Document Fraud

The cases Evans describes are not outliers. They reflect the industrialization of document fraud that our network data confirms.

This tracks with what we have heard across the industry. Frank McKenna, Chief Fraud Strategist at Point Predictive and author of the Frank on Fraud blog, has watched fraud evolve for three decades. He describes fraudsters as increasingly sophisticated in exploiting multiple channels and document types simultaneously.

As document quality improves, the challenge shifts from just a detection problem to an operational burden. When fraudulent and legitimate documents are indistinguishable at first glance, review teams face higher workloads, longer queues, and increased risk of both missed fraud and unnecessary friction for good customers.

Fraud pressure is broadly distributed across document types

When we examine fraud rates by document type, a clear pattern emerges: most documents used to verify critical facts exhibit a similar baseline fraud rate, generally in the 4–7% range.

Bank statements, pay stubs, tax forms, business filings, and other financial documents are all consistently targeted. This indicates that document fraud is not confined to a single document class, nor driven by one specific verification step. Instead, fraud pressure is broadly distributed across workflows wherever documents are used to establish trust.

Utility bills show a notably higher fraud rate than other document categories in Inscribe’s network, but this doesn't mean utility bills are uniquely dangerous. Instead, they sit at the intersection of identity, convenience, and perception.

Utility bills are commonly used to verify proof of address, often as a secondary or supporting document. Because an address underpins many downstream decisions, from account opening to credit approval, utility bills frequently serve as an early anchor in identity formation.

At the same time, altering a utility bill often feels less serious than altering a primary financial document, even though the legal and risk implications are the same. In many cases, the behavior is not overtly malicious. Applicants may have recently moved, lack updated documentation, or “fix” an address without recognizing the action as deception.

The intent varies, but the risk signal does not. This perception gap creates a training opportunity. If reviewers unconsciously apply less scrutiny to "secondary" documents, they may be overlooking exactly the documents that warrant more attention.

Applying consistent scrutiny across all documents used to verify critical facts helps protect institutions and customers, especially when individuals may unknowingly cross a line.

Financial details are edited in most documents

To understand what fraudsters are actually changing, we categorized every flagged document by whether the edits targeted identity information, financial details, or both.

In 2025, Inscribe observed the following breakdown across altered documents:

Historically, these categories tended to stay within a relatively narrow range year over year. In 2025, however, that pattern shifted. The share of documents involving both identity and financial manipulation increased sharply (from 40.2% of documents in 2024 to 59.8% of documents in 2025), while identity-only edits remained a small minority.

While our data shows most (91.2%) documents show edits to financial details, these patterns cannot be cleanly mapped to a single fraud type. A document with both identity and financial edits could represent sophisticated first-party fraud, third-party misuse, or synthetic identities supported by fabricated documentation.

As Laura Spiekerman, Co-founder and President of Alloy, noted:

This growing ambiguity helps explain why first-party fraud and related behaviors often go underreported. Many organizations hesitate to classify financial manipulation as fraud when the applicant appears legitimate, intent is unclear, or identity checks pass.

Michael Coomer, Director of Fraud Management at BHG Financial, notes that this hesitation can obscure the true scope of the issue:

The takeaway is not that fraud attribution must be perfect. Rather, it is that financial manipulation cuts across first-party, third-party, and synthetic identity fraud, and detection strategies that rely primarily on identity signals or a single verification step will miss meaningful risk.

As fraud categories blur, effective prevention depends on layered, lifecycle-based controls that evaluate financial consistency alongside identity, behavior, and context. Organizations that focus solely on onboarding checks or static identity verification are increasingly exposed as fraud tactics evolve.

Bank statements top the list of fraud fighter concern

In a survey of 90 fraud and risk leaders, 85.6% of respondents cited bank statements as the document type they are most concerned about, the highest of any category.

The challenge with bank statements is their complexity. Unlike a pay stub with a handful of fields, a bank statement contains dozens of transactions, running balances, dates, and formatting elements. That complexity creates more opportunities for subtle manipulation and more work for reviewers trying to catch it.

Pay stubs and business financial documents rank second and third, reflecting the income verification use case that drives much of document fraud in lending.

