Key points to keep in mind about the authenticity of a document
- Authenticating a document means verifying its origin, its integrity and its conformity with the original.
- Documentary fraud is increasing: 69% of French companies are targeted by fraud, a figure that rises to 91% for large organisations.
- Four verification stages: visual checks, digital analysis, verification with issuing bodies, and technological tools.
- Electronic seal and qualified timestamping: securing the document at the point of issuance rather than detecting fraud after the event.
What does it mean to authenticate a document?
Authenticating a document is not limited to checking that it “looks genuine”. This process validates three distinct pillars:
- the origin of the document: certainty that the issuer is indeed the one identified;
- the integrity of the document: assurance that the content has not been altered (amount, bank details, clauses) since its creation;
- authenticity in the strict sense: confirmation that the document is a valid original and not a counterfeit.
These three criteria form the basis of any authenticity verification process. Confusing them exposes an organisation to validating a document which, although appearing to originate from the correct issuer, may have been altered after the fact.
Why has document authentication become indispensable in the face of documentary fraud?
Documentary fraud is accelerating. According to the Tessi Observatory 2025¹, digital fraud increased by 244% between 2023 and 2024. For the first time, it exceeds physical counterfeiting and now accounts for 57% of all documentary fraud. The annual loss to the French economy is estimated at more than €65 billion, or around 2.5% of national GDP.
Organisations are prime targets: 69% have faced at least one attempted instance of documentary fraud (91% for large organisations)¹.
Generative artificial intelligence is intensifying the phenomenon. In the banking sector, for example, 42.5% of fraud is now reportedly generated using AI¹.
Public authorities are confronted with applications containing false proofs of address or forged identity documents.
Individuals are also affected, both as victims and as perpetrators. Identity theft is increasing sharply for the opening of accounts without individuals’ knowledge. At the same time, everyday fraud is becoming commonplace: 10.8% of French citizens admit to having used a forged document, with a reported success rate of 73%¹.
Against this backdrop, verifying the authenticity of documents is no longer optional. It has become a necessary step in any process involving supporting evidence, contractual commitments or financial transactions.
Which types of documents require authenticity verification?
Not all documents require the same level of scrutiny. Certain documents, by their nature or use, present specific issues from an authentication perspective.
Identity documents and administrative evidence
Identity documents are among the most frequently targeted by fraudsters. These documents condition access to many services and form the first link in the chain of trust in a commercial or administrative relationship.
Proofs of address and insurance certificates fall into the same category. Their falsification makes it possible to assume an identity, obtain credit, enter into a lease or access social benefits.
Contractual and commercial documents
Contracts, purchase orders, invoices and quotations represent major vectors of documentary fraud risk. A falsified invoice may result in a payment being made to a fraudulent account. An altered contract may change the parties’ respective obligations without one of them being aware.
Verification is required before any payment, any signature or any archiving.
Digital documents: PDFs, scans and dematerialised files
Digital documents present specific vulnerabilities. Unlike paper documents, where alterations are more visible, a digital document (whether in Word or PDF format) can be modified in a way that is imperceptible.
The belief that a PDF file is “fixed” or tamper-proof is misleading. Today, widely available tools allow amounts, dates or names to be modified in a PDF without leaving any visible trace.
Scanned documents present an additional difficulty: digitisation smooths out the defects of a falsified original and produces a file that appears clean and authentic.
Risks for organisations when faced with falsified documents
Accepting a falsified document exposes an organisation to immediate and lasting consequences, both operational and legal.
Identity theft and fraudulent access
The presentation of a forged identity document or a counterfeit certificate is not limited to obtaining basic services. It is often the entry point for sophisticated cyberattacks or payment diversion schemes (CEO fraud).
Today, fraudsters are using artificial intelligence to take this further:
- deepfakes and synthetic identities: organisations have suffered significant losses (including the high-profile case in Hong Kong in 2024²) where the use of cloned voices and videos, combined with falsified official documents, enabled the validation of transactions worth several million euros;
- social engineering: a falsified administrative document (company registration extract, bank details, signing authority) is often used as “proof” to gain an employee’s trust and bypass internal security procedures.
Beyond unauthorised access to services, documentary fraud can disrupt an organisation. Paying a supplier invoice to a false bank account has a direct impact on cash flow. Hiring an employee under a false identity or with forged qualifications jeopardises operational security and organisational know-how. cte directement la trésorerie. Dans le cadre de l’embauche d’un collaborateur sous une fausse identité ou avec de faux diplômes, c’est toute la sécurité opérationnelle et le savoir-faire de l’entreprise qui sont mis en péril.
Legal and reputational consequences
An organisation that accepts a falsified document without sufficient verification may incur liability. The duty of vigilance imposed by anti-money laundering and counter-terrorist financing regulations, as well as obligations placed on principals, provide for sanctions in the event of non-compliance.
