pith. sign in

arxiv: 2607.01442 · v1 · pith:XUWOQGCLnew · submitted 2026-07-01 · 💻 cs.CR · cs.CV

From Forgeries to Foundation Models: A Systematic Survey of Identity Document Attack and Detection

Pith reviewed 2026-07-03 20:00 UTC · model grok-4.3

classification 💻 cs.CR cs.CV
keywords identity document forgerypresentation attacksdigital injection attacksgenerative AI synthesiszero-shot detectionAPCERfoundation modelsreality gap
0
0 comments X

The pith

Even the strongest public foundation models exceed 25% APCER on unseen AI-synthesised identity documents in zero-shot tests.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This survey maps how generative AI has expanded identity document forgery from physical alterations to full digital synthesis with minimal expertise. It organises attacks into a single threat model that covers physical presentation, digital injection, and generative synthesis, each with distinct forensic weaknesses. The work audits datasets released between 2019 and 2025 and identifies a consistent mismatch between lab conditions and real deployment needs. It also flags recurring typographic failures in non-Latin script inpainting and reports that current large multimodal models still miss more than one quarter of new forgeries under strict operating thresholds.

Core claim

The central claim is that identity document forgery has undergone a capability shift due to generative AI, yet detection methods remain limited by benchmarks that do not reflect operational threats; a unified model spanning Presentation Attacks, Digital Injection Attacks, and GenAI synthesis reveals that even the strongest publicly available models achieve APCER values above 25 percent in zero-shot evaluation on unseen synthesised cards, exposing limits in cross-domain generalisation.

What carries the argument

The unified identity verification threat model that integrates Presentation Attacks, Digital Injection Attacks, and GenAI-driven synthesis, together with zero-shot benchmarking on synthesised documents and the observed Script-Dependent Generative Instability in non-Latin scripts.

If this is right

  • Detection pipelines must move beyond rule-based heuristics to include injection-aware and few-shot methods that address the new attack surface.
  • Public datasets need expansion and closer alignment with operational conditions to reduce the identified reality gap.
  • Large multimodal models require explicit handling for typographic instability when processing non-Latin scripts.
  • Future identity verification systems should prioritise forensically grounded, privacy-preserving, and legally accountable designs.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Operational identity systems may require ongoing adaptation mechanisms rather than static model deployment to keep pace with synthesis advances.
  • The same generalisation shortfalls could appear in verification tasks for other official documents such as passports or licences.
  • Targeted fixes for script-dependent failures might improve detection performance without full retraining of foundation models.

Load-bearing premise

The audited public datasets from 2019-2025 and the chosen zero-shot tests on synthesised IDs are representative enough to show general limits in cross-domain generalisation for operational use.

What would settle it

A re-run of the zero-shot benchmarking protocol on a fresh collection of synthesised ID cards that yields APCER consistently below 25 percent for the strongest models under the same security-oriented thresholds would undermine the reported generalisation limits.

Figures

Figures reproduced from arXiv: 2607.01442 by Gourab Das, Pavan Kumar C, Raghavendra Ramachandra.

Figure 1
Figure 1. Figure 1: Attack surface in identity document verification pipeline. Attacks occur at five stages: (1) Presentation [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Co-evolution of attack capability and detection methodology in identity document forgery, from physical [PITH_FULL_IMAGE:figures/full_fig_p003_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: PRISMA 2020 flow diagram for literature identification and screening. The primary corpus contains publications [PITH_FULL_IMAGE:figures/full_fig_p004_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Year-wise distribution of the 53 primary-corpus publications retained after PRISMA 2020 screening. The [PITH_FULL_IMAGE:figures/full_fig_p005_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Identity document lifecycle showing trust assumptions and vulnerability profiles from issuance to automated [PITH_FULL_IMAGE:figures/full_fig_p007_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Representative examples of presentation and digital injection attacks on identity documents. Top row: screen [PITH_FULL_IMAGE:figures/full_fig_p010_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Representative samples from the dataset. (a) A genuine bona fide ID card. (b)–(d) Synthesised attack samples [PITH_FULL_IMAGE:figures/full_fig_p023_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Representative GenAI-driven forgery artefacts from FantasyID [52], including font inconsistencies, character [PITH_FULL_IMAGE:figures/full_fig_p025_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: Template extraction and AI-assisted ID card generation workflow, shown for defensive analysis of generative [PITH_FULL_IMAGE:figures/full_fig_p025_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: Comparison of an original PVC card, a digital card image, a digitally manipulated card image, and a PVC [PITH_FULL_IMAGE:figures/full_fig_p026_10.png] view at source ↗
Figure 11
Figure 11. Figure 11: Script-dependent limitations of multimodal generative models in ID card text manipulation. Non-Latin [PITH_FULL_IMAGE:figures/full_fig_p027_11.png] view at source ↗
read the original abstract

