(a) General. States must include document security features on REAL ID driver's licenses and identification cards designed to deter forgery and counterfeiting, promote an adequate level of confidence in the authenticity of cards, and facilitate detection of fraudulent cards in accordance with this section.
(1) These features must not be capable of being reproduced using technologies that are commonly used and made available to the general public.
(2) The proposed card solution must contain a well-designed, balanced set of features that are effectively combined and provide multiple layers of security. States must describe these document security features in their security plans pursuant to Sec. 37.41.
(b) Integrated security features. REAL ID driver's licenses and identification cards must contain at least three levels of integrated security features that provide the maximum resistance to persons' efforts to--
(1) Counterfeit, alter, simulate, or reproduce a genuine document;
(2) Alter, delete, modify, mask, or tamper with data concerning the original or lawful card holder;
(3) Substitute or alter the original or lawful card holder's photograph and/or signature by any means; and
(4) Create a fraudulent document using components from legitimate driver's licenses or identification cards.
(c) Security features to detect false cards. States must employ security features to detect false cards for each of the following three levels:
(1) Level 1. Cursory examination, without tools or aids involving easily identifiable visual or tactile features, for rapid inspection at point of usage.
(2) Level 2. Examination by trained inspectors with simple equipment.
(3) Level 3. Inspection by forensic specialists.
(d) Document security and integrity. States must conduct a review of their card design and submit a report to DHS with their certification that indicates the ability of the design to resist compromise and document fraud attempts. The report required by this paragraph is SSI and must be handled and protected in accordance with 49 CFR part 1520. Reports must be updated and submitted to DHS whenever a security feature is modified, added, or deleted. After reviewing the report, DHS may require a State to provide DHS with examination results from a recognized independent laboratory experienced with adversarial analysis of identification documents concerning one or more areas relating to the card's security.