Can a Certificate of Insurance Be Fake? How to Spot a Forged COI
Read any certificate of insurance free. Upload an ACORD 25 and let AI pull the data in seconds.
PDF, JPG, PNG, BMP, HEIC, TIFF
Upload your certificates of insurance
Drop files here or click to upload
Up to 50 files
Uploading...
Yes, a certificate of insurance can be fake. A COI is a PDF that summarizes a policy, not the policy itself, and a PDF is easy to edit. A vendor can change a limit, push out an expiration date, add an additional insured line, or invent a policy that was never bound, all in a few minutes. Because the certificate is only a snapshot prepared by the vendor's agent, the document looking clean does not prove the coverage behind it exists. This post covers how forged COIs are made, the red flags that give them away, and how to confirm a certificate is real before you rely on it.
Can a certificate of insurance be fake?
A certificate of insurance can absolutely be fake or altered. The ACORD 25 form most COIs use is a standard, widely available template, and the finished certificate is delivered as a PDF. Anyone with basic editing tools can change the numbers on it. The three common forms of fraud are an altered certificate (a real COI with edited limits or dates), a fabricated certificate (a made-up document for a policy that was never purchased), and an expired certificate passed off as current. None of these are caught by glancing at the PDF, because a forged COI is designed to look exactly like a real one.
How forged and altered COIs are made
Most COI fraud is not sophisticated. A vendor who cannot meet your insurance requirement, or who let a policy lapse, has a strong incentive to make the paperwork pass so the job is not held up. The usual methods are simple:
- Editing a real certificate. The vendor takes a genuine COI and changes a general liability limit from 1 million to 2 million, or moves the expiration date forward a year, so a short or lapsed policy looks compliant.
- Adding an additional insured line. Your name is typed into the certificate holder or additional insured box even though no endorsement was ever issued, so the box looks ticked without the coverage behind it.
- Reusing an old certificate. A certificate from a policy that has since expired or been cancelled is sent again, sometimes with the date edited, sometimes not, hoping nobody checks.
- Fabricating the whole document. A certificate is created for a policy that was never bound, with a real-sounding carrier name and a made-up policy number.
The point of all of this is to clear your onboarding gate. That is why the gate cannot just be "did we receive a certificate." It has to be "did we confirm the coverage is real and current."
Red flags that a COI is fake
No single sign proves a certificate is forged, but several of these together mean you should confirm it before relying on it. This is the kind of pattern an experienced reviewer, or COI verification software, looks for on every certificate.
| Red flag | Why it suggests a fake or altered COI |
|---|---|
| Limits that look edited | Misaligned numbers, a different font on one figure, or a limit that is exactly your requirement to the dollar can signal a typed-over value. |
| No producer or agency named | A real COI is issued by a licensed agency. A missing or vague producer block is a strong warning sign. |
| Dates that do not line up | An effective date after the issue date, or an expiration far in the future, suggests the dates were changed. |
| Carrier name without a NAIC number | Genuine certificates list the insurer and usually its NAIC code. A blank or invented carrier is a red flag. |
| Named insured does not match the vendor | The legal entity on the certificate should match the company you are contracting with, not a related name or DBA. |
| Additional insured box ticked, no endorsement | A checked box is not proof. The actual endorsement (for example CG 20 10 or CG 20 37) has to exist behind it. |
| Certificate sent by the vendor, not the agent | A COI emailed straight from the vendor, rather than issued by the agency, is easier to have altered along the way. |
How to confirm a certificate of insurance is real
To confirm a COI is real, check it against your requirement and, for anything high risk, confirm it at the source. The most reliable step is to contact the issuing agency or carrier listed on the certificate, using contact details you find independently rather than the ones printed on the document, and ask them to confirm the policy, limits and effective dates. For the additional insured status, request the actual endorsement, not just the certificate. Below the source check, a structured review catches most fraud on its own:
- Match the named insured to the exact legal entity in your contract.
- Compare every limit to your written requirement, not just to what looks high.
- Check the effective and expiration dates and confirm the policy is in force today.