Identity document forgery has undergone a fundamental capability shift: generative AI tools now enable high-fidelity document synthesis and field-level manipulation with minimal technical expertise, while detection methods remain constrained by benchmarks that do not reflect this threat. The resulting attack surface spans physical presentation, digital injection, and fully generative synthesis, introducing distinct forensic failure modes that require a unified threat model and evaluation framework. This survey provides, to our knowledge, the first unified treatment of Presentation Attacks, Digital Injection Attacks, and GenAI-driven synthesis within a single identity verification threat model. We trace detection methodologies from rule-based heuristics through forensic localisation, injection-aware pipelines, foundation models, and few-shot frameworks. A systematic audit of public datasets from 2019--2025 exposes a persistent Reality Gap between benchmark conditions and operational deployment. We further analyse large multimodal models for identity document manipulation, identifying Script-Dependent Generative Instability (SDGI) as a recurring typographic failure mode in non-Latin script inpainting. Finally, zero-shot benchmarking on unseen synthesised ID cards shows that even the strongest publicly available models achieve APCER values above 25% under security-oriented operating conditions, highlighting substantial limits in cross-domain generalisation. We conclude by outlining future directions toward forensically grounded, privacy-preserving, and legally accountable identity verification systems.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 2 minor

Summary. This survey paper provides a unified treatment of identity document attacks encompassing presentation attacks, digital injection attacks, and GenAI-driven synthesis. It traces detection methodologies, audits public datasets from 2019-2025 to expose a Reality Gap, identifies Script-Dependent Generative Instability (SDGI) as a failure mode in foundation models for non-Latin scripts, and presents zero-shot benchmarking results indicating that even strong models have APCER above 25% on unseen synthesized ID cards under security-oriented conditions.

Significance. The work offers a valuable synthesis of the evolving threat landscape in identity verification due to generative AI. If the zero-shot results are robust, they underscore critical gaps in cross-domain generalization for foundation models, which could inform future research and deployment in security-critical applications. The systematic audit and unified framework are strengths.

major comments (1)
  1. [Zero-shot benchmarking (results section)] The claim of APCER values above 25% is load-bearing for the generalization limits conclusion. However, the operating conditions need explicit definition (e.g., the specific BPCER threshold used for the security-oriented point), confirmation that the synthesized test cards are verifiably unseen by the models, and evidence that the synthesis distribution adequately represents the threat model including SDGI in non-Latin scripts without its own gaps.
minor comments (2)
  1. Ensure all acronyms like APCER, BPCER are defined on first use.
  2. [Dataset audit section] Provide more detail on the criteria used to select the public datasets from 2019-2025 to allow assessment of completeness.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the constructive feedback on the zero-shot benchmarking claims. We address the concerns point by point below, agreeing to strengthen explicitness where the manuscript is currently underspecified.

read point-by-point responses
  1. Referee: [Zero-shot benchmarking (results section)] The claim of APCER values above 25% is load-bearing for the generalization limits conclusion. However, the operating conditions need explicit definition (e.g., the specific BPCER threshold used for the security-oriented point), confirmation that the synthesized test cards are verifiably unseen by the models, and evidence that the synthesis distribution adequately represents the threat model including SDGI in non-Latin scripts without its own gaps.

