In 2023, “ISO 22388 Guidelines for securing physical documents” was developed by “ISO/TC 292/WG 4”. The target documents include various formats such as paper, cards, booklets, and labels. Additionally, the risk-based approach enables the application of different security levels to these documents. It brings advantages such as improved cost efficiency, optimized resources, and flexibility in risk management for standard users.

The five looped steps of security design recommended in ISO 22388 include:

1) Document risk assessment: conducting a semi-quantitative evaluation (IEC 31010) of threats and risks associated with four attack modes of cloning, facsimile, alteration, and theft/public acquisition.

2) Determination of document classes: based on the risk assessment, documents are classified as high, medium, or low risk.

3) Selection and implementation of security technologies: the standard describes a total of 70 different technologies across seven areas.

4) Security Evaluation: a comprehensive assessment of the document’s security based on the criteria of layering, complementarity, and multi-modality.

5) Document risk mitigation: periodic security design review.

A key aspect of ISO 22388 is the introduction of semi-quantitative indicators to assess document fraud risks and the adequacy of security measures. This enables the classification of documents based on risk, the establishment of minimum recommended security measures for each class, and the facilitation of risk communication among stakeholders such as document issuers and secondary users.

The overall security of a document is assessed through three criteria: layering, complementarity, and multi-modality, as indicated by the standard. However, these criteria are abstract concepts, still requiring expert reviews to identify specific evaluation items. Therefore, we (NPB) derived the following sub-evaluation items to assess the adequacy of the three criteria.

1. Layering

– Number of technologies

– Authentication level: the number of types of designed authentication levels.

-Relevance: In multiple implemented security technologies, the relationships between information such as text, patterns, and colors enable the detection of fraud and other anomalies through mutual referencing.

2. Complementarity

– Comprehensiveness: Measures have been implemented to counter all four attack modes of cloning, facsimile, alteration, theft/public acquisition.

– Equity: There is no significant disparity in the total security measures across each attack mode.

3. Multi-modality

– Number of manufacturing methods: The number of types of processing methods for implementing the selected security technology.

– Limitations of implementation methods: The implementation methods for the selected security technology, or the devices used for implementation, are limited.

This presentation aims to discuss the validity of the assessment criteria used in the semi-quantitative evaluation of AHP (Analytic Hierarchy Process).