In 2024, a recruitment agency in London placed a healthcare assistant with a care home in Surrey. The candidate presented a Biometric Residence Permit that looked, to the untrained eye, entirely genuine. The agency copied it, filed it, and the candidate started work. Four months later, a Home Office compliance visit revealed the BRP was fraudulent. The care home faced a £60,000 civil penalty. The agency lost a key client relationship. The candidate had never had the right to work in the UK.
The agency's compliance manager, when asked what went wrong, said something that thousands of employers across the UK would echo: "It looked real. We couldn't tell."
That statement is becoming the defining challenge of document verification in the mid-2020s. As document forgery becomes cheaper, faster, and more technologically sophisticated — driven in large part by generative AI — the question is no longer whether your team can spot a fake. The question is whether visual inspection alone is still a viable verification method.
The scale of document fraud in the UK
Document fraud is not a marginal problem. The National Crime Agency identifies document fraud as a key enabler of organised crime, illegal immigration, and identity theft. Fraudulent documents facilitate illegal working, benefit fraud, human trafficking, and financial crime.
The Home Office's Immigration Enforcement division encounters thousands of fraudulent documents annually in the course of workplace compliance visits, border checks, and intelligence-led operations. In the employment context specifically, forged documents are used to circumvent right-to-work checks, establish false identities, and create paper trails that satisfy visual inspection but cannot withstand digital verification.
The shift to AI-generated forgeries has accelerated the problem dramatically. What once required specialist printing equipment, knowledge of security features, and access to blank document stock can now be achieved with commercially available software, a good-quality printer, and publicly available templates.
What gets forged — and how
Understanding which documents are most commonly forged helps employers know where to focus their scrutiny.
Biometric Residence Permits (BRPs)
BRPs were the primary identity document for non-EEA nationals with permission to stay in the UK. Although the Home Office has been transitioning visa holders to eVisas (digital immigration status), millions of BRPs remain in circulation and continue to be presented to employers. Forged BRPs are among the most common fraudulent documents encountered in workplace checks. Key forgery indicators include inconsistent font sizing, misaligned holograms, incorrect chip data (if checked electronically), and laminate edges that peel or show signs of re-application.
Passports
Both UK and foreign passports are targets for fraud. Methods include photo substitution (removing the original photograph and inserting a new one), page alteration (changing visa stamps or endorsements), and wholesale fabrication. Modern passports include multiple security features — UV-reactive inks, laser-perforated data, embedded chips — but visual inspection rarely tests for these features in a typical hiring scenario.
Share code printouts
The Home Office online checking service generates a digital confirmation of right to work. Some candidates print this confirmation and present the printout as evidence. A printout, however, is trivially easy to fabricate. The genuine verification process requires the employer to enter the share code into the Home Office system themselves and view the result on screen. A printed page proves nothing.
Utility bills and bank statements
Used as proof of address or supporting documentation, these are among the easiest documents to forge. Templates are widely available online, and modern editing software can produce near-perfect replicas. A utility bill should never be relied upon as primary evidence of anything.
Qualification certificates
Forged degree certificates, professional registration documents, and training records are a persistent problem, particularly in sectors like healthcare and education where qualifications are a regulatory requirement. The Higher Education Degree Datacheck (HEDD) service exists specifically because the volume of fraudulent qualification claims justified a national verification system.
Why human detection fails
The uncomfortable truth is that human visual inspection of documents is unreliable. Research consistently demonstrates this.
A widely cited study by the University of Kent found that passport officers — trained professionals whose job is to match faces to photographs — correctly identified fraudulent documents in fewer than 50% of cases when the forgery was of reasonable quality. Among untrained participants, detection rates were significantly lower.
For employers — office managers, HR assistants, hiring managers — who check documents as a small part of their broader role, the detection rate is almost certainly worse. They are not trained in document security features. They are not looking for anomalies. They are conducting a compliance task as quickly as possible so they can get back to their actual job.
This creates a fundamental problem. The Home Office right-to-work guidance requires employers to check that documents are genuine and belong to the holder. But the human capacity to make that determination, particularly with high-quality forgeries, is limited. The obligation exceeds the capability. And without reliable detection, employers cannot establish the statutory excuse that protects them from civil penalties.