    Authors: We agree that the operating conditions require explicit definition and will revise the results section to state the precise BPCER threshold (e.g., the security-oriented operating point at BPCER = 0.1%) used when reporting APCER. On the unseen status, the test cards were synthesized with generative pipelines and templates disjoint from the pre-training data of the evaluated models; we will add a short verification subsection citing the generation protocol and model release dates to substantiate this. For the synthesis distribution, the pipeline was constructed to reproduce the SDGI failure modes identified in our dataset audit across non-Latin scripts; we will include supplementary examples and coverage statistics to demonstrate representation of the threat model. These additions will be made without altering the reported APCER figures. revision: yes

Circularity Check

0 steps flagged

Survey paper exhibits no circularity in literature synthesis or benchmark reporting

full rationale

This is a systematic literature survey with no mathematical derivations, fitted parameters, equations, or predictive models. All claims rest on synthesis of external 2019-2025 datasets, reported benchmarks from prior work, and the authors' own zero-shot tests on synthesized IDs. No step reduces by construction to its inputs, no self-citation is load-bearing for a uniqueness theorem or ansatz, and no renaming of known results occurs. The APCER>25% result is an empirical observation from external model evaluation, not a self-referential fit. The paper is self-contained against external benchmarks and literature.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 1 invented entities

As a survey the central claims rest on coverage of prior literature and selection of test cases rather than new free parameters, axioms, or invented physical entities.

axioms (1)
  • domain assumption The body of public datasets and detection literature from 2019-2025 is sufficiently representative for identifying persistent gaps between benchmarks and deployment.
    Invoked in the systematic audit of datasets and the reality gap conclusion.
invented entities (1)
  • Script-Dependent Generative Instability (SDGI) no independent evidence
    purpose: To label a recurring typographic failure mode observed in non-Latin script inpainting by large multimodal models.
    Introduced as an observed pattern in the analysis of foundation models; no independent falsifiable prediction is provided.

pith-pipeline@v0.9.1-grok · 5769 in / 1302 out tokens · 36290 ms · 2026-07-03T20:00:57.774055+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

106 extracted references · 18 canonical work pages · 4 internal anchors

  1. [1]

    Technical Report ISO/IEC 30107-3:2023

    2023.Information technology — Biometric presentation attack detection — Part 3: Testing and reporting. Technical Report ISO/IEC 30107-3:2023. International Organization for Standardization. https://www.iso.org/standard/79520.html

  2. [2]

    13News Now. 2025. AI Scams Stole Hundreds of Millions in 2025, FBI Says. https://www.13newsnow.com/article/news/crime/ai-scams-stole- hundreds-of-millions-in-2025-fbi-says/291-cf84daae-7291-407c-8b7c-e3afc1bee4a0 Based on FBI IC3 reporting

  3. [3]

    Faseela Abdullakutty, Eyad Elyan, and Pamela Johnston. 2021. A review of state-of-the-art in face presentation attack detection: From early development to advanced deep learning and multi-modal fusion methods.Information fusion75 (2021), 55–69

  4. [4]

    Svetlana Abramova and Rainer B ¨ohme. 2016. Detecting copy–move forgeries in scanned text documents.Electronic Imaging28 (2016), 1–9. From Forgeries to Foundation Models: A Systematic Survey of Identity Document Attack and Detection 31

  5. [5]

    Musab Al-Ghadi, Joris Voerman, Micka¨el Coustaty, Olivier Lessard, and Nicolas Sidere. 2025. IDTrust: Deep Identity Document Quality Detection with Bandpass Filtering. InProceedings of the Winter Conference on Applications of Computer Vision. 716–723

  6. [6]

    Vladimir Viktorovich Arlazarov, Konstantin Bulatovich Bulatov, Timofey Sergeevich Chernov, and Vladimir Lvovich Arlazarov. 2019. MIDV-500: a dataset for identity document analysis and recognition on mobile devices in video stream.Компьютерная оптика43, 5 (2019), 818–824

  7. [7]

    Yong-Yeol Bae, Dae-Jea Cho, and Ki-Hyun Jung. 2025. Enhancing document forgery detection with edge-focused deep learning.Symmetry17, 8 (2025), 1208

  8. [8]

    Jamimamul Bakas, Ruchira Naskar, and Sambit Bakshi. 2021. Detection and localization of inter-frame forgeries in videos based on macroblock variation and motion vector analysis.Computers & Electrical Engineering89 (2021), 106929

  9. [9]

    Daniel Benalcazar, Juan E Tapia, Sebastian Gonzalez, and Christoph Busch. 2023. Synthetic id card image generation for improving presentation attack detection.IEEE Transactions on Information Forensics and Security18 (2023), 1814–1824

