By Ronan Burke, Co-founder and CEO, Inscribe
In the 1920s, Victor Lustig convinced buyers he was a French government official authorized to sell the Eiffel Tower. He did it twice. The documents looked credible. The story held together. That was enough.
A century later, the mechanics of document fraud are largely the same. What has changed is who can do it, how fast, and at what scale. Generative AI can produce a convincing pay stub in seconds. Template marketplaces sell editable bank statements for under $10. Someone with no technical background can now customize and submit a fraudulent document without ever opening Photoshop.
This is not a warning about what is coming. It is a description of where things stand today.
What Document Fraud Data Shows
Inscribe processed millions of documents across banks, credit unions, fintechs, and lenders in 2025. Approximately 6% were flagged as fraudulent. That works out to roughly one in sixteen documents showing signs of manipulation, fabrication, or misrepresentation.
To put that in context: a credit union processing 500 loan applications a week is potentially looking at 30 flagged documents requiring investigation every week, with spikes around holidays and promotional periods. Manual review processes that worked fine at lower volumes are starting to buckle under that load.
Bank statements topped the list of concern among the 90 fraud and risk leaders we surveyed. 85.6% identified them as the document type they are most worried about. That tracks with what we see in detection data. Bank statements contain dozens of transactions, running balances, dates, and formatting details. More complexity means more surface area for subtle manipulation, and more work for reviewers trying to catch it.
What also stands out is how broadly distributed fraud pressure is. Bank statements, pay stubs, tax forms, utility bills all show a similar baseline fraud rate in the 4 to 7% range. There is no low-risk category to deprioritize. The pressure is consistent across every document type used to establish trust.
The AI Arms Race Is Already Underway
AI-generated document fraud is still a small share of total fraud. Less than 5% of flagged documents in our 2025 data were AI-generated. But the growth rate is what matters here. From April to December 2025, detected AI-generated document fraud increased nearly fivefold.
The quality of these documents is also improving rapidly. A few years ago, a synthetic document was often visually obvious. Wrong fonts, misaligned fields, implausible spacing. That is no longer a reliable signal. As one senior underwriter told us: “The documents are just so much better looking now than they used to be. You can’t necessarily tell if the spacing is off.” Detection strategies that rely on visual inspection are becoming less reliable with each generation of tools.
The more underappreciated threat, though, may be AI as a tutor rather than AI as a forger. Large language models can walk someone through editing a PDF step by step, including which fonts to match and which fields to change. The skill barrier that once protected institutions has effectively disappeared. A Las Vegas financial crimes detective described watching a demo of Gemini Nano: “All you do is put a simple, one-sentence prompt into it and go change the name from this to this, and it does it.”
It does not stop at the document, either. AI is now supporting entire fraud schemes. Fraudsters are generating scripts for phone verification calls, building convincing fake business websites in minutes, and producing consistent narratives across application forms and supporting documents. Fraud fighters who used to rely on a quick verification call to catch inconsistencies are finding that signal has eroded.
Templates: The High-Volume, Low-Effort Threat
While AI-generated fraud gets the headlines, template-based fraud remains the dominant threat by volume. In 2025, one in every five flagged documents in our network showed signs of template-based manipulation. In 2024, it was one in fourteen.
The economics are straightforward. A fraudster can purchase an editable bank statement template for less than $10, fill in the relevant details, and submit it as part of a loan application. No technical skills required. The investment is minimal. The potential return, if the application is approved, is substantial.
These sites operate openly on the web, positioning themselves as providers of “novelty” documents while offering exactly what a fraudster needs. And as one community banking fraud expert observed: “Fraudsters don’t want resistance. The moment you make fraud hard, expensive, or frustrating, they move on to someone else.” The implication for credit unions is that being a harder target matters, even if it does not make you immune.
The Cost of Standing Still
The challenge with document fraud is that the cost of inaction rarely arrives as a single event. It compounds quietly.
Consider a simplified example. A credit union processing 10,000 applications per month, with a 6% fraud flag rate, is looking at 600 risky cases entering the funnel. If legacy controls miss even 10% of those, that is 60 fraudulent applications per month slipping through. At a $25,000 average exposure with a 20% full-loss rate, that is $300,000 in monthly losses, or $3.6 million annually. That figure does not include manual review labor, customer attrition from slow decisions, or the compounding effect when fraud patterns are reused at scale.
There is also a competitive dimension worth naming. Good members have options. A credit union whose loan decision takes three days while a competitor decides in hours will lose business. And the members most willing to wait are often those with the fewest alternatives. Speed of decision is no longer just an operational metric. It has become a risk variable in its own right.
What the Best Teams Are Doing Differently
The fraud fighters we interviewed are not discouraged. They are adapting. A few things showed up consistently across the teams managing document fraud effectively at scale.
The most effective teams have moved away from the question of humans versus AI and toward the question of how to combine them well. AI handles what machines do well: processing large volumes, detecting patterns across millions of data points, flagging anomalies that would be invisible to manual review. Humans handle what people do well: exercising judgment in ambiguous cases, supporting members through difficult situations, and identifying novel schemes that do not match existing patterns. Frank McKenna, Chief Fraud Strategist at Point Predictive, put it plainly: “I don’t think AI is going to replace fraud analysts at all. I think it’ll change what fraud analysts do. But you’re always going to have the human in the loop.”
The results are concrete. Logix Federal Credit Union prevented $3 million in potential fraud losses in eight months after deploying automated document verification, while freeing their team from manual research that had been consuming analyst hours. BCU prevented $80 million in losses from altered documents in the first nine months of 2025 and used layered detection to uncover fraud rings that would have been invisible to single-point analysis.
Effective teams also build layered defenses rather than relying on any single control. Security professionals call this the Swiss cheese model. Each layer of defense has gaps, but stack enough layers and the holes stop aligning. A fraudster who passes document verification might get flagged by device intelligence. One who clears identity checks might trigger a behavioral anomaly. The power is in the combination.
Finally, the teams pulling ahead are sharing intelligence. Fraudsters share openly. They test what works, pass techniques around, and scale what passes verification. The fraud-fighting community has been building its own version of that infrastructure: newsletters, practitioner events, annual roundtables, dedicated Slack channels. When one institution spots a new fraud pattern, others can defend against it before they are hit.
Where This Is Headed
The same AI driving this threat can be part of the solution. Detection systems trained on millions of documents can identify metadata artifacts, internal inconsistencies, and cross-document patterns that are invisible to visual inspection. Those are the signals that matter as fraudsters get better at making fakes look real.
What is also becoming clear is that document fraud rarely happens in isolation. It is typically one component of a broader scheme that includes identity fraud, application fraud, and social engineering. Detection strategies that evaluate documents without the broader context of identity, behavior, and cross-application patterns are increasingly exposed.
Fraud has moved from cut-and-paste to cut-and-code. The organizations that adapt their defenses now, building scalable systems that can keep pace with how fraud evolves, are the ones that will protect their members and their portfolios as the landscape continues to shift.
Inscribe’s 2026 State of Document Fraud Report draws on detection data from millions of documents and interviews with fraud leaders across the U.S. financial industry. If you’d like to talk through what this means for your institution, reach out to the Inscribe team.