Document Fraud Detection: Techniques That Actually Work

Document fraud is the presentation of a falsified, fabricated, or stolen identity document to pass a verification check. It is the entry point for most downstream identity crimes: once a fraudster has cleared document verification, they can open accounts, access credit, move money, and create aliases that persist until someone looks harder.

The detection problem is not static. Fraud techniques evolve alongside the tools that enable them — and the tools have gotten significantly better. Understanding the forgery types and the detection signals that counter each one is the starting point for building a check that holds up.

Key takeaways

• Document fraud falls into four main categories: photoshopped originals, template-based counterfeits, printed-and-photographed reproductions, and AI-generated synthetic IDs.
• The MRZ (Machine-Readable Zone) carries check digits that validate the consistency of document data — MRZ checksum failures are a reliable, low-cost fraud signal.
• NFC (Near-Field Communication) chip authentication reads issuer-signed chip data that cannot be forged without the issuing government's private key.
• Visual and structural analysis — font rendering, security feature geometry, layer structure — catches photoshopped and printed reproductions that look correct to the human eye.
• Didit's ID Verification processes 200+ fraud signals in under two seconds at $0.15 per check, across 14,000+ document types in 220+ countries and territories.

The four forgery types

1. Photoshopped originals

The attacker starts with a genuine document — their own or stolen — and alters specific fields: name, date of birth, or document number. The base document is real, so template matching and some structural checks pass. The manipulation is detectable through:

• Image artifact analysis: JPEG compression re-encoding, pixel inconsistencies, and cloning artifacts around edited fields.
• Font rendering: legitimate documents use printing techniques (laser engraving, inkjet on polycarbonate) that produce different pixel signatures than digital editing tools.
• Typography consistency: character spacing and baseline alignment in genuine documents follow issuer-specific patterns; substituted characters often break these patterns.

2. Template-based counterfeits

The attacker builds a document from scratch using a downloaded or reverse-engineered template of the genuine document. The layout, fonts, and color scheme may be correct; the underlying production characteristics are not.

Detection relies on:

• Security feature analysis: genuine ID cards include microprinting, guilloche patterns, UV-reactive inks, and laser-perforated serial numbers. Counterfeits printed on standard equipment reproduce these features as static images, not as the physical security elements.
• Template deviation scoring: Didit maintains a reference database of known genuine document templates. Submitted documents are compared against the expected visual grammar — spacing tolerances, field positions, logo geometry — for the claimed document type.
• MRZ checksum validation: the MRZ encodes redundant check digits across document number, date of birth, expiry, and a composite field. A fabricated document that invents these values must satisfy all checksum constraints simultaneously, and many do not.

3. Printed-and-photographed reproductions

The attacker prints a digital fake and photographs it to create an image that looks like a physical document submitted through a camera. This category is especially relevant for selfie-plus-ID flows where the user holds the document up to a camera.

Detection signals include:

• Moiré pattern detection: printing a digital image and re-photographing it creates moiré interference patterns in the image that are not present in a genuine document photographed directly.
• Depth and reflection cues: a genuine polycarbonate ID card reflects light differently than a printed flat sheet. Analysis of specular reflection patterns can distinguish the two.
• Liveness adjacency: a printed document held up in a video liveness check behaves differently from a genuine one in three-dimensional space — head and document positions, reflection consistency, and shadow geometry all carry signal.

4. AI-generated synthetic IDs

The newest and fastest-evolving category. Generative tools can now produce photorealistic images of identity documents — correct fonts, correct security feature aesthetics, correct data field layouts — without starting from a genuine document at all.

These documents defeat many visual inspection methods because there is no underlying genuine document to diverge from. Detection requires:

• NFC chip authentication: an AI-generated image cannot produce a chip with a valid government-signed cryptographic payload. For chip-enabled documents (eMRTD passports, modern EU national IDs), requiring an NFC read eliminates synthetic IDs entirely.
• Database cross-validation: the document number can be checked against issuer databases in jurisdictions that expose lookup APIs. A document number that does not exist in the issuer's registry is a hard signal.
• Forensic metadata signals: generative models introduce statistical artifacts in image frequency domains that are detectable through noise analysis, even when the visual output appears photorealistic.

MRZ checksum: the free sanity check

Every travel document and many national IDs include a Machine-Readable Zone — the two or three lines of characters at the bottom of the bio-data page. The MRZ is designed to be machine-read and follows the ICAO (International Civil Aviation Organization) 9303 standard.