  10. [10]

    Romain Bertrand, Petra Gomez-Kr¨amer, Oriol Ramos Terrades, Patrick Franco, and Jean-Marc Ogier. 2013. A system based on intrinsic features for fraudulent document detection. In2013 12th International conference on document analysis and recognition. IEEE, 106–110

  11. [11]

    Biometric Update. 2026. Guilty Plea in OnlyFake Digital ID Scheme. https://www.biometricupdate.com/202602/guilty-plea-in-onlyfake-digital-id- scheme Accessed 2026

  12. [12]

    Carlos Boned, Maxime Talarmain, Nabil Ghanmi, Guillaume Chiron, Sanket Biswas, Ahmad Montaser Awal, and Oriol Ramos Terrades. 2024. Synthetic dataset of id and travel documents.Scientific Data11, 1 (2024), 1356

  13. [13]

    Konstantin Bulatov, Daniil Matalov, and Vladimir V Arlazarov. 2020. MIDV-2019: challenges of the modern mobile-based document OCR. In Twelfth International Conference on Machine Vision (ICMV 2019), Vol. 11433. SPIE, 717–722

  14. [14]

    Konstantin Bulatovich Bulatov, Pavel Vladimirovich Bezmaternykh, Dmitry Petrovich Nikolaev, and Vladimir Viktorovich Arlazarov. 2022. Towards a unified framework for identity documents analysis and recognition.Компьютерная оптика46, 3 (2022), 436–454

  15. [15]

    Bulatov Konstantin Bulatovich, Emelianova Ekaterina Vladimirovna, Tropin Daniil Vyacheslavovich, Skoryukina Natalya Sergeevna, Chernyshova Yulia Sergeevna, Ming Zuheng, Burie Jean-Christophe, and Luqman Muhammad Muzzamil. 2022. MIDV-2020: A comprehensive benchmark dataset for identity document analysis.Компьютерная оптика46, 2 (2022), 252–270

  16. [16]

    Albert Berenguel Centeno, Oriol Ramos Terrades, Josep Llad ´os Canet, and Cristina Ca ˜nero Morales. 2019. Identity Document and banknote security forensics: a survey.arXiv preprint arXiv:1910.08993(2019)

  17. [17]

    Changsheng Chen, Yongyi Deng, Liangwei Lin, Zitong Yu, and Zhimao Lai. 2024. Multi-Modal Document Presentation Attack Detection with Forensics Trace Disentanglement. In2024 IEEE International Conference on Multimedia and Expo (ICME). IEEE, 1–8

  18. [18]

    Changsheng Chen, Bokang Li, Rizhao Cai, Jishen Zeng, and Jiwu Huang. 2023. Distortion model-based spectral augmentation for generalized recaptured document detection.IEEE Transactions on Information Forensics and Security19 (2023), 1283–1298

  19. [19]

    Changsheng Chen, Xijin Li, Baoying Chen, and Haodong Li. 2024. A distortion model guided adversarial surrogate for recaptured document detection.Pattern Recognition151 (2024), 110433

  20. [20]

    Changsheng Chen, Youjie Li, Bokang Li, Weifan Yu, Baoying Chen, Bin Li, and Jiwu Huang. 2025. Moire spectral augmentation and masked frequency modeling for document presentation attack detection.IEEE Transactions on Dependable and Secure Computing(2025)

  21. [21]

    Changsheng Chen, Shuzheng Zhang, Fengbo Lan, and Jiwu Huang. 2022. Domain-agnostic document authentication against practical recapturing attacks.IEEE Transactions on Information Forensics and Security17 (2022), 2890–2905

  22. [22]

    Yulia Chernyshova, Ekaterina Emelianova, Alexander Sheshkus, and Vladimir V Arlazarov. 2021. MIDV-LAIT: a challenging dataset for recognition of IDs with Perso-Arabic, Thai, and Indian scripts. InInternational Conference on Document Analysis and Recognition. Springer, 258–272

  23. [23]

    William Clarkson, Tim Weyrich, Adam Finkelstein, Nadia Heninger, J Alex Halderman, and Edward W Felten. 2009. Fingerprinting blank paper using commodity scanners. In2009 30th IEEE Symposium on Security and Privacy. IEEE, 301–314

