By Sean Kheffache, Senior Product Manager Contactless Travel at IATA
On June 2 we ran the Webinar “How Digitized Document Checks Support Faster Passenger Processing”, where we presented Timatic Doc Scan and how it automates travel document verification. The questions raised during the webinar told me where the industry's head is at. Almost nobody asked whether Timatic Doc Scan makes check-in faster. They asked how you know a document is real. What happens to the data. The speed problem is, broadly, solved. The trust problem is not, and that is now where the attention is.
An important note that shapes the rest of this post: the part of a passenger's documents most likely to be wrong is the part most systems cannot handle. It is almost never the passport. It is the visa, the residence permit, the e-visa, the travel authorisation, and the eligibility rules attached to them. That is where boarding errors and airline fines actually come from.
So instead of another piece on why automation matters, here is how a document check actually works, step by step, with the questions you asked anchoring each part. By the end you should know what the technology does, what it does not, and where the genuinely hard problems sit.
Everything starts with getting the document in front of the system. A passenger can do this themselves from home, on their own phone, through an airline's web or mobile check-in. Where self-service is not the right fit, the same checks run through an agent app at the desk or the gate, with staff capturing on the passenger's behalf.
That second route matters more than it sounds. Several of you asked about elderly travellers, passengers who are not comfortable with technology, and airports with patchy connectivity. The agent app is the answer to all three. Same engine, different approach, so the benefit is not reserved for the digitally confident.
A passenger can upload a file rather than take a live photo. A PDF or an image works, which matters in a world where almost nobody owns a printer anymore. We limit direct upload to secondary documents rather than the passport, for security reasons.
Once captured, the document is read. For a passport that means the machine readable zone, those two lines of characters at the bottom of the bio page, plus the visual zone above it.
The questions here were sharp, and they all point the same way: the MRZ alone is not enough. Names get truncated by the MRZ. The second character of the MRZ tells you the document type, diplomatic or emergency, which an airline may want routed differently. Some passports carry the expiry date on a back page, not the bio page. We read the visual zone alongside the MRZ and can be configured for fields that sit in non-standard places, precisely because relying on the MRZ on its own leaves gaps. One attendee was seeing bad MRZ data even after the check digit passed, and the answer to that is the same: we can cross-check the MRZ against the rest of the document. Our extraction accuracy is high and these errors are rare, but the safeguard is there.
A scanner that reads a passport's MRZ is checking the document least likely to cause a problem. Passports are standardized, machine readable, and familiar. The fines and the denied boardings come from everything else: the Vietnamese e-visa, the Schengen residence permit, the onward-travel exemption, the visa that has not started yet. These are the documents with inconsistent formats, fiddly conditions, and rules that change by nationality and route. They are harder to read and harder to reason about, which is exactly why most tools quietly skip them and check the passport instead.
Covering these non-MRZ documents is the part of this I would point to first. We support a wide library of them, read them, and feed them into the eligibility logic that decides whether the passenger can actually travel. If you take one thing from this post, take this: the value is not in scanning the passport well. It is in handling the documents that sit behind it.
This was the single most-asked theme of the webinar, by a wide margin. Phrased a dozen ways, the question was: does the system just read the data, or does it prove the document is real?
It proves it. We extract the security features on a document and check they match what we expect, and we run tampering detection to confirm it has not been altered. For the Vietnam e-visa example a few of attendees raised, that is exactly the mechanism: we are not taking the file at face value, we are checking it for the markers of a genuine document and for signs of forgery. Where more assurance is wanted we can layer in AI-based checks, though the standard authenticity checks carry most cases.
When a check fails, the document is flagged and the airline is alerted. The problem does not pass silently down the line.
The Timatic eligibility engine is a key part of this technology. It takes the verified document data and checks it against the entry, transit and exit requirements for the whole journey. Not the leg, the journey.
Inside eligibility sit distinctions that catch people out, and you surfaced most of them:
Validity is not age. Validity asks whether a document is still in date. Age asks whether it is old enough, because some countries require a document to have been issued at least a set number of days ago. Different questions, checked separately.
Expiry is measured against arrival, not departure. On a long-haul flight a passport can be valid at the gate and expired by landing. Picture a long sector into Hanoi where the document lapses somewhere over the South China Sea. The check compares document dates against arrival time, not the moment of boarding, so that passenger is caught before they fly.
A visa that has not started yet gets flagged. Entry before the visa's start date is a denied boarding waiting to happen, so we surface it.
Exemptions are honoured. A passenger who would normally need a visa may be exempt if, say, they hold an onward ticket. Because the engine sees the whole journey, it can apply that. Whether the airline accepts self-attestation of the onward ticket or wants proof is its call.
This is the engine doing the work that a scanner cannot. And it is why the non-MRZ coverage from step three matters: reading the visa is pointless if you cannot then reason correctly about what the visa permits.
When the check is done, the validated data goes back to the airline's DCS and any other system that needs it. How automated that handoff is depends on the integration. Often the mapping into the airline's backend is set up at implementation, and where an airline wants the fields written automatically rather than mapped on their side, we can support the deeper connection.
The service drops into the channels you already run: web and mobile check-in, kiosks, self-bag-drop, and the agent app. It fits the self-service estate rather than asking you to build a parallel one.
This is an airline process. Timatic Doc Scan does not replace border control. Immigration runs its own checks, and a passenger who clears the airline document check still meets the authorities' checks on arrival. What Timatic Doc Scan does for immigration is to raise the quality of what reaches the border: fewer invalid or fraudulent documents getting through, and cleaner data behind the ones that do. It also does not, in most cases, abolish the visual check at the airport. Whether a passenger is fully clear to board with no further look depends on the airline's own processes.
The question sitting under many of the others, asked on the airline's behalf and sometimes on the passenger's is: what happens to my data?
Capture and reading happen on the device, which keeps sensitive data from moving around unnecessarily in the first place. It is protected in transit and at rest, and passport information is not exposed publicly. Retention is set by each customer to fit their own data regulations, so it varies by jurisdiction, and the data is not repurposed for profiling or platform improvement unless a customer specifically asks for it. The underlying platform holds recognised security certifications.
One scenario is worth naming because it came up directly: an undocumented arrival, where a passenger destroys their document in transit. Because the captured scan is held in the airline's back office for a period the airline sets, it is usually still available to help identify that passenger after the fact.
Document verification stopped being a scanning problem a while ago. Scanning is the easy part. The hard part is reading the right information off all the other document types, and knowing how to feed it into an eligibility engine like Timatic, so that passengers across your whole network can clear the requirements and complete a full online check-in.
Get the scanning right and you have a faster queue. Get the rest right and you get truly self-service off-airport check-ins.
If you want to see how this maps to your own routes and document mix, contact us. The webinar was the overview. The specifics are where it gets useful.
