Since the coronavirus pandemic in 2020, digital processes have become the norm. Sometimes it is tempting to think that a quick screenshot can serve as a valid representation of an official document. However, when it comes to serious matters like loan applications or insurance claims, screenshots pose significant risks and should NOT be accepted as legitimate documentation, even if they are submitted in PDF format. This article explores why screenshots are unreliable and potentially dangerous for official purposes, often leading to the acceptance of fake documents, and why organizations should insist on proper PDF documents for verification with complete document forensics.
The risks of accepting screenshots in your business
Screenshots may seem like a convenient way to capture information, but they come with several risks that make them unsuitable for serious purposes such as loan applications. According to our own processed document volume, fake document submissions involving manipulated screenshots have increased by 40% in the past year alone.
Ease of manipulation with graphical editors
One of the primary concerns with screenshots is how easily they can be manipulated using graphical editing software like Adobe Photoshop. Unlike PDF documents, which contain layers of information and metadata, screenshots are essentially just images and it is nearly impossible to perform document forensics on them. This means that skilled individuals can alter the contents of a screenshot without leaving obvious traces of manipulation.
For instance, someone could easily change numbers, names or dates on a bank statement screenshot. A screenshot of the bank’s online banking environment is no better. Even if converted to PDF, these changes would be extremely difficult to detect through visual inspection alone.
Loss of crucial metadata
When you take a screenshot, you are capturing only what is visible on the screen. This means you’re losing a wealth of valuable information that’s typically embedded in proper PDF documents.
Metadata is often described as “data about data.” In the context of PDF documents, metadata includes a variety of information that’s not immediately visible when viewing the document but is embedded within its structure. Examples could be the creation date, the author and the software that was used to create the document. This metadata can be invaluable in verifying the authenticity of a document, and its absence in screenshots makes them far less reliable for official purposes.
This lack of metadata severely hampers document forensics efforts, making it difficult to verify the authenticity of screenshots. And criminals know this…
Vulnerability to HTML injection
Perhaps one of the most alarming and unknown risks associated with screenshots is their vulnerability to something called HTML injection. This technique allows anybody to temporarily alter what is displayed on the screen using the browser’s Developer Tools. A screenshot of this manipulated display can then be taken, creating a false representation that looks identical to the real thing.
HTML injection is a lesser-known but highly dangerous technique that can be used to create false screenshots. Here’s how it works in the case of income misrepresentation with banking data:
- An individual logs into their online banking portal (or any other secure site).
- Using the browser’s Developer Tools (available in Chrome, Edge, Firefox, etc.), he or she temporarily alters the HTML code that displays on the page.
- The account balance is changed from €3,000 to €3,000,000. The effect is short-lived as most banks tend to refresh the webview to avoid this problem, but this may take a few minutes.
- Finally, a screenshot is taken of this altered display and submitted as proof of funds.
The result is a screenshot that looks exactly like the original, with the same fonts, colors and layout… but with false information. This entire process can be completed in less than a minute, making it a significant threat to organizations relying on screenshots for verification.
Traditional document forensics techniques are often ineffective against this type of manipulation, making it crucial to use advanced verification systems.
Deepfakes and AI-generated content
As technology advances, so do the methods of creating fake documents. Deepfakes and AI-generated images represent a new frontier in document fraud, posing significant challenges to traditional verification methods. These sophisticated technologies can produce highly convincing fake images of bank statements, payslips or even government-issued IDs (see the story of OnlyFake) that are nearly indistinguishable from genuine documents to the untrained eye. Although many are still easy to catch by manual inspection, AI is increasingly creating realistic documents from scratch. An interesting company in this space is DuckDuckGoose.
In contrast, PDF documents offer a higher level of security and verifiability. PDFs contain embedded metadata, digital signatures and other security features that are much harder to replicate or manipulate convincingly. Furthermore, verification systems like VerifyPDF can perform document forensics on the underlying structure and characteristics of PDF files, making it significantly more challenging for fraudsters to create fake documents that can pass scrutiny.
As deepfakes and AI-generated images become more prevalent, relying on secure, verifiable PDF documents and advanced verification technologies becomes not just preferable, but essential in the fight against document fraud.
What is document forensics?
Document forensics is the scientific examination of electronic documents to determine their authenticity and integrity. This field combines digital analysis, data science and investigative techniques to scrutinize various aspects of a document, including metadata, content structure and visual elements. VerifyPDF is a document forensics company.
Using advanced software tools and algorithms, forensic analysts can detect alterations, inconsistencies, or signs of manipulation that may not be visible to the naked eye. Document forensics is crucial in today’s digital age, helping businesses and institutions protect themselves against sophisticated document fraud by uncovering evidence of tampering or forgery in electronic files.
Why pictures of a screen or scanned documents are also unreliable?
Simply put, there is no possibility to perform true document forensics analysis.
Sometimes we see people taking a picture with their smartphone of a computer screen, tablet or another smartphone displaying the information. Most people take this as valid proof, but in our opinion these fall into the same category as screenshots and should be systematically rejected from any onboarding or decision-making process. These images are just as susceptible to manipulation and lack the necessary metadata for proper verification.
Finally, scanned documents face the same challenges. There is one problem though: sometimes there is nothing but a scanned document. For example, an employment contract may be signed on paper in an office, without a digital PDF or digital signature. Similarly, a receipt of a credit card transaction is printed by a POS terminal without any digital version with metadata. In these situations, it is important to review these documents carefully. Sometimes it is better to receive an unsigned contract in PDF format (what lawyers call an “execution version”) than a signed contract in PDF that has been scanned. Or better, use a digital signing solution such as DocuSign.
Best practices for document submission
Given the risks associated with screenshots and photos, businesses should adopt the following best practices:
- Only accept PDF documents downloaded directly from the issuer’s environment. Alternatively, you can also obtain information directly from the source (via an API or an e-wallet)
- When in doubt, contact the issuer directly to verify the document’s authenticity.
- Implement robust document forensics processes, preferably using advanced technological solutions.
- Educate employees and customers about the risks of screenshots and the importance of proper document submission. Make no exceptions.
How VerifyPDF fights fake documents
VerifyPDF is designed to eliminate much of the manual verification work and address the issues associated with screenshots and manipulated documents. Our system is trained with years of experience in document forensics and employs advanced AI algorithms to detect various forms of document manipulation. Even if the manipulation is visually indetectable, we can still flag documents that “Need attention” so that they can be reviewed by your team or additional questions can be asked about the source of that document.
Key features of VerifyPDF include:
- Metadata and document forensics to verify origin and integrity
- Pattern recognition to identify signs of manipulation
- Comparison with a vast database of authentic documents
- Detection of inconsistencies that might indicate HTML injection or other forms of alteration
By leveraging VerifyPDF’s document forensics, businesses can significantly reduce the risk of accepting fake documents while streamlining their verification processes. Try VerifyPDF for free for 15 days, no credit card is needed.
