[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-84626-en":3,"doc-seo-84626-105":29,"detail-sidebar-cat-0-en-105":90},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":4,"is_deleted":4,"is_public":20,"is_downloadable":20,"audit_status":20,"page_count":21,"language":22,"language_code":23,"site_id":24,"html_lang":23,"table_of_contents":25,"faqs":26,"seo_title":13,"seo_description":14,"update_tm":27,"read_time":28},84626,1649267921044,"Ava Thompson","https://us-avatar.wpscdn.com/avatar/1800007509477c92dfb?_k=1782875107921204101",8,"Research & Report","From Forgeries to Foundation Models A Systematic Survey of Identity Document Attack and Detection","Identity document forgery has shifted in capability as generative AI enables high-fidelity document synthesis and field-level manipulation with limited expertise, while existing detection approaches lag behind benchmarks that do not match real deployment conditions. The work models an expanded attack surface across presentation, digital injection, and fully generative synthesis, yielding distinct forensic failure modes. It surveys detection from rule heuristics to injection-aware pipelines, foundation-model and few-shot methods, audits datasets (2019–2025) for a persistent reality gap, and evaluates multimodal manipulation, including script-dependent generative instability.","arXiv :2607 .0 1442v 1 [ cs .CR] 1 Jul 2026  \nFrom Forgeries to Foundation Models: A Systematic Survey of Identity Document Attack and Detection  \nGOURAB DAS, Indian Institute of Information Technology Dharwad (IIIT Dharwad), India  \nPAVAN KUMAR C, Indian Institute of Information Technology Dharwad (IIIT Dharwad), India RAGHAVENDRA RAMACHANDRA, SAFE Center, Norwegian University of Science and Technology (NTNU), Norway  \nIdentity document forgery has undergone a fundamental capability shift: generative AI tools now enable high-fidelity document synthesis and field-level manipulation with minimal technical expertise, while detection methods remain constrained by benchmarks that do not reflect this threat. The resulting attack surface spans physical presentation, digital injection, and fully generative synthesis, introducing distinct forensic failure modes that require a unified threat model and evaluation framework. This survey provides, to our knowledge, the first unified treatment of Presentation Attacks, Digital Injection Attacks, and GenAI-driven synthesis within a single identity verification threat model. We trace detection methodologies from rule-based heuristics through forensic localisation, injection-aware pipelines, foundation models, and few-shot frameworks. A systematic audit of public datasets from 2019–2025 exposesa persistent Reality Gap between benchmark conditions and operational deployment. We further analyse large multimodal models for identity document manipulation, identifying Script-Dependent Generative Instability (SDGI) as a recurring typographic failure mode in non-Latin script inpainting. Finally, zero-shot benchmarking on unseen synthesised ID cards shows that even the strongest publicly available models achieve APCER values above 25% under security-oriented operating conditions, highlighting substantial limits in cross-domain generalisation. We conclude by outlining future directions toward forensically grounded, privacy-preserving, and legally accountable identity verification systems.  \nCCS Concepts: • Computing methodologies → Computer vision; Machine learning; • Security and privacy → Biometrics; Digital forensics.  \nAdditional Key Words and Phrases: ID forgery, Presentation Attack Detection, Digital Injection Attacks, Document Forensics  \n1 Introduction  \nIdentity verification has emerged as a fundamental pillar of contemporary digital society, underpinning critical functions in financial services, border control, public welfare systems, and online service provisioning. The global transition from physical to camera-based identity card verification has enabled remote identity verification at unprecedented scale—but has simultaneously exposed serious structural vulnerabilities. Readily available image editing tools and, more recently, generative AI have fundamentally altered the threat landscape, enabling attackers with minimal technical expertise to create visually convincing fake documents. These developments have elevated identity document forgery from an isolated criminal activity into a systemic, scalable threat.  \nReal-world motivation and threat landscape: Recent incidents illustrate the operational relevance of identity document forgery and the breadth of attack surfaces. Documented cases include (i) AI-generated documents bypassing automated KYC verification, (ii) forged sovereign identity documents produced without technical expertise, (iii) large-scale synthetic identity fraud causing systemic financial losses, and (iv) formal law enforcement and regulatory alerts confirming active criminal exploitation. Representative public reports include:  \nAuthors’ Contact Information: Gourab Das, [gourab.das@iiitdwd.ac.in](gourab.das@iiitdwd.ac.in), Indian Institute of Information Technology Dharwad (IIIT Dharwad), India; Pavan Kumar C, [pavan@iiitdwd.ac.in](pavan@iiitdwd.ac.in), Indian Institute of Information Technology Dharwad (IIIT Dharwad), India; Raghavendra Ramachandra, [raghavendra.ramacha","cbCaiq0hIQrbaQLZ","https://ap.wps.com/l/cbCaiq0hIQrbaQLZ","pdf",33486416,1,34,"English","en",105,"# Introduction\n## Real-world motivation and threat landscape\n## Identity card verification stages\n## (Survey scope) Presentation attacks, digital injection, and GenAI synthesis\n## Detection methodology evolution and benchmarks\n## Dataset audit and reality gap\n## Multimodal manipulation analysis and SDGI\n## Zero-shot benchmarking and limits\n## Future directions","[{\"question\":\"What threat shift does the survey focus on for identity document forgery?