In partnership with brickbybrick, the #1 community for modern risk managers.
RiskStack
← All posts
FraudRisk ManagementVerification

Forged COI Fraud: How to Spot Fake Certificates Before They Cost You

COI fraud is more common than risk managers want to admit. Here's how forged certificates slip through, what to look for, and how modern verification stops them.

The RiskStack Team

Here's an uncomfortable truth: a meaningful percentage of certificates of insurance flowing through American businesses are fraudulent, expired, or materially altered. Nobody knows the exact number because most fraud is never detected. The certificate sits in a folder, the vendor finishes the job, everyone moves on. The fraud only surfaces when a claim happens — and by then, you're the one holding the bag.

If that sounds dramatic, talk to a few risk managers who've been in this job for fifteen years. Every one of them has a story.

The most common fraud patterns

Forged COIs aren't usually elaborate. The most common patterns are simple:

1. Photoshopped expiration dates. A vendor's policy expired six months ago. Rather than buy new coverage, they open the old PDF in an editor and change the dates. Without verification against the carrier or broker, this is invisible.

2. Altered coverage limits. The vendor has $500K in general liability. The contract requires $1M. They change the number on the certificate. Same PDF, same broker name, just a different limit field.

3. Fictitious additional insured language. The contract requires the vendor to name your company as additional insured with specific endorsements. The vendor says yes, sends a certificate that lists you in the description box, but never actually adds the endorsement to the underlying policy. If a claim happens, the carrier denies the additional insured status because no endorsement exists.

4. Outright fabrication. Less common but it happens — a vendor creates a certificate from scratch, lists a real broker name and a real-looking policy number, and sends it. If you don't verify with the broker, it looks legitimate.

5. Cancelled policies. This isn't strictly fraud — sometimes the vendor doesn't even know. Their carrier cancelled the policy for non-payment, but they're still walking around with the original certificate. From your filing system, the COI looks current. From the carrier's perspective, there's no coverage.

Why fraud usually works

The reason fraud succeeds isn't because risk managers are negligent. It's because the verification process at most companies is structurally incapable of catching it.

The typical workflow: vendor emails a PDF, somebody glances at it, files it, and moves on. The "verification" consists of checking that the dates haven't expired and the limits look right. Nobody calls the broker. Nobody pulls the underlying policy. Nobody checks endorsements. The PDF is the source of truth, and the PDF is exactly what got forged.

This is true for spreadsheet-based programs, and it's also true for many software-based programs that automate the workflow without actually verifying coverage at the source.

Where modern verification helps

The defense against COI fraud is verifying coverage against a source the vendor doesn't control. There are two approaches that actually work:

Broker verification. The platform contacts the listed broker, confirms the policy exists, confirms the dates and limits, confirms the endorsements. If the broker says "we don't insure that company" or "that policy expired," the fraud surfaces immediately.

Carrier-direct verification. The platform queries the insurance carrier's system directly to confirm coverage. This is the strongest form of verification because it bypasses both the vendor and the broker. TrustLayer's partnership with Nationwide is an example of this — for vendors insured by Nationwide, the certificate data comes directly from the carrier's records.

Note what neither approach does: relies on the vendor's PDF as the source of truth. The PDF is just a starting point. The verification happens elsewhere.

What to look for in your current process

If you're trying to assess fraud exposure in your current program, a few questions worth asking:

  • Do we ever contact brokers to verify coverage? Or do we accept the certificate at face value?
  • Do we verify endorsements, or just the existence of a policy? Additional insured and waiver of subrogation are where fraud commonly hides.
  • Do we have any process for catching mid-term cancellations? A policy that was valid in January might be cancelled by March.
  • What happens when a vendor delays sending updated certificates? Are we tracking that pattern, or accepting "I'll send it next week" indefinitely?
  • Have we ever had a claim where coverage was disputed? That's the most common way fraud surfaces — too late to do anything about it.

If you're answering "we don't really do that" to most of these, you have meaningful fraud exposure. Not because your vendors are necessarily dishonest, but because your process is structurally unable to detect it.

What software can and can't do

Most COI tracking software helps with the workflow of certificate management — collecting documents, parsing fields, reminding vendors of expirations, generating reports. That's useful, but it's not fraud prevention. A vendor can submit a forged PDF to a software platform just as easily as they can email it to a person. The platform parses the forged data and treats it as legitimate.

What separates fraud-prevention-capable platforms from workflow-only platforms is verification at the source. Does the platform have direct relationships with brokers and carriers? Does it confirm coverage independently? Does it catch policy cancellations in real time?

This is why we pay attention to verification methodology when comparing platforms. A platform that "extracts data with AI" is automating the wrong step. The PDF was never the problem — the PDF can be forged. The problem is that nobody is checking with the source.

A note on "real-time" claims

Some vendors market their platforms as offering real-time verification. We've written elsewhere about why these claims often don't survive scrutiny, particularly when "real-time" actually means "data pulled from broker AMS systems with low industry penetration." If only a tiny fraction of brokers feed data into the system, then "real-time" only works for the small subset of vendors whose brokers happen to participate. For everyone else, you're back to PDF-based verification.

The platforms with the strongest fraud-prevention capabilities are the ones with the broadest verification infrastructure — large vendor networks where coverage data has already been validated, broker relationships that span the industry, and carrier-direct integrations for the highest-quality verification. Smaller networks and AMS-only data sources can't catch fraud they don't have visibility into.

The bottom line

COI fraud isn't a hypothetical risk. It's happening now, in programs you're managing, on certificates you've already filed. Most of it will never surface because most of those vendors won't have claims. But for the ones that do, fraud is the difference between insurance covering the loss and your company eating it.

If you're building or evaluating a COI program, fraud prevention should be one of your top criteria — not just workflow automation. Ask about broker verification. Ask about carrier integrations. Ask about how the platform catches mid-term cancellations and endorsement gaps. The vendors that have good answers are the ones worth taking seriously.

Compare verification approaches across platforms — we cover this in our vendor profiles.

Find your COI tracker in three minutes.

Eight questions, personalized shortlist. No sales calls.

Start My Comparison