Understanding document fraud: types, techniques, and detection

Document fraud is when important documents are intentionally altered, faked, or stolen then passed off as legitimate in order to deceive people or systems. Document fraud helps fraudsters siphon off resources from and inflict losses on well-meaning organizations, or, worse still, lets criminals leverage helpful services to scam and victimize innocent customers.

Authenticity and trust are key to ensuring that indispensable parts of daily life function properly for both consumers and service providers. Everything from opening a bank account to applying for a loan, investing, or accessing government services require legitimate ID cards, bank statements, utility bills, and official forms like W2s and paychecks to ensure that truly eligible people are accessing the financial services they need. But for the class of people who want to wrongfully take advantage of these services or actively do harm to the organizations that provide them, fake documents that “prove” their identity or personal information instead become the main method through which they carry out their schemes.

Altering or outright forging documents used to be a challenging and therefore relatively uncommon undertaking: creating fake IDs, for example, was an underground cottage industry, and convincingly reproducing official forms took a good deal of artistry and often specialized equipment. What's more, actually using manipulated documents carried a great deal of risk: the fraudster usually stood face-to-face with their mark and could easily be identified and apprehended if the jig was up.

In the digital age, however, the fraud scene is entirely different. The financial services we all rely on are online, either in large part or in their entirety. Meanwhile, image editing tools like Photoshop are available to anyone who wants them and online marketplaces abound with real documents—personal information on offer can turn up with just a simple internet search. Anyone anywhere can sit behind the safety of their computer screen and upload created or stolen digital documents into digital onboarding processes, fooling unprepared systems with "good enough" fakes, overwhelming systems with thousands of submissions at once, or painting a confusing picture with a combination of real and fake information. Document fraud today is cheaper, easier to replicate, and simpler for anyone to attempt thanks to advances in consumer software as well as in companies’ digital processes.

For tech companies whose business plans rely as much on high-automation, low-overhead operations as on the security of their online portals, the idea of equally automated attackers is daunting. And when trust in a brand is particularly crucial, as with financial services, even one example of an exploited vulnerability can be ruinous—just ask the instant money transfer apps struggling with Authorized Push Payment fraud today.

The good news is that these same tech companies are also usually the firms best placed to implement countermeasures specifically designed to deal with high-volume document fraud—so long as you know what you’re looking for and the tools available to counter it.

First-party fraud

First-party fraud is when an individual uses their own identity but alters certain details or provides misleading information. Essentially the fraudster is committing fraud in their own name and for their own benefit, usually to bypass restrictions or to take advantage of services or benefits that otherwise wouldn't be available to them. A typical example would be inflating their income on a pay stub or account statement in order to qualify for larger loans.
The mix of real and faked information that makes first-party fraud believable is also what makes it hard to spot.

Third-party fraud

Third-party fraud is when an individual assumes a completely different identity, typically by stealing someone else's personal details, creating a fictitious identity altogether, or mixing real and faked information.

Because it can impact both victims of identity theft and businesses, third-party fraud is arguably the more pernicious type of fraud. However, since it involves unsuspecting people or identities of people who have never existed at all, third-party fraudsters can be challenging for traditional fraud detection systems to identify and ultimately bring to justice.

Learn more about these categories, including examples of first-party and third-party fraud fraud schemes.

Just as there are different categories of people who engage in document fraud, there are also different types of fake documents. Put another way, fraudsters employ different methods of making and using fraudulent documents—and each method requires different fraud detection techniques to successfully identify. So to help you implement the best document fraud detection solution for your business’s unique challenges, here are the types of document fraud you’re likely to encounter.

Document forgery

Document forgery is making fake documents or imitating real ones entirely from scratch. Even working off an example, making a believable fake can be hard, yet given the many types of documents that are produced across the globe, even this technique can fool unprepared document processing systems or exhausted.
Document alteration
Document alteration or document manipulation is making changes to an existing genuine document. This is usually as simple as changing a name, address, or a few numbers in an image editing program, and so can be very challenging to detect by the naked eye, as we describe in our Habito case study.

Identity theft or stolen documents

Often used interchangeably with identity fraud, identity theft refers to finding, stealing, or even buying someone else's personal information and fraudulently using it as one's own. This can be an extremely difficult method for traditional anti-fraud systems to flag, as the information being used—name, Social Security number, even actual copies of documents like bank statements—are completely genuine, they just aren't being used by their owner.

Synthetic identities

Synthetic identity fraud involves using a mix of real and illegitimate information. Often this combines identity theft and document forgery and/or document alteration, where a certain amount of information is stolen, like a name or credit card number, while the remaining information is provided by the fraudster, such as a fake bank statement or a forged proof of address.

Template fraud

It's not hard to find ready-to-edit templates for all kinds of documents online. These can be in PDF or image format, free or paid, and exist in various qualities. While technically a form of document alteration, template farms or document mills are so prevalent and impactful that they really ought to be considered their own form of fraud given their capacity to overwhelming first-line controls.

Pre-digital document modification

Pre-digital modifications occur when a document is forged, printed, then photographed or scanned to digitize them again in an attempt to hide all signs of modification. This is very effective at fooling humans and less sophisticated fraud detection solutions that overly rely on metadata, though there are several methods that can be used to prevent this kind of fraud from scaling.

Generated document fraud

While still in its infancy, the growing availability and democratization of generative AI means that wholly original documents generated from scratch are starting to make their way into the wild. These can range from laughably bad (gibberish words on documents from non-existent institutions or countries) to eerily difficult to detect.

Serial fraud

Serial fraud is an emerging but rapidly growing form of fraud that relies on combining one or more of the methods above to identify a vulnerability in a financial institution's controls and then using automation and other technologies to repeatedly exploit that vulnerability on an industrial scale.

