There are a number of reasons a document might be suspected as being potentially fraudulent. This document will give you an introduction to understanding document fraud, the procedures and technology we put in place at Onfido to spot it.
1. Checksum Warning Flags
Onfido’s MRZ reader assesses the validity of documents with a Machine Readable Zone, such as a Passport or a National Identity Card.
A Machine Readable Zone or ‘MRZ’ is one, two, or three lines of code unique to the holder of the identity document. This code contains the holder’s name, date of birth, their document number and other relevant information.
Onfido’s software can scan an MRZ code to identify a document’s holder, as well as assess its validity and detect tampering.
Below is an annotation showing how the MRZ matches with the constituent parts of the identity document.
Within these documents, MRZ codes are computer-generated numbers called ‘checksums,’ which correspond with the holders’ unique information (annotated with arrows below).
If a document has been tampered with, or the MRZ has been recreated altogether, these checksums will be faulty and detected by the Onfido engine. This is the surest indicator of a fraudulent document.
If a document has incorrect checksums, these will be indicated to you through warning flags on the ‘data validation’ section, as seen in the example below;
NB1: There will be an Expiry Date Warning flag if the document has expired.
NB2: A document with no checksum warning flags is not necessarily genuine. These MRZ codes can be obtained using computer software with correct checksums.
2. Document Consistency
Another way to detect document fraudulence is to compare the information in the MRZ to the information in the rest of the document. The information between corresponding areas of the document should be exactly the same; the document is potentially fraudulent if they are not.
This will be indicated through the ‘data consistency’ section, with warning flags next to the inconsistent information.
Note differences in DOB in personalisation section and MRZ. (Relevant area flagged in Data Consistency).
3. Fonts and Security Features
If a document needs to be manually reviewed by agents, it will be assessed by comparing it with genuine document templates.
Identity document fonts are designed to be difficult to replicate for security purposes. Factories that produce fraudulent documents often use basic, ‘pc-style’ fonts that can easily be detected as they differ from secure fonts.
a) Note differences in fraudulent UK Driving Licence (top) and genuine UK Driving Licence (bottom), in particular, the small dots in the digit 0.
b) Differences in the font in genuine French Passport (right) and fraudulent document (left). The genuine document has a much more sophisticated font with a complex background.
Counterfeit documents also fail to properly replicate key security features such as holograms, laser-engraved printing or watermarks. You can see below for examples of differences in security features:
a) UK Driving Licences have the surname (1) laser engraved onto the document (right). Note the difference between the genuine document and the fraudulent document (left), where the surname is bold as opposed to laser engraved - an imitation of the security feature.
b) Note the differences in a genuine Italian passport photo and its holograms (right) and a fraudulent document. The holograms over the fraudulent document say ‘genuine’, a common hologram in counterfeit documents.
For these reasons, it’s very important that good quality images are provided. It allows us to see as many of these security features as clearly as possible, and to make an assessment based on the genuine article. Often, fraudsters will submit poor quality documents in an attempt to complicate the fraud-detection process.
4. Digital and Physical Tampering
Counterfeit documents, i.e. complete imitations of genuine documents, are not the only types of fraudulent documents we receive More difficult to detect are signs of digital or physical tampering, whereby a fraudster has taken a genuine document and changed only certain elements.
Above are three examples of digitally manipulated documents where the digit ‘7’ has been altered so that the document expiry date is extended. Note the difference in font and the way the background is matted and interrupted. This is a clear sign of tampering.
Again, these examples should demonstrate why good quality images are needed in order to make an assessment of whether documents are genuine. It is much easier deceive when submitting a poor quality image, where the differences in lettering may be put down to low resolution.
You can download this article here.
For more information on document fraud, please consult the government’s guide on examining identity documents here.