Indonesia’s fintech ecosystem continues to expand across digital banking, e-wallets, consumer finance, BNPL, and online lending. As more financial services move to mobile-first onboarding, identity verification has become a critical control point for preventing fraud before an account is opened or a loan is approved.
However, collecting an identity document and extracting its data does not automatically confirm that the document is authentic.
Fraudsters may alter personal information, replace the portrait photo, edit document fields, submit screenshots, or re-photograph manipulated documents to conceal digital traces. In some cases, a document remains visually readable and can still pass basic OCR checks, even though the identity information has been modified.
For fintech companies in Indonesia, the challenge is no longer limited to digitizing identity documents. A secure eKYC workflow must also determine whether the submitted document can be trusted.
Why Document Authenticity Matters in Indonesia’s Digital Finance Market
Identity fraud has become a broader concern as financial services become increasingly digital.
In its roadmap for Indonesia’s Information Technology-Based Joint Funding Services, or LPBBTI sector, the Financial Services Authority of Indonesia (OJK) identified fraud and falsification of borrower identity documents as real industry challenges. The roadmap also highlighted cases in which individuals received loan repayment demands for loans they had never applied for.
This type of fraud can create multiple business risks:
- Fraudulent loan applications and credit losses
- Account opening under stolen identities
- Mule account creation
- Unauthorized access to financial services
- Increased manual review and investigation costs
- Consumer complaints and reputational damage
The broader digital fraud environment also continues to require attention. In its May 2026 update, OJK reported that the Indonesia Anti-Scam Centre had received more than 579,000 reports and blocked more than 515,000 reported accounts since the center began operating.
Not all of these cases originated from manipulated documents. However, the figures illustrate why financial institutions need stronger controls at the earliest stage of the customer lifecycle.
OCR Is Necessary, but It Is Not Enough
Optical Character Recognition, or OCR, is an essential component of digital onboarding.
It allows fintech platforms to extract information from identity documents, such as:
- Full name
- Identity number
- Date of birth
- Address
- Document type
- Other structured fields required for onboarding
OCR reduces manual data entry, improves onboarding speed, and helps standardize customer information.
However, OCR is designed primarily to read text. It does not automatically determine whether the text was originally printed on the document or digitally altered before submission.
A fraudster may modify a name, address, date of birth, or identification number while preserving a realistic visual appearance. If the edited text remains clear, a basic OCR engine may extract the manipulated information successfully.
This creates an important distinction:
OCR answers the question: “What information appears on the document?”
Document authenticity checks answer the question: “Can the submitted document be trusted?”
A secure eKYC workflow requires both.
Common Types of Manipulated Identity Documents
Manipulated identity documents can appear in different forms. Fintech companies should design onboarding systems to detect several common patterns.
1. Edited Personal Information
Fraudsters may use image editing tools to modify identity numbers, names, addresses, or dates of birth.
The altered document may still look convincing on a mobile screen, especially when the image quality is reduced or compressed during submission.
2. Portrait Photo Replacement
An attacker may replace the original portrait photo on an identity document with another face.
This technique can be used to combine stolen personal data with the fraudster’s own selfie, making basic visual review more difficult.
3. Composite Documents
A composite document combines elements from multiple sources, such as a real document template, edited text fields, and a substituted portrait image.
The final document may appear legitimate at first glance but contain subtle inconsistencies in spacing, alignment, image boundaries, or visual texture.
4. Re-Photographed Documents
Instead of uploading a directly edited image, fraudsters may print a manipulated document and photograph it again. They may also display the altered document on another screen and capture it with a mobile camera.
This process can conceal editing traces, reduce image sharpness, and introduce glare, reflections, or compression artifacts that make fraud harder to identify.
5. Screenshots and Screen-Based Submissions
A screenshot of an identity document may indicate that the applicant is not presenting the original physical document during onboarding.
Although not every screenshot is fraudulent, screen-based submissions should be treated as a higher-risk signal and evaluated together with other identity checks.