  24. [24]

    Gheorghe Comanici, Eric Bieber, Mike Schaekermann, Ice Pasupat, Noveen Sachdeva, Inderjit Dhillon, Marcel Blistein, Ori Ram, Dan Zhang, Evan Rosen, et al. 2025. Gemini 2.5: Pushing the frontier with advanced reasoning, multimodality, long context, and next generation agentic capabilities. arXiv preprint arXiv:2507.06261(2025)

  25. [25]

    Joseph Cox. 2024. Inside the Underground Site Where ‘Neural Networks’ Churn Out Fake IDs. 404 Media. https://www.404media.co/inside-the- underground-site-where-ai-neural-networks-churns-out-fake-ids-onlyfake/. Accessed: 2026-03-02

  26. [26]

    Finale Doshi-Velez and Been Kim. 2017. Towards a rigorous science of interpretable machine learning.arXiv preprint arXiv:1702.08608(2017)

  27. [27]

    European Parliament and Council of the European Union. 2016. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation). https://eur-lex.europa.eu/eli/reg/2016/679/oj. A...

  28. [28]

    Mark Everingham, Luc Van Gool, Christopher KI Williams, John Winn, and Andrew Zisserman. 2010. The pascal visual object classes (voc) challenge.International journal of computer vision88, 2 (2010), 303–338

  29. [29]

    Federal Bureau of Investigation, Internet Crime Complaint Center. 2024. Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud. https://www.ic3.gov/PSA/2024/PSA241203. Public Service Announcement PSA241203. Accessed: 2026-03-02

  30. [30]

    Federal Reserve Bank of Boston. 2025. Gen AI Is Ramping Up the Threat of Synthetic Identity Fraud. https://www.bostonfed.org/news- and-events/news/2025/04/synthetic-identity-fraud-financial-fraud-expanding-because-of-generative-artificial-intelligence.aspx. Accessed: 2026-03-02. 32 Das et al

  31. [31]

    Financial Crimes Enforcement Network. 2024. Alert on Fraud Schemes Involving Deepfake Media Targeting Financial Institutions. https: //www.fincen.gov/system/files/shared/FinCEN-Alert-DeepFakes-Alert508FINAL.pdf. Alert FIN-2024-Alert004. Accessed: 2026-03-02

  32. [32]

    Lishoy Francis, Gerhard Hancke, Keith Mayes, and Konstantinos Markantonakis. 2011. Practical relay attack on contactless transactions by using NFC mobile phones.Cryptology ePrint Archive(2011)

  33. [33]

    Johann Gebhardt, Markus Goldstein, Faisal Shafait, and Andreas Dengel. 2013. Document authentication using printing technique features and unsupervised anomaly detection. In2013 12th International conference on document analysis and recognition. IEEE, 479–483

  34. [34]

    Genians Security Center. 2025. AI-Driven Deepfake-Based Military ID Forgery Campaign Attributed to Kimsuky. https://www.genians.co.kr/en/ blog/threat_intelligence/deepfake Threat Intelligence Report

  35. [35]

    Anjith George and S´ebastien Marcel. 2025. EdgeDoc: Hybrid CNN-Transformer Model for Accurate Forgery Detection and Localization in ID Documents.arXiv preprint arXiv:2508.16284(2025)

  36. [36]

    Sebasti´an Gonz´alez and Juan Tapia. 2022. Towards refining ID cards presentation attack detection systems using face quality index. In2022 30th European Signal Processing Conference (EUSIPCO). IEEE, 1027–1031

  37. [37]

    Sebastian Gonzalez and Juan E Tapia. 2025. Forged presentation attack detection for ID cards on remote verification systems.Pattern Recognition 162 (2025), 111352

  38. [38]

    Sebastian Gonzalez, Andres Valenzuela, and Juan Tapia. 2020. Hybrid two-stage architecture for tampering detection of chipless ID cards.IEEE Transactions on Biometrics, Behavior, and Identity Science3, 1 (2020), 89–100

  39. [39]

    Hongmei Gou, Ashwin Swaminathan, and Min Wu. 2009. Intrinsic Sensor Noise Features for Forensic Analysis on Scanners and Scanned Images. IEEE Transactions on Information Forensics and Security4, 3 (2009), 476–491. doi:10.1109/TIFS.2009.2026458