- Verify the carrier exists and is financially sound, for example by checking the AM Best rating.
- Confirm the endorsements you require are actually attached, especially additional insured and waiver of subrogation.
- Keep a dated record of what you confirmed, so you can show it later if a claim or audit arrives.
For the full manual walkthrough, see our guide on how to verify a certificate of insurance. Once you have the agreement that requires this coverage in place, a tool like online document e-signing keeps the signed vendor contract and its insurance clause together with the certificate you collected.
Why software catches forgeries that a quick read misses
The problem with manual verification is not that people cannot read a certificate. It is that consistency breaks down at volume. Checking five certificates carefully is easy. Checking five hundred, every renewal, against changing requirements, while staying alert to a typed-over limit, is not. Different reviewers check differently, and a clean-looking fake slips through on a busy day.
This is where COI verification software helps. It reads every field on each certificate the same way, compares each value to the rule you set for that vendor, and flags anything short, expired or inconsistent. A limit that does not match the policy, a named insured that is wrong, a date that conflicts, or a coverage that falls below requirement is surfaced automatically, so the suspect certificates rise to the top instead of blending in. The software does not certify a document is genuine on its own, but it removes the inconsistencies that hide most forgeries, and it keeps a dated record of every check. Pair it with COI compliance software so a vendor that drops below requirement after onboarding is caught too, not just the ones who fake the first certificate.
If your team also collects other vendor paperwork during onboarding, such as W-9s, business licenses and insurance documents, an AI document data extraction tool can pull the key fields out of those files the same way verification software reads the COI, so the whole onboarding packet is captured instead of retyped. Real estate teams that verify insurance written into a lease can extract those clauses with AI lease abstraction software and check the certificate against what the lease actually requires.
Frequently asked questions
Can a certificate of insurance be forged?
Yes. A certificate of insurance can be forged or altered because it is a PDF summary, not the policy itself. A vendor can edit limits, change dates, add an additional insured line, or fabricate a certificate for a policy that was never purchased. The document looking authentic does not prove the coverage exists, which is why high-risk certificates should be confirmed with the issuing agency or carrier rather than taken at face value.
How can you tell if a COI is fake?
You can tell a COI may be fake from red flags like limits that look edited, a missing producer or agency, dates that do not line up, a carrier with no NAIC number, a named insured that does not match the vendor, or an additional insured box ticked with no endorsement behind it. No single flag is proof, but several together mean you should confirm the policy directly with the agency or carrier before relying on the certificate.
What should I do if I suspect a fake certificate of insurance?
If you suspect a fake certificate, do not let the vendor proceed until you confirm the coverage. Contact the issuing agency or carrier using contact details you find independently, not the ones on the document, and ask them to verify the policy, limits and effective dates. Request the actual additional insured endorsement rather than trusting the ticked box. Keep a dated record of what you confirmed in case a claim or audit follows.
Is a certificate of insurance proof of coverage?
A certificate of insurance is evidence that a policy existed when the certificate was issued, but it is not a guarantee of current coverage. The policy can be cancelled or lapse after the certificate is prepared, and the certificate does not amend the policy. To rely on it, confirm the policy is in force today and that any required endorsements are actually attached, then keep monitoring it, because a clean certificate at onboarding says nothing about coverage six months later.
Does verifying a COI catch fakes?
Verifying a COI catches most fakes because verification checks each value against your requirement and the source instead of trusting the document. Comparing limits to your contract, confirming the named insured, checking the dates, validating the carrier, and confirming endorsements exposes altered or fabricated certificates. For high-risk vendors, confirming the policy directly with the agency or carrier is the strongest check, and software makes the routine part of that consistent across every certificate.
How often do fake certificates of insurance happen?
There is no reliable public figure on how often COIs are faked, but altered and expired certificates are common enough that risk and procurement teams treat verification as routine rather than exceptional. The incentive is real: a vendor who cannot meet your insurance requirement or who let a policy lapse has a reason to make the paperwork pass. Assuming every certificate is genuine is the mistake that lets the occasional forgery through.