Beyond legal exposure, reputational damage represents a lasting harm.
The steps involved in verifying the authenticity of a document
Document authenticity verification relies on a structured four-stage process. Each stage provides a complementary level of control to reduce the risk of accepting a forged document.
Step 1: visual checks and review of mandatory information
Assess the overall consistency of the document and look for pixelated logos, inconsistent fonts or typographical errors.
Step 2: analysis of the integrity of digital documents
Examine metadata (file properties) to identify inconsistent creation dates or traces of software editing.
Step 3: verification with issuing bodies
Use official tools (Infogreffe verification codes for company registration extracts, URSSAF portals for certificates).
Step 4: use of technological tools to secure validation
Deploy automated AI-based analysis solutions (OCR) to detect anomalies that are not visible to the naked eye.
However, these technologies generally operate after the document has been received. For a higher level of protection, the use of an electronic seal reverses this logic by securing the document at the point of creation.
The electronic seal: authenticating a document at source
Rather than detecting fraud after receipt, the most reliable approach is to secure the document at the moment it is issued.
What is an electronic seal and how does it work?
The electronic seal is the digital equivalent of an organisational stamp. It allows a legal entity to mark a document in order to attest to its origin. Unlike an electronic signature, which commits a natural person, the seal identifies the issuing organisation.
From a technical perspective, it is based on cryptographic sealing: a unique fingerprint of the document is generated and then encrypted. This process ensures that the document is effectively fixed.
Ensuring integrity and origin from the moment of issuance
By using an electronic seal, an organisation reverses the control logic. Instead of attempting to detect forgeries among incoming documents, it secures its own outgoing documents. The recipient can immediately verify two key points:
- origin: certainty that the document originates from the identified entity;
- integrity: any subsequent modification breaks the seal, making alteration immediately detectable. Falsification therefore cannot occur without leaving evidence.
Qualified electronic seal: enhanced evidential value
The European eIDAS Regulation defines the qualified electronic seal as the highest level of security. Issued by a trust service provider, it benefits from a presumption of data integrity and accuracy of origin. In the event of a dispute, the burden of proof is reversed: it is for the party challenging the document to demonstrate that the seal is invalid.
Qualified timestamping to certify the date and integrity of a document
Qualified timestamping complements the seal by providing incontestable temporal evidence. It certifies that a document existed in a given form at a specific second, using a reliable and synchronised time source.
This certification is particularly relevant for proving the prior existence of a contract, securing an invoice or protecting intellectual property rights. Combined with the electronic seal, timestamping forms a complete certification mechanism, guaranteeing the origin, integrity and certain date of each document.
What legal framework governs document authentication?
The eIDAS Regulation (Electronic Identification, Authentication and Trust Services), adopted in 2014 and reinforced by eIDAS 2.0, forms the legal foundation for digital trust within the European Union. It defines the conditions for recognition of electronic signatures, electronic seals and timestamping services across all 27 Member States.
The qualified electronic seal benefits from a presumption of data integrity and accuracy of origin. This recognition applies uniformly throughout the Union, facilitating cross-border exchanges.
Duties of vigilance complement this framework. Know Your Customer (KYC) procedures and anti-money laundering and counter-terrorist financing requirements oblige organisations to verify the identity of their clients and the validity of the documents provided. The GDPR also governs the processing of personal data contained in such documents.
Conclusion
Verifying the authenticity of a document relies on a structured approach: visual checks, digital analysis, verification with issuing bodies and the use of technological tools. These stages help detect attempted fraud, but they operate after the document has been received.
For upstream protection, the electronic seal and qualified timestamping provide a complementary response. By securing the document from the moment of issuance, they guarantee its origin and integrity in a verifiable manner. Fraud does not disappear, but it becomes detectable with certainty.
You wish to strengthen the reliability of your documents and simplify their verification?
References
1 Tessi, L’observatoire Tessi de la fraude documentaire – Rapport initial 2025 : https://www.tessi.eu/fr/observatoire-tessi-de-la-fraude-documentaire/
2 Filippone D., Piégé par un deepfake en visio, un employé transfère 24 M€ à des escrocs, Le Monde Informatique, 5 février 2024 : https://www.lemondeinformatique.fr/actualites/lire-piege-par-un-deepfake-en-visio-un-employe-transfere-24-meteuro-a-des-escrocs-92875.html
Disclaimer
The opinions, presentations, figures and estimates set forth on the website including in the blog are for informational purposes only and should not be construed as legal advice. For legal advice you should contact a legal professional in your jurisdiction.
The use of any content on this website, including in this blog, for any commercial purposes, including resale, is prohibited, unless permission is first obtained from Evidency. Request for permission should state the purpose and the extent of the reproduction. For non-commercial purposes, all material in this publication may be freely quoted or reprinted, but acknowledgement is required, together with a link to this website.