  40. [40]

    Fabrizio Guillaro, Davide Cozzolino, Avneesh Sud, Nicholas Dufour, and Luisa Verdoliva. 2023. Trufor: Leveraging all-round clues for trustworthy image forgery detection and localization. InProceedings of the IEEE/CVF conference on computer vision and pattern recognition. 20606–20615

  41. [41]

    Michael Gusenbauer and Neal R Haddaway. 2020. Which academic search systems are suitable for systematic reviews or meta-analyses? Evaluating retrieval qualities of Google Scholar, PubMed, and 26 other resources.Research synthesis methods11, 2 (2020), 181–217

  42. [42]

    Martin Heusel, Hubert Ramsauer, Thomas Unterthiner, Bernhard Nessler, and Sepp Hochreiter. 2017. Gans trained by a two time-scale update rule converge to a local nash equilibrium.Advances in neural information processing systems30 (2017)

  43. [43]

    Hindustan Times. 2025. Bengaluru Techie Creates Realistic-Looking PAN, Aadhaar Using Nano Banana. https://www.hindustantimes.com/trending/ bengaluru-techie-creates-realistic-looking-pan-aadhar-using-nano-banana-twitterpreet-singh-101764046592054.html. Accessed: 2026-03-02

  44. [44]

    2021.Machine Readable Travel Documents (Doc 9303), Part 2: Specifications for the Security of the Design, Manufacture and Issuance of MRTDs(eighth edition ed.)

    International Civil Aviation Organization. 2021.Machine Readable Travel Documents (Doc 9303), Part 2: Specifications for the Security of the Design, Manufacture and Issuance of MRTDs(eighth edition ed.). International Civil Aviation Organization. https://www.icao.int/sites/default/files/ publications/DocSeries/9303_p2_cons_en.pdf Order No.: 9303P2

  45. [45]

    2024.Machine Readable Travel Documents Guidance Document: High-Level Guidance: Explaining the ICAO Digital Travel Credentials

    International Civil Aviation Organization (ICAO). 2024.Machine Readable Travel Documents Guidance Document: High-Level Guidance: Explaining the ICAO Digital Travel Credentials. Guidance Document. ICAO TAG/TRIP. https://www.icao.int/sites/default/files/TRIP/Publications/High-Level- Guidance-explaining-ICAO-DTC.pdf Accessed: 2026-01-14

  46. [46]

    2024.iProov Threat Intelligence Report 2024: The Impact of Generative AI on Remote Identity Verification

    iProov. 2024.iProov Threat Intelligence Report 2024: The Impact of Generative AI on Remote Identity Verification. Technical Report. iProov. https://www.iproov.com/reports/iproov-threat-intelligence-report-2024 Accessed: 2026-03-02

  47. [47]

    Phillip Isola, Jun-Yan Zhu, Tinghui Zhou, and Alexei A Efros. 2017. Image-to-image translation with conditional adversarial networks. In Proceedings of the IEEE conference on computer vision and pattern recognition. 1125–1134

  48. [48]

    Justin Johnson, Alexandre Alahi, and Li Fei-Fei. 2016. Perceptual losses for real-time style transfer and super-resolution. InEuropean conference on computer vision. Springer, 694–711

  49. [49]

    Brendan McMahan, Brendan Avent, et al

    Peter Kairouz, H. Brendan McMahan, Brendan Avent, et al. 2021. Advances and Open Problems in Federated Learning.Foundations and Trends in Machine Learning14, 1–2 (2021), 1–210

  50. [50]

    Tero Karras, Miika Aittala, Janne Hellsten, Samuli Laine, Jaakko Lehtinen, and Timo Aila. 2020. Training generative adversarial networks with limited data.Advances in neural information processing systems33 (2020), 12104–12114

  51. [51]

    LI Koliaskina, EV Emelianova, Daniil V Tropin, VV Popov, Konstantin B Bulatov, Dmitry P Nikolaev, and Vladimir V Arlazarov. 2023. Midv-holo: A dataset for id document hologram detection in a video stream. InInternational Conference on Document Analysis and Recognition. Springer, 486–503

  52. [52]