For fraud teams, this means the documents requiring the most scrutiny are also the ones that appear most frequently. There's no low-volume segment to deprioritize — the pressure is constant across the documents that matter most.

The data shows where fraud pressure exists today, but it doesn't explain why this moment feels different to the fraud fighters living it. For that, we need to examine what's changed: the tools.

Angela's point captures the trajectory. Today, many AI-generated documents still have visible flaws. But the gap is closing. Detection strategies that depend primarily on appearance or manual inspection are increasingly fragile. The question is not whether AI-generated documents will become indistinguishable from real ones, but when.

Two types of AI-enabled document fraud

Not all AI-enabled document fraud looks the same. In practice, our team has found that it falls into two distinct patterns: documents generated entirely from scratch, and legitimate documents that have been selectively edited using generative tools.

1. AI-generated documents are created entirely from scratch using image generation models. These documents never existed in legitimate form. A fraudster prompts an AI system to create a bank statement, pay stub, or utility bill, and the model produces something that looks convincing at first glance.
2. AI-edited documents start as real documents that fraudsters modify using generative tools to change specific fields: names, dates, account numbers, transaction amounts. Because most of the document is genuine, these modifications are harder to catch.

Of these two patterns, AI-edited documents currently pose the greater risk. The base document is real, so it passes many surface-level checks. The edits are small and targeted. Detection requires looking beyond appearance to metadata, internal consistency, and cross-document patterns.

AI is also lowering the barrier to entry in quieter ways. Fraudsters do not always need to generate documents outright. Large language models (LLMs) can simply teach users how to alter documents, walking them through tools like Photoshop step by step.

This may be the most underappreciated impact of AI on document fraud. The flashy threat is AI-generated documents. The quieter threat is AI as a tutor. Someone who has never edited a PDF can now get step-by-step instructions in minutes. The skill barrier that once protected institutions has effectively disappeared.

AI fraud tactics used alongside document manipulation

AI-enabled fraud doesn't stop at the document. Increasingly, fraudulent documents are just one component of a broader scheme — supported by AI-generated scripts, fabricated business identities, and convincing narratives that hold up under verification.

Michael Coomer, Director of Fraud Management at BHG Financial, emphasizes that the risk is not limited to individual documents. AI is increasingly used to support fraud end to end, making interactions, identities, and supporting materials appear more legitimate.

In this context, documents are not always the primary attack vector. They are often the reinforcing evidence used to validate a story that has already been made convincing through AI-assisted scripting, coaching, and narrative construction.

This matters because document fraud does not happen in isolation. It is typically part of a broader scheme that includes identity fraud, application fraud, and social engineering. And AI is making all of those components more convincing.

This erosion of traditional signals extends beyond phone calls. Fraudsters are using AI to:

• Generate realistic business websites in minutes using no-code tools
• Create professional-looking email domains that mimic legitimate businesses
• Produce consistent narratives across application forms, documents, and verbal verification
• Research and incorporate industry-specific terminology that makes their stories more believable

Patrick Lord at Rapid Finance has seen fraudsters get creative with web presence in ways that are easy to overlook.

The implication is that document verification cannot operate in a silo. A convincing document submitted alongside a convincing website, a convincing phone presence, and a convincing application creates a reinforcing web of apparent legitimacy. Detection systems need to evaluate documents in context, not in isolation.

Jen Lamont, BSA Compliance Officer and Fraud Manager at America's Credit Union, emphasizes the importance of looking beyond the surface.

Document template store economy remains high-volume threat

Despite advances in generative AI, the path of least resistance for most fraudsters remains surprisingly low-tech: purchasing pre-made document templates from online marketplaces.

In 2025, 1 out of every 5 flagged documents across Inscribe’s network showed signs of template-based manipulation, a sharp increase from 1 out of every 14 in 2024. This growth reflects not a shift toward more sophisticated fraud, but toward more efficient, repeatable fraud.

Furthermore, Inscribe's research into fraud-related Google search terms found significant volume for fraud-related keywords:

A growing ecosystem of websites now sells editable document templates (bank statements, pay stubs, utility bills, tax forms) for as little as $10. These sites operate openly on the public web, positioning themselves as providers of "novelty" or "replacement" documents while offering exactly what a fraudster needs.

