Document fraud: why detection is no longer sufficient (and how to act earlier)

Key takeaways

• Document fraud represents a tangible risk for businesses
• Generative AI makes the production of forged documents easier
• Detection occurs when the fraud has already taken place
• An evidence-based approach makes it possible to act upstream by securing documents
• Prevention and detection are complementary in combating document fraud

Document fraud in 2025–26: a phenomenon that has reached a new scale

69% of French companies report having been targeted by at least one attempt at document fraud [1]. In France, the annual cost exceeds €65 billion, or around 2.5% of national GDP [2]. Digital falsifications increased by 244% between 2023 and 2024, surpassing physical counterfeits for the first time: 57% of detected document fraud cases are now digital [3].

The influence of AI in document falsification

Until recently, producing a convincing forged document required genuine technical expertise. That requirement has almost disappeared.

Among individuals who have used forged documents, 37% relied on a generative AI solution, a figure already approaching the 42% who used traditional editing software [2].

The acceleration does not stop there. Deepfakes now rank among the top five global fraud threats, with a 1,100% increase during the first quarter of 2025 in the United States [4].

Platforms offering “Fraud-as-a-Service” now provide ready-to-use falsification kits. In addition, AI fraud agents are capable of generating forged documents on demand and adapting their strategies in real time [4]. Our white paper examines these new fraud vectors as well as the criminal ecosystem that is emerging around them.

The normalisation of document fraud

The figures illustrating this normalisation are telling:

• 10.8% of French citizens acknowledge having already used a forged document, reporting a self-declared success rate of 73% [2]
• Among individuals under 35, more than 20% admit to having falsified documents in order to open a bank account or obtain credit [5]

Document fraud is no longer confined to organised crime. It is becoming embedded in everyday practices, making detection increasingly difficult.

Faced with this transformation, control mechanisms remain necessary. However, they encounter limitations that organisations would be mistaken to underestimate.

Why detection alone is no longer sufficient to address document fraud

Human checks, document analysis software, sampling-based verification and artificial intelligence tools: detection mechanisms have multiplied. These responses are useful. However, they share three structural weaknesses that limit their effectiveness.

The quality of forged documents

A document generated by a latest-generation AI no longer displays the visual anomalies (inconsistent fonts, pixelated logos, approximate alignment) that previously made falsifications easier to identify.

The time problem

Detection occurs after the document has been received. When fraud is identified, the loss has often already occurred. The organisation finds itself reacting in an attempt to recover funds that may already have disappeared.

The technological race

Sampling approaches inevitably allow some fraudulent documents to pass through. Statistical approaches detect only previously identified patterns: as long as a new modus operandi has not been recognised, it remains undetected.

At the same time, falsification tools evolve at the same pace as, or faster than, detection technologies.

The challenge is therefore to intervene earlier in the chain: not by focusing on the fraudster, but on the document itself, making it verifiable from the moment it is created.

The evidence-based approach: securing the document from its creation

The aim is not to replace detection but to complement it with a mechanism that acts upstream. The evidence-based approach consists of securing documents at the moment they are issued so that any attempt at falsification leaves a verifiable trace. When stakeholders are aware of this, the attempt itself may be discouraged.

The principle

A document secured at issuance becomes verifiable at any point in its lifecycle through three simultaneous guarantees:

The integrity of the document, meaning certainty that its content has not been altered since its creation
The identity of the issuer, allowing any recipient to verify that the document genuinely originates from the organisation indicated
Its anchoring in time, through the application of a legally reliable and enforceable date

If one of these guarantees is missing, the chain of trust breaks. Their combination, however, makes any attempt at falsification detectable.

The three mechanisms

Qualified electronic timestamping fixes the document at a specific moment in time. It calculates a cryptographic hash of the content and associates it with a reliable date and time. If even a single character is modified after the timestamp is applied, the hash no longer matches and the alteration becomes evident. In practice, this means that an invoice timestamped at the moment of issuance carries proof of its production date, and a contract secured in this way cannot be backdated.

The electronic seal links the document to the organisation that produced it. The recipient can verify within seconds that the invoice, certificate or statement received genuinely originates from the legal entity indicated. Unlike an electronic signature, which commits an individual to a legal act, the electronic seal commits the organisation itself. It can therefore be applied automatically to large volumes of outgoing documents without manual intervention.