Embedded within the MRZ are check digits: single-digit values computed from a weighted modulo-10 algorithm applied to document number, date of birth, expiry date, optional data, and a composite of all of the above. A genuine document's check digits must satisfy all five constraints simultaneously.

A fraudster who fabricates or alters an MRZ must either know the algorithm and apply it correctly, or leave the check digits inconsistent. Many do not apply it correctly. MRZ checksum validation is fast, cheap, and catches a consistent percentage of low-effort forgeries before any image analysis runs.

NFC chip authentication: the highest-assurance signal

For documents that carry an eMRTD chip, NFC reading is the strongest available anti-forgery check. The chip stores biographic data signed by the issuing government's private key. Passive Authentication verifies this signature against the issuer's public key — data that was tampered with cannot produce a valid signature, and a valid signature cannot be produced without the issuing government's key.

AI-generated images, printed counterfeits, and even cloned chips (which Active Authentication detects via challenge-response) all fail at this step. For high-assurance verification flows, requiring an NFC read on chip-capable documents is the single most effective fraud-reduction measure available.

How Didit helps

Didit ID Verification processes 200+ fraud signals on every document submission in under two seconds. The analysis layer covers:

• MRZ parsing and checksum validation across all ICAO-defined document types
• Template matching against a reference library of 14,000+ document types from 220+ countries and territories
• Image artifact, font, and security-feature analysis
• NFC chip authentication (Passive and Active) for eMRTD documents
• Database cross-validation against government registries where lookup APIs are available

All of these signals feed a single session decision. When a signal crosses a configured threshold, the session is marked for review rather than auto-approved — and the specific signals that triggered it are available in the session decision payload.

The Workflow Builder in the Business Console lets you configure how aggressively each signal type gates the session: approve, review, or decline. This means you can run tighter controls for higher-risk transaction types (large deposits, crypto withdrawals) and lighter controls for low-risk onboarding without changing code.

Price: $0.15 per ID check. Add NFC Reading ($0.15) and Database Validation (variable) for a higher-assurance tier. The full KYC core flow — ID + Passive Liveness + Face Match 1:1 + IP Analysis — is $0.33. 500 free checks per month, no minimums, 3–5× cheaper than legacy providers.

Use cases

Fintech and neobank onboarding — regulated financial services face AML obligations that require identity verification at account opening. Document fraud detection is the first line; the session combines it with liveness and AML screening.

Crypto exchange KYC — exchanges onboarding users for spot trading or fiat off-ramps face identity fraud from users who pass false identities to separate accounts from real-world identities. AI-generated ID detection and NFC reads are increasingly relevant for high-value accounts.

Marketplace and gig platforms — gig economy platforms verifying driver or delivery-person identity need to confirm the person behind the document is real and that the document has not been recycled from a previous account.

Age-gated industries — iGaming and alcohol platforms need to confirm both age and identity; document fraud with altered date-of-birth fields is the primary age-verification evasion technique.

Frequently asked questions

How much does ID Verification cost?

$0.15 per check. The full KYC core flow — ID + Passive Liveness ($0.10) + Face Match 1:1 ($0.05) + IP Analysis ($0.03) — is $0.33 with 500 free checks per month and no minimums.

What document types are supported?

14,000+ document types across 220+ countries and territories, including passports, national IDs, driver's licences, and residence permits.

Does Didit detect AI-generated fake IDs?

Yes, through a combination of forensic image analysis and — for chip-capable documents — NFC authentication. An AI-generated image cannot produce a valid government-signed chip payload.

What is an MRZ checksum and why does it matter?

The MRZ (Machine-Readable Zone) contains check digits that must satisfy a standard algorithm. A fabricated or altered MRZ that does not compute correctly is an immediate fraud signal, caught before any image analysis runs.

Does document fraud detection replace liveness checks?

No — document fraud detection verifies the document; liveness checks verify that the person submitting it is real and present. Both are required to confirm that a genuine document is being used by its rightful holder.

Ready to get started?

Document verification is the core layer of Didit's identity and fraud infrastructure — combine it with Passive Liveness, NFC Reading, AML Screening, and Database Validation in a single composable workflow.

• Read the docs → docs.didit.me
• See it in the platform → User Verification product page
• Check the price → Pricing — ID Verification at $0.15, 500 free checks/month
• Start free → business.didit.me