persona-logo
Published February 27, 2026
Last updated March 09, 2026

Document fraud is getting worse. Here's what’s changing.

GenAI, data breaches, and an increase in document requests are fueling a rise in document fraud.
Ashley Fang
Ashley Fang
5 min
Key takeaways
Many organizations collect supplemental documents, such as bank statements, pay stubs, and utility bills, for compliance and risk purposes.
Document fraud is when a bad actor submits generated, altered, or stolen documents. It’s become a larger issue as organizations more regularly request documents, and AI makes creating genuine-looking documents easier. 
There are many ways to detect the various methods that bad actors use to create or submit fraudulent documents.

Physical discs have given way to streaming. You can make a purchase with a tap of your phone. But relying on documents to verify business and individual identities isn't going anywhere. In fact, the opposite is true. 

Some regulations require document checks during identity verification. Even when that’s not the case, documents are becoming popular and valuable components of identity checks because they provide information that isn’t available elsewhere. However, the expanded use is also leading to a rise in document fraud. 

Below, we clarify what we mean by documents, how organizations use them, and the fraud techniques that take advantage of them.

What do we mean by supplemental documents?

In the context of risk and compliance, supplemental documents provide support for a risk assessment. They can include bank statements, pay stubs, utility bills, educational transcripts, and medical records.

These documents don’t include government-issued IDs, like driver’s licenses, passports, or ID cards. While you can use the IDs and extracted information to evaluate risk, the approach and level of assurance differ from other types of document checks. 

undefined

Here's an example document from PG&E, a utility company.

Why organizations collect documents

You might ask for supplemental documents from a potential customer, current user, employee, business partner, or other party. They can be a vital part of regulatory compliance and offer valuable insights for risk assessment. 

Compliance

Some organizations are required to comply with various identity verification and risk assessment regulations, and documents can help. For example:

Fraud and risk mitigation

Even when document collection isn’t required, it can play an important role in fraud detection and risk mitigation. The information contained in (legitimate) documents can offer insight and context about a potential user, customer, or business partner. For example: 

  • Organizations evaluate business partners, suppliers, or contractors prior to engaging with them to detect fraudulent misrepresentation

  • Online marketplaces ensure that potential sellers on their platforms are legitimate to reduce marketplace fraud and protect buyers.

  • Gig marketplaces verify insurance coverage and up-to-date vehicle registration for workers who will be driving.

  • Financial institutions confirm individuals' and businesses’ financial details by evaluating bank statements and pay stubs before providing financial services.

How fraudsters commit document fraud

As document use increases, the prevalence of document fraud is also going up. But it’s not a one-to-one increase. Document fraud is also becoming widespread because it’s now relatively easy for fraudsters to find templates, buy tools, or use generative AI to create and alter documents. 

Here are some of the types of fraud and techniques behind the trend:

  • Digitally tampered documents. Fraudsters might alter an authentic document to support a false narrative. For example, altering the name and income on a pay stub to align the document with a synthetic identity or get past income verification checks.

  • GenAI documents. Image synthesis tools can generate realistic documents from scratch, leaving few to no visible signs of tampering. Fraudsters can generate fonts, watermarks, and logos that are often indistinguishable from what you’d see on genuine documents. 

  • Templated documents. Fraudsters can buy or build templates of authentic documents from well-known companies, including banks, payroll providers, and utility companies. They can then fill on or alter the template to further their scheme. 

  • Electronic replicas. Fraudsters might submit screenshots, digital reproductions, or pictures of high-quality printouts to obscure edits and other signs of tampering.

  • Stolen documents. Bad actors might buy, steal, or trick someone into sharing legitimate documents. They might use them as is to commit identity theft, as the basis for a new synthetic identity, or as a template for fraudulent documents. 

  • Legally issued documents. Some fraudsters convince organizations to issue legitimate documents with the fraudster’s portrait or falsified information. Or, they change an account's contact details so the fraudster can intercept newly issued documents.

Indicators of fake or altered documents

Fraudsters can use the techniques above to create fake documents en masse, and the results don’t have to be perfect to be convincing. Supplemental documents can be especially difficult to evaluate because they rarely follow the same layout, contain the same information, or include the same security features. Additionally, the more an organization relies on document checks, the more pressure teams feel to complete reviews quickly.

Compliance, fraud, and product teams need modern tools that automate document fraud detection and limit potential delays for legitimate customers. When organizations or edge cases require manual reviews, the investigators should also receive clear indicators of potential risk and trust signals

Some of the elements that good document verification solutions consider are: 

  • Visual tampering indicators. This might be pixels out of place or not matching the pixels around them, a haloed or ghostly effect indicating something has been removed, or subtle changes in font size, style, or the space between letters. If a single number in a date looks slightly thicker or misaligned by a millimeter, there’s a chance it might have been edited. 

  • Non-visual tampering indicators. Metadata is the most straightforward example of a non-visual tampering indicator. You might want to think twice if you receive a bank statement from 2024 that was created in 2025, or an official document that was last saved using a PDF editor associated with high-risk submissions.

  • Content discrepancies. Serial numbers that don’t match the issuing country's patterns, different addresses in the same document, or a date that’s impossible in the context could be warning signs. Spelling and math errors are also common discrepancies. 

  • Reused documents. Documents shouldn’t give investigators a sense of déjà vu. Templates and manufactured forms from document farms or mills often include the same idiosyncrasies and errors. 

  • Uncorroborated details. If a detail doesn’t match information from a reliable database or source, or even the rest of the data provided by the user, that could be a red flag. 

Depending on the indicator, the fact that something appears suspicious doesn’t necessarily mean it’s fraud. Mistakes happen. Mismatches occur for legitimate reasons. Real documents sometimes have unusual appearances. And uploading or scanning can have unintended consequences. 

What’s next? Learning how to detect document fraud

Document fraud is becoming more prevalent and harder to detect. It’s a maddening trend for financial institutions, marketplaces, and other businesses that rely on supplemental documents for critical business processes. 

If you want to learn more about how to detect this new wave of document fraud, read our deep dive.

The information provided is not intended to constitute legal advice; all information provided is for general informational purposes only and may not constitute the most up-to-date information. Any links to other third-party websites are only for the convenience of the reader.
Ashley Fang
Ashley Fang
Ashley Fang is a fraud product analyst at Persona who helps customers and engineering teams outsmart fraudsters. When she's not fighting fraud, you can find her at hip-hop dance rehearsals or running along the Bay in San Francisco.
Continue reading