A biometric passport is a traditional passport with an embedded electronic chip that stores a digital version of your photo, your personal details, and in many countries, your fingerprints. You can spot one by the small gold camera-like symbol on the front cover. More than 150 countries now issue them, and they’ve become the global standard for international travel documents.
The International Civil Aviation Organization (ICAO), the United Nations agency that sets travel document standards, formally calls it an “Electronic Machine Readable Passport” or eMRP. Its defining feature is a contactless integrated circuit that enables biometric identification of the holder. In everyday language, that means the passport carries a tiny computer chip that can confirm you are who the document says you are.
What’s Inside the Chip
The chip in a biometric passport is a passive RFID (radio-frequency identification) tag connected to a thin antenna, both typically embedded in the cover or the data page. “Passive” means the chip has no battery. It draws power wirelessly from the reader when you place the passport on a scanner, operating at a frequency of 13.56 MHz with a maximum read range of about 15 centimeters (roughly 6 inches). That short range is a deliberate security feature.
The chip’s memory is organized into separate data groups. Data Group 1 holds the same printed information you see on your data page: name, nationality, date of birth, passport number, and expiration date. Data Group 2 stores a digital facial photograph, capped at 15 kilobytes. Data Group 3, when used, stores one or more fingerprint images, each compressed to a maximum of 15 kilobytes. A facial photo is mandatory under ICAO standards. Fingerprints are optional at the international level but required by many countries, including European Union member states.
Some countries also collect iris scans, though this is far less common. The chip’s memory is split into two regions: one that can be read wirelessly by an authorized scanner, and a hidden internal region used only for the chip’s own security functions.
How It Works at the Border
When you hand over your biometric passport at an immigration checkpoint, or place it on an automated e-Gate scanner, the reader powers up the chip and pulls your stored data. A camera at the gate then takes a live photo of your face and compares it against the digital photo on your chip. If the two match, the gate opens. The entire process typically takes under 20 seconds.
This is faster than a manual check by a border officer, and it’s harder to fool. A human officer comparing your face to a printed photo can be inconsistent; facial recognition software performs the same comparison with measurable accuracy every time. For countries that store fingerprints on the chip, some border gates also include a fingerprint scanner as a second layer of verification.
In the United States, a final rule effective December 2025 authorizes Customs and Border Protection to collect facial biometrics from all noncitizens at entry and exit points, including airports, land ports, and seaports. U.S. citizens can voluntarily participate in the same facial biometrics process or opt out and undergo a traditional manual passport inspection instead.
Security Layers Protecting Your Data
The chip doesn’t just broadcast your information to any nearby device. Multiple layers of encryption and authentication control who can read what.
The first layer is called Basic Access Control (BAC). Before a reader can access your chip, it has to prove it “knows” information printed in your passport’s machine-readable zone: your passport number, date of birth, and the document’s expiration date. In practice, this means someone has to physically open your passport and scan the printed text before the chip will respond. BAC prevents a stranger from wirelessly reading your chip through your bag.
For more sensitive data like fingerprints, the European Union developed Extended Access Control (EAC). This uses a more advanced form of cryptography that requires the reader itself to be certified by a government authority. EAC also includes protections against chip cloning, where an attacker copies the chip’s contents onto a blank chip to create a fake passport. A newer version, EACv2, further tightens the process by requiring the reader to authenticate itself before the chip reveals any data at all. It also introduces a protocol called PACE, which replaces the older BAC system with a dedicated access password printed inside the passport, rather than relying on personal details like your date of birth.
Physical Security Features
The electronic protections work alongside physical ones. Many modern biometric passports use a polycarbonate data page instead of the traditional laminated paper page. Polycarbonate is a hard, durable plastic. Your personal details and photo are laser-engraved into the inner layers of the material rather than printed on the surface, making them extremely difficult to alter or counterfeit. The chip is often embedded directly within this polycarbonate page, fusing the digital and physical security into a single tamper-resistant unit.
This design also improves durability. A polycarbonate page resists wear, moisture, and bending far better than laminated paper, which means the chip and the printed information are both more likely to remain intact over the passport’s full validity period, typically 10 years for adults.
Known Risks and Limitations
No system is perfectly secure, and biometric passports have drawn scrutiny since their introduction. The primary concerns fall into a few categories.
Skimming refers to an attacker wirelessly reading your chip without your knowledge. In theory, the 15-centimeter read range and Basic Access Control make this very difficult. An attacker would need to be extremely close to your passport and already know your passport number, date of birth, and expiration date. Still, researchers have pointed out that BAC relies on relatively low-complexity keys, which could be vulnerable to a determined attacker who intercepts the wireless exchange. The simplest countermeasure is the passport cover itself, or a shielding sleeve, which blocks radio signals when the passport is closed.
Eavesdropping is a subtler threat. If a legitimate reader is scanning your passport (at a hotel front desk checking your identity, for example), a nearby attacker with specialized equipment could potentially intercept the wireless communication between the reader and your chip. EAC and PACE protocols significantly reduce this risk by using stronger encryption for the data exchange.
Cloning involves copying your chip’s data onto a different chip. This requires sophisticated and expensive equipment, and newer chip authentication protocols are designed to detect cloned chips by verifying that the chip itself is genuine, not just that it holds valid data.
Surveys of passport holders have found that many people are unaware of how the chip works or what data it stores, which contributes to general anxiety about the technology. In reality, the chip contains the same information that’s printed on the data page, plus compressed biometric images. It does not store your travel history, financial information, or location data.
How Biometric Passports Differ From Regular Passports
If your passport doesn’t have the small rectangular chip symbol on the front cover, it’s a non-electronic machine-readable passport. These older passports rely entirely on the printed data page and the machine-readable zone (the two lines of text at the bottom) for identity verification. They offer no way to digitally verify that the document hasn’t been tampered with, and no way to automate biometric matching at a border gate.
A biometric passport adds three things a traditional passport cannot provide: a digital signature that proves the data hasn’t been altered since the government issued it, a biometric template that a computer can match against your live appearance, and encrypted storage that controls who can access sensitive information like fingerprints. These features collectively make it much harder to forge a passport, use someone else’s passport, or alter a legitimate passport’s data after issuance.
All ICAO member states are expected to issue machine-readable travel documents, and the vast majority now issue fully electronic biometric versions. If you’re applying for a new passport today in most countries, you’ll receive a biometric one by default.