    Pavel Korshunov, Amir Mohammadi, Vidit Vidit, Christophe Ecabert, and S ´ebastien Marcel. 2025. FantasyID: A dataset for detecting digital manipulations of ID-documents.arXiv preprint arXiv:2507.20808(2025)

  53. [53]

    Pavel Korshunov, Vidit Vidit, Amir Mohammadi, Christophe Ecabert, Nevena Shamoska, S´ebastien Marcel, Zeqin Yu, Ye Tian, Jiangqun Ni, Lazar Lazarevic, et al. 2025. Deepid challenge of detecting synthetic manipulations in id documents. InProceedings of the IEEE/CVF International Conference on Computer Vision. 510–519

  54. [54]

    Christoph H Lampert, Lin Mei, and Thomas M Breuel. 2006. Printing technique classification for document counterfeit detection. In2006 International Conference on Computational Intelligence and Security, Vol. 1. IEEE, 639–644

  55. [55]

    Jane Lanhee Lee. 2025. North Korean Hackers Used ChatGPT to Help Forge Deepfake ID. Bloomberg. https://www.bloomberg.com/ news/articles/2025-09-14/north-korean-hackers-used-chatgpt-to-help-forge-deepfake-id Accessed 2026.Note:Update cite key in paper from therecord2025kimsukytobloomberg2025kimsuky

  56. [56]

    Jiaxing Li, Chenqi Kong, Shiqi Wang, and Haoliang Li. 2023. Two-branch multi-scale deep neural network for generalized document recapture attack detection. InICASSP 2023-2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, 1–5. From Forgeries to Foundation Models: A Systematic Survey of Identity Document Attack and...

  57. [57]

    Jinxing Li, Nicholas Ren, Cathy Chang, Hongkai Pan, and Daniel George. 2026. Layout-Aware Representation Learning for Open-Set ID Fraud Discovery. InProceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 9213–9222

  58. [58]

    Xiaochen Ma, Bo Du, Zhuohang Jiang, Ahmed Y Al Hammadi, and Jizhe Zhou. 2023. IML-ViT: Benchmarking image manipulation localization by vision transformer.arXiv preprint arXiv:2307.14863(2023)

  59. [59]

    Gerald Madlmayr, Josef Langer, Christian Kantner, and Josef Scharinger. 2008. NFC devices: Security and privacy. In2008 Third International Conference on A vailability, Reliability and Security. IEEE, 642–647

  60. [60]

    2023.An Investigation into the Application of the Meijering Filter for Document Recapture Detection

    John Magee, Stephen Sheridan, and Christina Thorpe. 2023.An Investigation into the Application of the Meijering Filter for Document Recapture Detection. Technical Report. Technological University Dublin

  61. [61]

    Reuben P Markham, Juan M Esp´ın L´opez, Mario Nieto-Hidalgo, and Juan E Tapia. 2024. Open-set: ID card presentation attack detection using neural style transfer.IEEE Access12 (2024), 68573–68585

  62. [62]

    Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Aguera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. InArtificial intelligence and statistics. Pmlr, 1273–1282

  63. [63]

    Qiang Meng, Shichao Zhao, Zhida Huang, and Feng Zhou. 2021. Magface: A universal representation for face recognition and quality assessment. InProceedings of the IEEE/CVF conference on computer vision and pattern recognition. 14225–14234

  64. [64]

    Raghavendra Mudgalgundurao, Patrick Schuch, Kiran Raja, Raghavendra Ramachandra, and Naser Damer. 2022. Pixel-wise supervision for presentation attack detection on identity document cards.IET biometrics11, 5 (2022), 383–395

  65. [65]

    Javier Mu ˜noz-Haro, Ruben Tolosana, Ruben Vera-Rodriguez, Aythami Morales, and Julian Fierrez. 2025. FakeIDet: Exploring Patches for Privacy-Preserving Fake ID Detection.arXiv preprint arXiv:2504.07761(2025)

  66. [66]

    NDTV. 2025. Fake Aadhaar and PAN Card with Nano Banana: Bengaluru Techie Flags AI Misuse. https://www.ndtv.com/offbeat/fake-aadhaar- and-pan-card-with-nano-banana-bengaluru-techie-flags-ai-misuse-9696267. Accessed: 2026-03-02

