself. Bank notes undergo repeated folding, they are accidentally put through washing machines, and they may receive large electrostatic shocks.
All of these will make it difficult for the issuers to guarantee that integrated circuits will continue to function properly for the expected life of the note. People are unlikely to accept that their notes are invalid simply because the RFID integrated circuits have been torn out or damaged, so there will not be an expectation that all notes must have RFID integrated circuits. So, a forger can pass off notes which never had integrated circuits simply by tearing small holes where the integrated circuits have purportedly ‘snagged on something and been torn out’.
There are also concerns about privacy. With the potential to track and trace cash, individuals may become concerned that cash will lose its anonymity when buying goods. There are also concerns by privacy advocates that a scanner in the hands of criminals could be used to remotely determine the amount of cash being carried by an individual without their knowledge. This could place them at risk of attack.
Thus, there are many factors that suggest that an RFID solution may not be feasible for validating and tracking currency.
Surface Coding Background
The Netpage surface coding consists of a dense planar tiling of tags. Each tag encodes its own location in the plane. Each tag also encodes, in conjunction with adjacent tags, an identifier of the region containing the tag. This region ID is unique among all regions. In the Netpage system the region typically corresponds to the entire extent of the tagged surface, such as one side of a sheet of paper.
The surface coding is designed so that an acquisition field of view large enough to guarantee acquisition of an entire tag is large enough to guarantee acquisition of the ID of the region containing the tag. Acquisition of the tag itself guarantees acquisition of the tag's two-dimensional position within the region, as well as other tag-specific data. The surface coding therefore allows a sensing device to acquire a region ID and a tag position during a purely local interaction with a coded surface, e.g. during a “click” or tap on a coded surface with a pen.
The use of netpage surface coding is described in more detail in the following copending patent applications, U.S. Ser. No. 10/815,647 (docket number HYG001US), entitled “Obtaining Product Assistance” filed on 2 Apr. 2004; and U.S. Ser. No. 10/815,609 (docket number HYT001US), entitled “Laser Scanner Device for Printed Product Identification Cod” filed on 2 Apr. 2004.
Cryptography Background
Cryptography is used to protect sensitive information, both in storage and in transit, and to authenticate parties to a transaction. There are two classes of cryptography in widespread use: secret-key cryptography and public-key cryptography.
Secret-key cryptography, also referred to as symmetric cryptography, uses the same key to encrypt and decrypt a message. Two parties wishing to exchange messages must first arrange to securely exchange the secret key.
Public-key cryptography, also referred to as asymmetric cryptography, uses two encryption keys. The two keys are mathematically related in such a way that any message encrypted using one key can only be decrypted using the other key. One of these keys is then published, while the other is kept private. They are referred to as the public and private key respectively. The public key is used to encrypt any message intended for the holder of the private key. Once encrypted using the public key, a message can only be decrypted using the private key. Thus two parties can securely exchange messages without first having to exchange a secret key. To ensure that the private key is secure, it is normal for the holder of the private key to generate the public-private key pair.
Public-key cryptography can be used to create a digital signature. If the holder of the private key creates a known hash of a message and then encrypts the hash using the private key, then anyone can verify that the encrypted hash constitutes the “signature” of the holder of the private key with respect to that particular message, simply by decrypting the encrypted hash using the public key and verifying the hash against the message. If the signature is appended to the message, then the recipient of the message can verify both that the message is genuine and that it has not been altered in transit.
Secret-key can also be used to create a digital signature, but has the disadvantage that signature verification can also be performed by a party privy to the secret key.
To make public-key cryptography work, there has to be a way to distribute public keys which prevents impersonation. This is normally done using certificates and certificate authorities. A certificate authority is a trusted third party which authenticates the association between a public key and a person's or other entity's identity. The certificate authority verifies the identity by examining identity documents etc., and then creates and signs a digital certificate containing the identity details and public key. Anyone who trusts the certificate authority can use the public key in the certificate with a high degree of certainty that it is genuine. They just have to verify that the certificate has indeed been signed by the certificate authority, whose public key is well-known.
To achieve comparable security to secret-key cryptography, public-key cryptography utilises key lengths an order of magnitude larger, i.e. a few thousand bits compared with a few hundred bits.
Schneier B. (Applied Cryptography, Second Edition, John Wiley & Sons 1996) provides a detailed discussion of cryptographic techniques.