For example, once a winning combination of ID cards and supporting documents is found to bypass controls, they can be used to generate hundreds of variants and open dozens or even hundreds of fraudulent bank accounts in a programmatic fashion under the control of a single fraudster. Often this form of fraud won't be uncovered unless all documents received by a company are compared against one another, as we found in our Payoneer case study.

Get a full run-down of these document fraud techniques and how they can fool traditional detection and prevention measures.

How to spot a fake ID

Since they are the foundation of most know your customer (KYC) processes, it's crucial to be able to detect fake IDs like driver's licenses or passports. One of the primary ways fraudsters manipulate IDs is through image doctoring, altering the photo, name, or other details on the ID itself. This is often quite crude—letters are clearly copied and pasted from elsewhere on the card or an all new photo has evidently been imported into the image file. Stolen IDs or more convincing fakes, especially those used in serial fraud rings, are often exposed by noting commonalities in uploaded pictures of IDs.

How to spot a fake proof of address

Proof of address can present a problem for fraud detection: anything from fake utility bills to bank statements to Social Security awards letters might pop up, and keeping up to date with every possible issuing authority is nigh impossible. But these are often relatively straightforward documents that are frequent targets of document forgery, so logo detection that flags out-of-date designs, page layouts that don't match genuine versions, or even an unfamiliar mix of fonts can quickly uncover the ruse.

How to spot a fake bank statement

Bank statements are essential for confirming proof of funds, proof of income, and proof of address, especially for online lenders during the underwriting process. More skilled fraudsters might skip document forgery and instead choose to edit PDF versions of bank account statements that can easily be downloaded from an email or banking app. While outwardly probably pretty convincing to the naked eye, this approach leaves an obvious technological trail that the file has undergone unauthorized changes.

How to spot a fake W2

W2 forms are essential during tax season and are often requested by lenders and government services to verify proof of employment and other personal details. Fraudsters might present fake W2s to inflate their income or secure loans they aren't qualified for. Fake W2s and other standardized forms can be exposed based on inconsistencies in numbers, referencing employers or identification numbers that don't exist, or even hard-to-see details like fields that don't align with the rest of the form.

How to spot fake pay stubs

Pay stubs can be used by both individuals and companies, whether for proof of income, employment, or address or as part of bookkeeping and company administration, and fakes might be used to secure loans, cover up embezzlement, or any number of other fraudulent purposes. In addition to standard checks for Photoshopped names or numbers, it's often a red flag if the document hasn't come directly from common bookkeeping software.

How to spot fake merchant onboarding materials
Merchant onboarding or know your business (KYB) is an even higher-stakes game than typical KYC onboarding processes, as penalties for doing business with inappropriate figures can be higher and losses from SME lending are often much larger as well. Fake merchant onboarding materials like certificates of incorporation or business licenses can suffer from any of the problems noted above and/or unique issues like digitally added official stamps or notarizations.

See recreated examples of document fraud in these types of document—and how Document Forensics uncovers them as fakes.

The world of fraud has a lot of variables: who is committing document fraud, the techniques they are using to produce fraudulent documents, the type of document in question, even the type of business a fraudster might be targeting. Luckily, there is an equally broad array of fraud detection and prevention techniques that effectively fight fraud. Used together, these techniques mutually reinforce one another to provide a comprehensive way to stop fraud altogether or at least make your business far less appealing to fraudsters.

Fraud risk assessment

Undertaking an assessment is the first step in effective fraud risk management. Determining the threats you're up against, your unique vulnerabilities, your risk tolerance, and how potential solutions might affect the service you provide all need to be clearly defined before you start implementing your fraud detection framework.

KYC onboarding process

Knowing how your document intake process currently works helps to define where your strengths and weaknesses are. Intelligent document processors (IDPs), ID verifiers (IDVs), and optical character recognition (OCR) programs affect the type of checks your documents need to undergo as well as what you need from your fraud detection software.

Document fraud detection software

These days, you can detect document fraud thanks to artificial intelligence (AI) and machine learning to analyze metadata, visual structure, and internal integrity for signs of forgery. Good systems will build templates of legitimate documents to compare against incoming ones, while the best document fraud detection technologies will go beyond pre-trained classification approaches to detect general anomalies in any document.

While you should always opt for this kind of anomaly detection as a core mechanism, the very strongest systems will also allow you to enrich those findings with signals such as customer submission behaviors, information included in forms, and other data sources to dramatically increase detections thanks to a layered approach. 

Manual review

Relying solely on human reviewers to detect document fraud in digital documents just isn't feasible, since it's usually invisible to the human eye. Basic metadata checks are manually possible, but this approach is neither effective nor scalable in the face of mass produced forgeries and template farms. These days, if you aren't relying on an AI-powered document fraud detection solution, you aren't stopping fraud.

That said, completely removing humans from the process isn't a great idea either. Quality document fraud detection software should act as a filter or an enhancement to prevent slam-dunk fraud cases from landing on a manual reviewer's desk while surfacing novel cases that require human expertise, creativity, and deeper investigatory attention to adjudicate whether a difficult case is fraudulent or not—and to teach the system how it should handle future instances.

Continuous monitoring

Continuous monitoring, or perpetual KYC, is a way to protect your business on an ongoing basis, effectively relying on multiple preventative layers to uncover threats that may have evaded fraud detection efforts elsewhere.

For example, comparing documents you've historically received to incoming ones safeguards against reused documents, identity theft, and serial fraud. Similarly, when transaction monitoring and behavioral analysis of existing customers exposes criminals, a retrospective analysis of all the documents you've collected could detect even more sleeper accounts that may have slipped through using similar patterns of document fraud.

Take a deep dive into the how these layers of fraud detection and prevention can work together to protect every fintech.