  67. [67]

    Frank on Fraud. 2026. FBI Arrests OnlyFake Boss for Creating 10,000 Digital IDs. https://frankonfraud.com/fbi-arrests-onlyfake-boss-for-creating- 10000-digital-ids/ Industry commentary on the DOJ case

  68. [68]

    Maxime Oquab, Timoth´ee Darcet, Th´eo Moutakanni, Huy Vo, Marc Szafraniec, Vasil Khalidov, Pierre Fernandez, Daniel Haziza, Francisco Massa, Alaaeldin El-Nouby, et al. 2023. Dinov2: Learning robust visual features without supervision.arXiv preprint arXiv:2304.07193(2023)

  69. [69]

    Matthew J Page, Joanne E McKenzie, Patrick M Bossuyt, Isabelle Boutron, Tammy C Hoffmann, Cynthia D Mulrow, Larissa Shamseer, Jennifer M Tetzlaff, Elie A Akl, Sue E Brennan, et al. 2021. The PRISMA 2020 statement: an updated guideline for reporting systematic reviews.The BMJ372 (2021)

  70. [70]

    Eun-Ju Park, Seung-Yeon Back, Jeongho Kim, and Simon S Woo. 2023. Kid34k: A dataset for online identity card fraud detection. InProceedings of the 32nd ACM International Conference on Information and Knowledge Management. 5381–5385

  71. [71]

    Suman V Patgar, K Rani, and T Vasudev. 2014. An unsupervised intelligent system to detect fabrication in photocopy document using Variations in Bounding Box Features. In2014 International Conference on Contemporary Computing and Informatics (IC3I). IEEE, 670–675

  72. [72]

    Burt Perry, Scott Carr, and Phil Patterson. 2000. Digital watermarks as a security feature for identity documents. InOptical Security and Counterfeit Deterrence Techniques III, Vol. 3973. SPIE, 80–87

  73. [73]

    2025.2025 Identity Fraud Study: Breaking Barriers to Innovation

    John Pitt et al . 2025.2025 Identity Fraud Study: Breaking Barriers to Innovation. Technical Report. Javelin Strategy & Research. https: //javelinstrategy.com/research/2025-identity-fraud-study-breaking-barriers-innovation Accessed: 2026-03-02

  74. [74]

    Alessandro Piva. 2013. An overview on image forensics.International Scholarly Research Notices2013, 1 (2013), 496701

  75. [75]

    Dmitry V Polevoy, Irina V Sigareva, Daria M Ershova, Vladimir V Arlazarov, Dmitry P Nikolaev, Zuheng Ming, Muhammad Muzzamil Luqman, and Jean-Christophe Burie. 2022. Document liveness challenge dataset (DLC-2021).Journal of Imaging8, 7 (2022), 181

  76. [76]

    Matineh Pooshideh, Amin Beheshti, Yuankai Qi, Helia Farhood, Mike Simpson, Nick Gatland, and Mehdi Soltany. 2024. Presentation attack detection: A systematic literature review.Comput. Surveys57, 1 (2024), 1–32

  77. [77]

    Alec Radford, Jong Wook Kim, Chris Hallacy, Aditya Ramesh, Gabriel Goh, Sandhini Agarwal, Girish Sastry, Amanda Askell, Pamela Mishkin, Jack Clark, et al. 2021. Learning transferable visual models from natural language supervision. InInternational conference on machine learning. PmLR, 8748–8763

  78. [78]

    Raghavendra Ramachandra and Christoph Busch. 2017. Presentation attack detection methods for face recognition systems: A comprehensive survey.ACM Computing Surveys (CSUR)50, 1 (2017), 1–37

  79. [79]

    Alvaro S Rocamora, Juan E Tapia, and Juan M Espin. 2026. From Simulation to Production: Few-Shot Learning for ID Card Presentation Attack Detection.IEEE Transactions on Biometrics, Behavior, and Identity Science(2026)

  80. [80]

    Andreas Rossler, Davide Cozzolino, Luisa Verdoliva, Christian Riess, Justus Thies, and Matthias Nießner. 2019. Faceforensics++: Learning to detect manipulated facial images. InProceedings of the IEEE/CVF international conference on computer vision. 1–11

Showing first 80 references.