Certificate of insurance verification means confirming a COI is authentic, current, and meets your coverage requirements before you let a vendor on the job. You can check it manually, carrier by carrier, or have AI read the certificate and verify it against your rules in seconds. Upload a COI above to see the verification.
Last updated June 2026
Upload your certificates of insurance
Drop files here or click to upload
Up to 50 files
Uploading...
Reading a certificate is easy. Confirming it is real, current and adequate, across dozens or hundreds of vendors, is where manual verification breaks down.
A COI is just a PDF, and PDFs are easy to edit. A vendor can change a limit, a date or an insurer name in seconds. Without checking the source, you cannot tell an altered certificate from a real one.
A certificate that was valid at onboarding lapses the day the policy renews. If no one is watching the expiration date, you carry an uninsured vendor without knowing it.
A certificate can be completely genuine and still fall short. If your contract requires 2 million in general liability and the COI shows 1 million, the document is real but the coverage is not enough.
The insured on the certificate has to be the exact legal entity you are contracting with. A COI for a related company, a sole owner or a different DBA may not cover the work at all.
Additional insured status, waiver of subrogation and primary and noncontributory wording are often required and often missing. The COI box can be ticked without the actual endorsement attached.
Checking five certificates by hand is fine. Checking five hundred, every renewal, across changing requirements, is not. Manual verification simply does not scale.
Most COI fraud and most coverage gaps are not caught by a quick glance at the PDF. They are caught by confirming the certificate against your requirements and, for anything high risk, against the source. The manual version of that is slow and error-prone. The job is a good fit for software: read every field, check it against your rules, watch the expiration date, and flag anything that does not match, on every certificate, automatically.
COISoftware reads each certificate with AI and verifies it against your requirements, so every COI is checked the same way, every time.
Upload any certificate and the AI extracts the insurer, policy numbers, coverage types, limits, effective and expiration dates, and additional insured status, even from scans and phone photos.
Set your minimum limits and required coverages once. Every certificate is checked against them and flagged the moment a limit is short or a coverage is missing.
See the named insured and whether additional insured and other required endorsements are present, so a real-looking COI does not hide a coverage gap.
The system surfaces expired dates, mismatched names and limits below requirement so the certificates that need a closer look, including possible fakes, rise to the top.
Verification is not a one-time event. Automated reminders at 60, 30 and 15 days mean a certificate that lapses is caught before it becomes your problem.
Every certificate, its extracted data and its compliance status are stored together, so you can show exactly what you verified and when if a claim or audit arrives.
Software handles the volume, but it helps to know the manual checks too. The steps below are the same ones a risk manager runs by hand. COISoftware reads the ACORD 25 and the broader certificate of liability insurance, and ties verification into full certificate of insurance management software and vendor insurance compliance tracking.
The manual checks a risk or compliance team runs on every COI. Software automates these, but here is what each one confirms.
Look for the ACORD logo in the top right and the ACORD 25 label in the bottom left. Check that fonts, spacing and alignment are consistent. Mismatched fonts, crooked dates or missing logos are common signs of an altered certificate.
Tip: Altered PDFs often show a different font on the one field that was changed, usually a limit or a date.
The insured listed must be the exact legal entity you are contracting with. A certificate for a related company, a different DBA or an individual owner may not cover the work, so confirm the name matches your contract exactly.
Read the effective and expiration dates and confirm they cover your entire work period. A certificate that expires partway through the job leaves you exposed for the rest of it.
Confirm each required coverage is present and that every limit meets or beats your requirement. General liability, auto, umbrella and workers compensation each have their own minimums, so check them line by line.
If your contract requires additional insured status, waiver of subrogation or primary and noncontributory wording, confirm those endorsements are actually attached, not just implied by a checked box on the certificate.
For anything high value or high risk, confirm the certificate with the issuing agent or carrier and check that the insurer is licensed in your state using the NAIC database. Source verification is the only way to be certain a certificate is real and still in force.
Anyone who relies on a vendor, tenant or subcontractor carrying real, adequate coverage before work begins.
Fake and altered certificates almost always show small tells. The font on a changed field does not match the rest of the form. Dates are off-center or in a different typeface than the policy numbers. The ACORD logo or the ACORD 25 label is missing. Spelling errors appear in the insurer or agency name. The producer or agency cannot be found in your state Department of Insurance records. Any one of these is reason to verify the certificate directly with the agent or carrier before you accept it.
Property managers and landlords verify tenant and contractor coverage before granting access. General contractors verify every subcontractor before they set foot on site. Facilities, procurement and risk teams verify vendors during onboarding and at each renewal. Franchisors verify that franchisees carry the required coverage. In each case the cost of accepting a fake or lapsed certificate, an uncovered claim, falls back on you, which is why verification cannot be a one-time glance.
To scale verification across many vendors, pair these checks with certificate of insurance management software and ongoing vendor insurance compliance tracking. If you are choosing a platform, our best COI tracking software roundup and the Certificial alternative comparison cover how the tools verify coverage differently.
Confirm the document is a genuine ACORD form, match the named insured to your vendor exactly, check the effective and expiration dates cover your work period, verify each coverage type and limit meets your requirement, and confirm any required endorsements are attached. For high-risk vendors, verify the policy directly with the issuing agent or carrier.
Look for the ACORD logo in the top right and the ACORD 25 label in the bottom left, and check that fonts and alignment are consistent across every field. Confirm the agency exists in your state Department of Insurance records, and for certainty, call the agent or carrier to confirm the policy is genuine and still active.
Common signs of a fake or altered certificate are a different font on one field such as a limit or date, off-center dates, a missing ACORD logo or label, spelling errors in the insurer name, and a producer you cannot find in state insurance records. Any of these means you should verify the certificate at the source before accepting it.
Yes. You can confirm the insurer is licensed in your state through the NAIC database, and some carriers offer portals to confirm a policy by number. COISoftware verifies the certificate itself online: upload the COI and AI reads every field and checks the limits, coverages and dates against your requirements in seconds.
The party requiring the coverage, such as a property manager, general contractor, facilities or procurement team, verifies the certificate, often with help from their broker. The issuing agent and the carrier can confirm a policy is genuine and active. Software like COISoftware automates the document and coverage checks so your team only investigates the certificates that get flagged.
A certificate is valid only while the underlying policy is in force, shown by the effective and expiration dates on the form, and only as long as the policy is not canceled mid-term. Most policies run a year, so certificates are typically re-collected and re-verified annually, which is why expiration monitoring matters as much as the first check.
Check the named insured matches your vendor, the policy dates cover your work, each required coverage is present, every limit meets your minimum, and the required endorsements such as additional insured are attached. Confirm the certificate is a genuine ACORD form and, for high-risk work, verify it with the agent or carrier.
Read ACORD 25 data, verify coverage and track every COI expiration.
Collect, verify and track vendor and subcontractor COIs in one place.
Compare the leading COI tracking platforms honestly, side by side.
