That two passengers were travelling on stolen passports is one of the many mysteries surrounding the infamous disappearance of flight MH370. Their ability to travel on a high-profile commercial airline using fraudulent documents highlights a serious security concern. For security agencies, too many airports aren’t doing as much as they could to prevent this kind of situation.

Criminals and terrorists will exploit any gaps in security systems and, with more than 40 million recorded by INTERPOL as lost or stolen worldwide since 2002, passenger documents make for an obvious target. However, although bolstering security in this area should be a priority, airports have been reluctant to implement any systems that drastically affect the speed at which passengers are processed.

One of the main systems currently employed is INTERPOL’s stolen and lost travel documents (STLD) database, used solely by law-enforcement agencies to discover whether passports are being carried erroneously or illicitly. Since its inception after the events of 9/11, it has logged 44 million reports from 169 countries; last year alone, it was accessed over 800 million times, returning 67,000 matches.

Despite its obvious benefits, not every country is realising the database’s full potential. The reasons for this are numerous and often technical. Not every airport possesses the necessary facilities or infrastructure needed to access the database, for instance. And, for those that don’t, installing required capabilities is costly – potentially out of budget altogether. Legal complications act as another hindrance and, in its current format as strictly a law enforcement tool, the database is inaccessible to private companies.

According to INTERPOL’s director of strategic planning, Pieter Deelman, fewer than 20 countries are routinely screening passengers against the database, while only 40% of international passports are screened at all. This means that, every year, there are over one billion instances in which international passengers travel without going through some of the most basic security measures.

"The fact is that not all law enforcement agencies are checking passports at their borders," Deelman says. "What we can see is that a lot of countries are not directly accessing it. Many are very limited in their knowledge of migrant processing and passport examinations, and most of them actually don’t undergo specialised training. It’s a lack of money, resources and tools. Too many just mechanically stamp documents and that is a serious security vulnerability."

Checks and balances

INTERPOL provides its 190 member countries with the opportunity to connect directly to various criminal databases and is constantly trying to find new ways to enhance security, whether at airports, border crossings or elsewhere. It hopes that its recently launched I-Checkit system will fill the gap left by law-enforcement agencies around the world.

Using the system, airport security personnel send passport details to INTERPOL, which screens them against the STLD database. If a match highlights a discrepancy, INTERPOL national central bureaus in the countries of departure and destination are informed in real time. Airport security can then investigate further and take the relevant action, whether that involves double-checking documents or preventing passengers from boarding a plane. Because airport security and law enforcement have their own procedures to follow, INTERPOL doesn’t require them to take police action.

"It’s not about names or anything sensitive; the system analyses information such as the type, number and country of issue of a particular travel document," says Deelman. "No personal data is in the database, so no personal data is checked. It’s also important to stress that the airline doesn’t have direct access to the database; it’s us who check the information and then relay it back.

"The Office Of Legal Affairs is very much involved, as well as the Commission For The Control of INTERPOL’s File, an independent entity that advises us on all our use of personal data, whether it’s for wanted notices, databases, issues relating to how long we keep it for, or what’s in there. Because data protection and privacy elements are key aspects to consider, we want to ensure national and international legislation is adhered to in this regard."

Though the project is in a small-scale testing phase, it is hoped that more private sector partners will begin using it soon. "At the moment, we’re working in Kuala Lumpur with Air Asia, South-East Asia’s largest low-cost airline," says Deelman. "Since June this year, we’ve checked 7.1 million passports, had 59 positive matches and prevented 19 people from boarding."

Checks are undertaken prior to the boarding gate and, because they’re completed in just a fraction of a second, no flight delays or significant increases in queue sizes should be expected – nor should the amount of time taken to process each passenger rise. Security staff and passengers should brace themselves for occasional "administrative hits", though, for example where passports have been reported stolen then later found and used again without notifying authorities to remove them from the database.

Broader horizons

In addition to the instant impact of using the I-Checkit system to drastically reduce the chances that lost and stolen passports are used fraudulently, it also has the potential to help with longer-term investigations.

"Many of these cases are still under investigation, but what we can see is that often there are patterns that emerge," says Deelman. "Sometimes criminals will use passports from particular countries or they’ll use the same routes or travel agencies. We know that they are using lost and stolen passports to hide their identity and there’s a link to illegal immigration, human trafficking and worse scenarios. This is something that is under investigation now and, although it’s too early to talk about in greater detail, it’s already helping us prevent people with the wrong intentions from boarding planes."

For the airlines themselves, there’s a personal need to tackle the issue. Adopting a system such as I-Checkit would not only act as a demonstration of how seriously they take security, and build up consumer confidence in the process, but it would also limit their exposure to potential fines for carrying passengers who use stolen documents.

Should the preliminary testing with Air Asia prove a success, INTERPOL hopes to start rolling the technology out to other airlines. More long-term ambitions for the project include introducing it into other sectors where there’s a serious risk of fraudulent behaviour, such as the financial, hospitality and cruise industries (the latter having recently been exposed as a favourite mode of transport for would-be jihadists wishing to join the Islamic State). Eventually it could even be used car rental or insurance companies.

"Our aim is to see if it’s technically possible with our current systems, to see whether it is secure enough and operational," says Deelman. "So far, the test with Air Asia is doing very well. We already have experience with banks in a batch test, one that looks at archive data rather than live customer information. We saw there were plenty in the sector who are using stolen or lost documents. It’d be interesting to find out why they’re doing this; is it money laundering, terrorist financial activity, or some other criminal reason? For us it’s definitely a reason to extend I-Checkit in that direction."

There are also plans to link many other databases and systems, for example one that would help with detecting the authenticity of passports or identifying internationally wanted individuals. But for now the plan is to improve and enhance the technical and operational efficiency of I-Checkit and begin the process of rolling it out to other private firms.

Action, not reaction

Many of the current security inadequacies could be put down to a lack of communication, whether it’s between private airliners, law enforcement agencies, INTERPOL or with the databases themselves. No doubt criminals will eventually find a way to bypass the system but, until they do, the mission is an obvious one for Deelman: "The challenge for the future is to broaden the connection with private entities to fill the gap and make our world more safe and secure," he says.

In a statement issued during the aftermath of flight MH370’s disappearance, INTERPOL secretary-general at the time Ronald Noble bemoaned that too often countries would "wait for a tragedy to put prudent security measures in place at borders and boarding gates". Should the I-Checkit system prove a functional success, it could prove to be a key component for preventing similar catastrophes in the future.