Electronic archiving preserves the evidence over time. A timestamped and sealed document loses its evidential strength if the conditions of its storage do not ensure its long-term integrity. Qualified electronic archiving guarantees the durability, readability and integrity of documents for the entire legally or contractually required retention period.

The legal framework

These three services are not merely matters of best practice. The eIDAS Regulation grants them harmonised legal recognition across all Member States of the European Union.

Only the qualified level, delivered by a Qualified Trust Service Provider (QTSP) that has successfully completed a conformity audit, benefits from reinforced legal presumptions that reverse the burden of proof: it becomes the responsibility of the party challenging the integrity or date of a document to demonstrate that they are inaccurate. In the context of litigation or an audit, this advantage is considerable.

The deterrent effect

One aspect that organisations still underestimate is the deterrent dimension of this approach. A supplier that informs its clients that all invoices are sealed and timestamped, and that an online verification portal allows their authenticity to be checked, changes the equation for the fraudster. The attempt becomes riskier for its author and the probability of success decreases significantly.

From theory to practice: which documents should be secured first

The evidence-based approach is not theoretical. It is already deployed in several sectors.

A concrete example: the AQP standard

Road construction provides a telling example. Faced with repeated fraud involving asphalt delivery notes, the sector structured the AQP (Assurance Qualité Pesage) framework as early as 1996, formalised through standard NF P 98-750. The digitalisation of these delivery notes became possible through the integration of qualified timestamping, electronic sealing and an online verification portal.

Sector overview

In banking and financial services, account statements, balance certificates and KYC documentation are frequent targets. The DORA Regulation, applicable since January 2025, reinforces obligations relating to the integrity of data and digital documents.

In insurance, claims declarations, expert reports and contract amendments are regularly subject to falsification attempts involving dates, amounts or coverage conditions.

In real estate, technical diagnostics, pre-sale agreements and property condition reports circulate between multiple intermediaries. Each transmission creates an opportunity for falsification.

In industry, material compliance certificates, quality-control reports and delivery notes underpin the trust between supplier and contractor. The falsification of a compliance certificate in sectors such as aerospace, automotive or pharmaceuticals may have consequences extending far beyond financial loss.

An investment in digital trust

Detection remains a necessary component. However, it addresses only documents received and operates after the event. Prevention through evidence operates on a different level: it secures documents issued by the organisation and alters the conditions under which fraud can occur.

This approach forms part of a broader movement aimed at strengthening digital trust in dematerialised exchanges. As documents increasingly migrate to digital formats, an organisation’s capacity to guarantee the authenticity of its own documents becomes a marker of reliability.

Those that anticipate this requirement will gain an advantage that goes beyond regulatory compliance: they will have built, document by document, the foundation of trust on which their commercial, legal and institutional relationships depend.

To explore the subject further, our white paper “Document fraud: when prevention is better than cure” examines each mechanism, provides sector-specific feedback and sets out ten recommendations for deploying a document fraud prevention strategy.

Sources

1. Allianz Trade–DFCG, Fraud Study 2022: https://www.allianz-trade.fr/actualites/etude-fraude-2022.html
2. Tessi Document Fraud Observatory, Initial Report 2025: https://www.tessi.eu/fr/observatoire-tessi-de-la-fraude-documentaire/
3. Entrust Cybersecurity Institute, 2025 Identity Fraud Report (November 2024): https://www.entrust.com/sites/default/files/documentation/reports/2025-identity-fraud-report.pdf
4. Sumsub, Identity Fraud Report 2025–2026 (November 2025): https://sumsub.com/fraud-report-2025/ ; Synthetic Identity Document Fraud Surges 300% in the U.S.: https://sumsub.com/newsroom/synthetic-identity-document-fraud-surges-300-in-the-u-s-sumsub-warns-e-commerce-healthtech-and-fintech-at-risk/
5. IN BANQUE (with Capgemini Invent and Tessi), The French and their bank in 2024 (15 July 2024): https://www.inbanque.com/etude-les-francais-et-leur-banque-en-2024-les-principaux-enseignements/

Disclaimer

The opinions, presentations, figures and estimates set forth on the website including in the blog are for informational purposes only and should not be construed as legal advice. For legal advice you should contact a legal professional in your jurisdiction.

The use of any content on this website, including in this blog, for any commercial purposes, including resale, is prohibited, unless permission is first obtained from Evidency. Request for permission should state the purpose and the extent of the reproduction. For non-commercial purposes, all material in this publication may be freely quoted or reprinted, but acknowledgement is required, together with a link to this website.