How Fintechs Can Detect Manipulated Documents During eKYC
Document authenticity checks should not rely on a single model or rule. A layered approach is more effective because different fraud techniques leave different signals.
Step 1: Improve Document Capture Quality
The first layer begins before OCR processing.
Mobile onboarding flows should guide users to capture a clear image of the original document. The system can assess whether the document is:
- Fully visible within the capture frame
- Sufficiently sharp
- Free from excessive glare or shadow
- Captured under suitable lighting conditions
- Not heavily cropped or obstructed
- Presented as a physical document rather than a screenshot or screen replay
This improves both user experience and fraud detection accuracy.
A low-quality image should not always lead to immediate rejection. In many cases, the most appropriate action is to request a new capture. However, repeated low-quality submissions or screen-based images can be included in the risk score.
Step 2: Analyze Visual Authenticity Signals
After capture, the document image should be evaluated for visual inconsistencies.
AI-based document analysis can identify anomalies such as:
- Irregular fonts or text spacing
- Misaligned fields
- Unnatural portrait boundaries
- Inconsistent image resolution across document regions
- Suspicious background textures
- Abnormal lighting or reflection patterns
- Signs of printing, re-photographing, or screen recapture
- Compression artifacts around edited areas
A single anomaly may not be sufficient to confirm fraud. For example, an older document or a low-end smartphone camera may also produce visual imperfections.
The objective is to combine multiple signals and determine whether the document requires additional verification.
Step 3: Combine OCR with Data Consistency Checks
OCR results should be validated through business rules and cross-field consistency checks.
Fintech platforms can verify whether:
- Required fields are present
- Dates follow valid formats
- Extracted fields are internally consistent
- The document type matches the expected template
- The portrait image is positioned correctly
- Submitted information matches data entered by the applicant
- Duplicate identity data appears across multiple accounts
- Authoritative data sources can confirm the identity information, where available
This step helps detect documents that are visually convincing but contain invalid or inconsistent data.
Step 4: Match the Applicant’s Selfie with the Document Portrait
Document verification should be connected with biometric identity verification.
A face comparison check can determine whether the selfie captured during onboarding matches the portrait photo on the submitted identity document.
This is especially important for detecting portrait substitution. If a fraudster edits a document but cannot provide a matching live face, the onboarding attempt can be flagged or rejected.
Face comparison should be treated as one layer in the decision process rather than a standalone approval mechanism. Image quality, face similarity, document authenticity, and other signals should be evaluated together.
Step 5: Use Liveness Detection to Confirm Real Presence
A matching selfie is not always enough.
Fraudsters may attempt to use printed photos, replayed videos, masks, or AI-generated facial content to bypass face verification. Liveness detection helps determine whether the applicant is a real person physically present during onboarding.
By combining document authenticity analysis, face comparison, and liveness detection, fintech companies can reduce the risk of approving applications based on stolen or manipulated identities.
Step 6: Apply Risk-Based Decisioning
Not every onboarding attempt should follow the same verification path.
A risk-based eKYC workflow can classify applications into different outcomes:
| Risk Level | Example Signals | Recommended Action |
|---|---|---|
| Low Risk | Clear original document, consistent OCR data, successful face match, successful liveness check | Approve onboarding |
| Medium Risk | Minor image quality issues, partial field inconsistency, unusual capture conditions | Request recapture or additional verification |
| High Risk | Portrait mismatch, suspected editing, screen recapture, repeated failed submissions | Manual review |
| Critical Risk | Multiple manipulation signals, biometric spoofing, duplicate identity use | Reject or block |
This approach helps fintech companies maintain onboarding conversion rates while applying stronger controls to suspicious applications.
Building a More Reliable eKYC Architecture
Document authenticity checks are most effective when they are integrated into the overall onboarding workflow.