\",\"answer\":\"Generative AI enables high-fidelity synthesis and field-level manipulation with minimal technical expertise, while detection methods remain tied to benchmarks that fail to reflect operational conditions.\"},{\"question\":\"How does the survey structure the identity verification threat model?\",\"answer\":\"It unifies Presentation Attacks, Digital Injection Attacks, and GenAI-driven synthesis under a single identity verification threat model, covering presentation, digital injection, and fully generative synthesis pathways.\"},{\"question\":\"What limitations do the results highlight about detection models in practice?\",\"answer\":\"Systematic dataset audits show a persistent reality gap, and zero-shot testing on unseen synthesized ID cards indicates that even strong public models can still achieve APCER above 25% under security-oriented settings, limiting cross-domain generalisation.\"}]",1784197245,86,{"code":4,"msg":30,"data":31},"ok",{"site_id":24,"language":23,"slug":32,"title":13,"keywords":33,"description":14,"schema_data":34,"social_meta":85,"head_meta":87,"extra_data":89,"updated_unix":27},"from-forgeries-to-foundation-models-a-systematic-survey-of-identity-document-attack-and-detection","",{"@graph":35,"@context":84},[36,53,67],{"@type":37,"itemListElement":38},"BreadcrumbList",[39,43,47,50],{"item":40,"name":41,"@type":42,"position":20},"https://docshare.wps.com","Home","ListItem",{"item":44,"name":45,"@type":42,"position":46},"https://docshare.wps.com/document/","Document",2,{"item":48,"name":12,"@type":42,"position":49},"https://docshare.wps.com/document/research-report/",3,{"item":51,"name":13,"@type":42,"position":52},"https://docshare.wps.com/document/from-forgeries-to-foundation-models-a-systematic-survey-of-identity-document-attack-and-detection/84626/",4,{"url":51,"name":13,"@type":54,"author":55,"headline":13,"publisher":57,"fileFormat":60,"inLanguage":23,"description":14,"dateModified":61,"datePublished":61,"encodingFormat":60,"isAccessibleForFree":62,"interactionStatistic":63},"DigitalDocument",{"name":9,"@type":56},"Person",{"url":40,"name":58,"@type":59},"DocShare","Organization","application/pdf","2026-07-16",true,{"@type":64,"interactionType":65,"userInteractionCount":4},"InteractionCounter",{"@type":66},"ViewAction",{"@type":68,"mainEntity":69},"FAQPage",[70,76,80],{"name":71,"@type":72,"acceptedAnswer":73},"What threat shift does the survey focus on for identity document forgery?","Question",{"text":74,"@type":75},"Generative AI enables high-fidelity synthesis and field-level manipulation with minimal technical expertise, while detection methods remain tied to benchmarks that fail to reflect operational conditions.","Answer",{"name":77,"@type":72,"acceptedAnswer":78},"How does the survey structure the identity verification threat model?",{"text":79,"@type":75},"It unifies Presentation Attacks, Digital Injection Attacks, and GenAI-driven synthesis under a single identity verification threat model, covering presentation, digital injection, and fully generative synthesis pathways.",{"name":81,"@type":72,"acceptedAnswer":82},"What limitations do the results highlight about detection models in practice?",{"text":83,"@type":75},"Systematic dataset audits show a persistent reality gap, and zero-shot testing on unseen synthesized ID cards indicates that even strong public models can still achieve APCER above 25% under security-oriented settings, limiting cross-domain generalisation.","https://schema.org",{"og:url":51,"og:type":86,"og:title":13,"og:site_name":58,"og:description":14},"article",{"robots":88,"canonical":51},"index,follow",{"doc_id":7,"site_id":24},{"code":4,"msg":5,"data":91},[92,96,100,104,109,114,119,122,127,130,134],{"id":20,"doc_module":4,"doc_module_name":45,"category_name":93,"show_sort_weight":94,"slug":95},"Story & Novel",90,"story-novel",{"id":46,"doc_module":4,"doc_module_name":45,"category_name":97,"show_sort_weight":98,"slug":99},"Literature",80,"literature",{"id":52,"doc_module":4,"doc_module_name":45,"category_name":101,"show_sort_weight":102,"slug":103},"Exam",70,"exam",{"id":105,"doc_module":4,"doc_module_name":45,"category_name":106,"show_sort_weight":107,"slug":108},5,"Comic",60,"comic",{"id":110,"doc_module":4,"doc_module_name":45,"category_name":111,"show_sort_weight":112,"slug":113},6,"Technology",50,"technology",{"id":115,"doc_module":4,"doc_module_name":45,"category_name":116,"show_sort_weight":117,"slug":118},7,"Healthcare",40,"healthcare",{"id":11,"doc_module":4,"doc_module_name":45,"category_name":12,"show_sort_weight":120,"slug":121},30,"research-report",{"id":123,"doc_module":4,"doc_module_name":45,"category_name":124,"show_sort_weight":125,"slug":126},9,"Religion & Spirituality",20,"religion-spirituality",{"id":125,"doc_module":4,"doc_module_name":45,"category_name":128,"show_sort_weight":125,"slug":129},"World Cup","world-cup",{"id":131,"doc_module":4,"doc_module_name":45,"category_name":132,"show_sort_weight":131,"slug":133},10,"Lifestyle","lifestyle",{"id":135,"doc_module":4,"doc_module_name":45,"category_name":136,"show_sort_weight":105,"slug":137},19,"General","general"]