What to look for: a practical guide
Despite the limitations of visual inspection, employers can improve their detection rates by knowing what to check. Here are the key indicators of document fraud.
Physical document checks
Paper and card quality. Genuine identity documents use specialised materials — polycarbonate cards for BRPs, security paper for passports. Forgeries often use standard card stock or paper that feels different to the touch: too thin, too flexible, or with a different texture.
Laminate integrity. Many identity documents include a laminate layer. On genuine documents, this is flush with the edges and shows no signs of peeling, bubbling, or re-application. On forged documents, the laminate may have uneven edges, visible air bubbles, or a slightly different sheen.
Photograph quality. The photograph should be integrated into the document, not glued on top. Look for inconsistencies in the background behind the photograph, differences in print quality between the photo and the surrounding text, or evidence that the laminate has been lifted and re-sealed.
Font and alignment. Official documents are produced to precise typographic standards. Look for inconsistent letter spacing, fonts that do not match the expected format, text that is not properly aligned with printed fields, or characters that appear slightly blurred (a common artefact of scanned-and-reprinted forgeries).
Security features. Depending on the document type, look for holograms (tilt the document under light), UV-reactive elements (if you have a UV light), watermarks (hold to light), and raised text (run a finger across printed areas). The absence of expected security features is a strong indicator of fraud.
Digital verification
Share codes. Always verify share codes yourself through the Home Office online service. Never accept a printout, screenshot, or PDF as evidence. The share code system exists precisely because digital verification is more reliable than document inspection.
Document validation technology. Automated document verification systems can check security features, cross-reference document numbers against issuing authority databases, and use AI to detect image manipulation. These systems catch anomalies that human inspection misses — altered pixel patterns, inconsistent metadata, font substitutions.
Chip verification. BRPs and modern passports contain embedded chips with biometric data. Chip readers can verify that the data on the chip matches the data printed on the document and that the chip has not been tampered with. This is the single most reliable method of verifying a physical identity document.
Behavioural indicators
While not proof of fraud, certain behaviours warrant additional scrutiny:
- Reluctance to provide original documents (offering copies or photographs instead)
- Providing documents from an unfamiliar issuing authority without context
- Inconsistencies between the document and the candidate's stated history (e.g., a passport issued in a country they claim never to have visited)
- Pressure to complete the check quickly or skip certain steps
- Providing a share code that is "about to expire" (share codes are valid for 90 days, so urgency is rarely genuine)
The limits of visual inspection
Even with training and diligence, visual inspection cannot reliably detect the current generation of document forgeries. AI-generated documents are produced with pixel-perfect accuracy, correct security feature placement, and realistic ageing effects. The deepfake technology that is transforming identity fraud extends beyond faces and voices to documents themselves.
This does not mean employers should abandon physical checks. It means physical checks should be supplemented — and in many cases replaced — by digital verification methods that are not dependent on human visual acuity.
The Home Office's own direction of travel supports this. The expansion of eVisas, the share code system, and the Identity Document Validation Technology (IDVT) framework all reflect a recognition that physical document inspection is no longer sufficient as the primary verification method. As the Fair Work Agency prepares to launch with walk-in audit powers, the consequences of accepting a forged document are about to become more immediate.
Building a verification process that works
The practical response for employers is layered verification: use physical inspection as the first filter, but back it up with digital checks that catch what the eye cannot.
Certifyd's verification platform combines document capture with automated validation, cross-referencing documents against known formats and security feature databases to flag anomalies that visual inspection would miss. Combined with biometric identity matching — confirming that the person presenting the document is the person it belongs to — this creates a verification process that is significantly more robust than visual inspection alone. For businesses that need to verify identity and right-to-work status reliably, see how the Certifyd portal works.
The era of "it looked real" as a defence is ending. The employers who adapt their verification processes to match the sophistication of modern forgery will be the ones who avoid the penalties, the reputational damage, and the uncomfortable conversation with the inspector who can see what they could not.