A modern identity verification architecture can combine:
- Document capture quality assessment
- OCR and structured data extraction
- Document authenticity analysis
- Data consistency checks
- Selfie-to-document face comparison
- Liveness detection
- Device and session risk signals
- Risk scoring and decisioning
- Manual review for high-risk cases
This layered design creates a more complete view of the applicant.
For example, a document with slightly unusual image quality may still be approved if the extracted data is consistent, the selfie matches the portrait, and the liveness check succeeds. In contrast, a document with suspicious portrait boundaries, screen recapture signals, and a failed face match should be escalated immediately.
Balancing Fraud Prevention and Customer Experience
Indonesia is a mobile-first market, and onboarding systems must work across a wide range of devices and network conditions.
Overly strict capture rules can create unnecessary friction for legitimate customers. At the same time, weak controls can expose fintech platforms to identity fraud.
The goal is not to reject every imperfect document image. Instead, the system should distinguish between:
- A legitimate customer using a low-quality camera
- A user who needs simple capture guidance
- A suspicious document that requires additional checks
- A coordinated fraud attempt that should be blocked
Risk-based decisioning allows fintech companies to apply additional verification only when necessary.
Data Protection Should Be Built into the Workflow
Identity documents and biometric data contain sensitive personal information.
Indonesia’s Personal Data Protection Law, or UU PDP, has been fully effective since October 17, 2024. Fintech companies should ensure that identity verification workflows apply appropriate data protection controls throughout the customer lifecycle.
Key considerations include:
- Collecting only necessary data
- Encrypting data during transmission and storage
- Applying role-based access controls
- Maintaining audit trails
- Setting clear data retention rules
- Protecting document images and biometric data from unauthorized access
- Providing transparent consent and privacy notices
Fraud prevention and data protection should reinforce each other. Stronger security controls help protect both the fintech platform and its customers.
How Face++ Supports Secure Digital Onboarding
Face++ provides AI-powered identity verification capabilities for digital onboarding scenarios, including OCR, face comparison, and liveness detection.
These capabilities can be integrated into a layered eKYC workflow to help fintech companies:
- Extract identity document data efficiently
- Compare the applicant’s selfie with the document portrait
- Confirm that the applicant is physically present
- Identify suspicious onboarding attempts
- Apply risk-based verification actions
Document authenticity checks, biometric verification, data validation, and operational risk controls should work together as part of a complete identity verification strategy.
Conclusion
As digital financial services continue to scale in Indonesia, identity verification must go beyond collecting document images and extracting text.
Manipulated identity documents can remain readable, visually convincing, and difficult to detect through OCR alone. Fintech companies need a layered eKYC approach that combines document capture quality assessment, visual authenticity checks, OCR validation, face comparison, liveness detection, and risk-based decisioning.
The result is a more secure onboarding process that can reduce fraud exposure without creating unnecessary friction for legitimate users.
FAQ
What is a document authenticity check?
A document authenticity check evaluates whether an identity document appears genuine or has signs of manipulation, editing, re-photographing, or screen recapture.
Can OCR detect a fake identity document?
OCR can extract text from a document, but it does not automatically confirm that the document is authentic. OCR should be combined with document analysis, data consistency checks, biometric verification, and risk scoring.
Why should fintech companies use face comparison during eKYC?
Face comparison helps determine whether the applicant’s selfie matches the portrait photo on the identity document. It is particularly useful for detecting portrait replacement and stolen identity fraud.
What is the role of liveness detection in document verification?
Liveness detection confirms that the person submitting the selfie is physically present rather than using a printed photo, replayed video, mask, or other spoofing method.
How should fintech platforms handle suspicious identity documents?
Suspicious submissions can be routed through a risk-based workflow. Depending on the detected signals, the system may request a new capture, require additional verification, trigger manual review, or reject the application.
Meta Description
Learn how fintech companies in Indonesia can detect manipulated identity documents during eKYC using document authenticity checks, OCR validation, face comparison, liveness detection, and risk-based decisioning.