One UK-based site, Replace Your Documents, illustrates the model. The homepage promises “high quality novel documents” using “the very latest printing technology.”

The product catalog includes:

• Bank statements from “all major UK banks”
• Utility bills including HMRC tax codes, P45s, P60s, and SA302s
• Payslips printed on “high quality Sage payslip paper” with figures “calculated based on your net/gross salary”
• Custom document editing where customers provide details and the site edits existing documents
• Custom templates built to order within 3 days

The site offers same-day delivery of digital PDFs, printed copies within 2-3 days, and “unlimited modifications and changes until you're satisfied.”

The economics are straightforward: A fraudster can purchase an editable bank statement template, customize it with a target's information, and submit it as part of a loan application. The investment is minimal. The potential return, if the loan is approved, is substantial.

Hailey Windham, Community Banking Lead at Sardine and host of Fraud Forward, points out that fraudsters will always take the easiest path available.

This explains a pattern in our detection data: many fraudulent documents aren't sophisticated. Fraudsters test which templates pass verification, then scale what works. No Photoshop skills required; just a credit card and a few minutes to find the right marketplace.

The combination of template stores and AI editing tools has created hybrid fraud: documents that are neither fully synthetic nor simply purchased fakes. Catching them requires detection systems built for both.

Understanding the threat alone doesn't translate to action, especially when legacy processes feel "good enough." The previous section examined how AI is changing the fraud landscape; the next section looks at what happens when organizations do not adapt.

This dynamic creates adverse selection. The customers who are willing to wait are often the ones who have no other options. The best customers, the ones with strong credit and legitimate documentation, go elsewhere.

Coast has built their process around speed, with a goal of deciding 90% of applications the same day they are submitted.

Coast's same-day SLA is possible because document verification is automated. If everything checks out, the application moves forward without human intervention. If something is flagged, a human reviewer steps in with all the context they need to make a quick decision.

The result is a customer experience that feels seamless ... but more importantly, a fraud operation that can adapt as fast as threats evolve. Good customers get approved quickly. Suspicious applications get the scrutiny they deserve. And the fraud team isn't buried in a backlog of routine reviews.

Jen Lamont sees speed as essential for serving members effectively.

When routine document checks are automated, fraud analysts can focus on what humans do best: having difficult conversations, supporting victims, and investigating complex cases that require judgment and empathy.

How inaction compounds into fraud losses

The cost of inaction in fraud prevention rarely shows up as a single, headline-grabbing loss. More often, it compounds quietly.

Consider a simplified example.

Assume an institution processes 10,000 applications per month. If 6% contain document fraud signals, that is 600 risky cases entering the funnel. If legacy controls miss even 10% of those cases, that is 60 fraudulent applications per month making it through.

Now layer in basic economics:

• If the average exposure per approved application is $25,000
• And only a fraction result in full loss, say 20%
• That is $300,000 in potential losses per month
• Or $3.6 million in fraud losses annually

That estimate does not include:

• Manual review costs
• Customer churn from slow decisions
• Downstream collections, disputes, or compliance overhead
• The second-order effect when fraud patterns are reused and scaled

In this context, fraud losses behave less like isolated incidents and more like interest-bearing debt; $3.6 million in fraud losses is roughly the fully-loaded cost of a 15-person fraud team. Organizations paying that figure in losses are funding fraud instead of prevention.

The cost of inaction is not just the fraud you miss. It is the compounding effect of a system that cannot keep up with the threats it faces.

In the final section, we examine what the most effective fraud teams are doing differently: the human-AI partnership, layered defense strategies, and the power of industry collaboration.

BCU's team has used layered detection to uncover fraud rings that would have been invisible to single-point analysis. In one case, they used Inscribe's X-Ray feature to connect multiple members tied to the same address, revealing that a document was originally owned by a blacklisted member with roughly $100,000 in charged-off loans.

In one case, a $75,000 auto loan was prevented after a bank statement was flagged for a fingerprint mismatch. That one signal changed the whole outcome of the case.

This democratization of technical capability matters. Fraud teams have historically been constrained by their access to engineering resources. If an analyst spots a new pattern, translating that insight into a detection rule requires developer time. With AI, that translation can happen in minutes.

McKenna describes using Claude's analysis features to process years of FinCEN data in under 90 seconds, producing charts, trend analysis, and written insights that would have taken days to compile manually.

The same AI capabilities can also help fraud teams work smarter.

At the same time, the stereotype of the risk officer as a conservative gatekeeper is also fading as a new generation of risk leaders is leaning into technology:

Human-AI collaboration becomes essential

The most effective fraud teams are not choosing between humans and AI. They are combining them.

AI handles what machines do well: processing large volumes of documents, detecting patterns across millions of data points, and flagging anomalies that would be invisible to human review. Humans handle what people do well: exercising judgment in ambiguous situations, building relationships with customers, and adapting to novel fraud schemes that do not match existing patterns.

This shift changes what it means to be a fraud analyst. Instead of spending hours on manual document review, analysts become orchestrators of AI systems, stepping in when judgment is required and letting automation handle the rest.

The goal is not to remove humans from the process. It is to free them from routine work so they can focus on what matters most.

Jen Lamont agrees, pointing to something machines cannot replicate.

The winning formula is not AI alone. It is AI integrated thoughtfully into a broader fraud program, with humans providing oversight, judgment, and the relationship skills that machines cannot offer.

Hailey Windham puts it simply: manual review alone is no longer sufficient.

“Swiss cheese strategy” meets fraud detection

The organizations with the strongest fraud programs use multiple layers of detection, each designed to catch what the others might miss.

Security professionals call this the "Swiss cheese model." Each layer of defense has gaps — like holes in a slice of cheese. No single layer stops everything. But stack enough slices together, and the holes stop aligning.

Here's how that looks in practice:

A fraudster who slips through document verification might get flagged by device intelligence. One who passes identity checks might trigger a behavioral anomaly. The power is in the combination.

At Nymbus, layered detection includes behavioral signals captured before a transaction even occurs. Michelle Prohaska describes how their fraud interdiction partner adds a critical layer of visibility.

Angela Diaz emphasizes that layering must be thoughtful, not just additive.

The goal is to build a system where each layer reinforces the others and gaps in one are covered by another.

Collaboration and community act as force multipliers

Fraudsters are organized. On Reddit, the subreddit r/IllegalLifeProTips amassed nearly one million members exchanging tips on everything from shoplifting to document fraud. While the community framed posts as "hypothetical" and "for entertainment purposes only," the advice was specific and actionable.

One user  advised: “Download your most current [statement] and load it into Adobe Acrobat. Redact literally everything except your name, the dates, and your direct deposit that month, make sure you edit the amount to match your pay stub. Remember, fonts will [get] you. Use Matcherator or Font Squirrel to identify any fonts in the document and download and install them before you get started.”

Reddit has since banned the community. But the pattern is clear: when one forum shuts down, another emerges. The knowledge has already spread.

The most effective fraud teams have learned to do the same.

This kind of sharing creates network effects. When one institution spots a new fraud pattern, others can defend against it before they are hit. A great example is the annual Fraud Round Table hosted by the account protection team at BCU.

The account protection team at BCU hosts an annual Fraud Round Table for hundreds of credit union attendees to come together and learn from one another. They celebrated their 11th year of the event in September of 2025 (pictured below), hosting hundreds of fellow credit unions virtually and in-person.

Rapid Finance has built a culture of openness around fraud detection.

Beyond individual institutions, the fraud fighting community has built its own infrastructure for sharing knowledge. Frank McKenna's newsletter Frank on Fraud has become a go-to resource for staying current on emerging schemes and industry trends. Events like Fraud Fight Club from the team at About Fraud bring practitioners together for candid, off-the-record conversations about what's working and what isn't.

Inscribe's podcast, Good Question, brings together fraud and risk leaders to discuss the big questions shaping the future of fraud, AI, and trust.

Recent episodes have featured practitioners from organizations quoted in this report, including how Coast is evolving their fraud strategy in the AI age and how Rapid Finance is catching deepfake documents by redesigning their underwriting workflow.

These practitioner-to-practitioner exchanges give fraud fighters a space to speak openly about challenges, compare notes on detection strategies, and build the relationships that make real-time intelligence sharing possible.

Jen Lamont sees education and collaboration as inseparable.