Aviation Document Fraud: How Fake Pilot Licences, Medical Certificates, and Crew Credentials Pass Undetected

In most industries, a fraudulent credential causes a financial loss or a compliance finding. In aviation, it can cause a crash.

In June 2026, Air Canada pilot Geoffrey Wall was arrested and charged with flying more than 900 commercial flights over 17 years without the required captain's licence. He faces seven criminal charges including fraud over $5,000 and uttering forged documents. He captained Boeing aircraft carrying passengers across North America for nearly two decades before the fraud was detected.

That case is not a one-off. It is the visible end of a well-documented pattern: fake pilot licences, fabricated medical certificates, forged maintenance sign-offs, and altered airworthiness documents that pass visual inspection and register checks — but would not survive forensic analysis.

The Aviation Credential Attack Surface

Commercial aviation requires a dense stack of verified credentials for every person operating in or near an aircraft. Each document type is a potential fraud target.

Pilot Licences (ATPL, CPL, MPL)

The Airline Transport Pilot Licence is the highest level of pilot certification — required for captains on commercial passenger flights. It is issued by national aviation authorities: the UK CAA, EASA member state authorities, the FAA in the United States, GCAA in the UAE, DGCA in India, and others.

Fraud vectors:

• Fabricated licences: entirely AI-generated or desktop-published documents styled to match the issuing authority's genuine template
• Altered licences: genuine licences with names, ratings, or validity dates changed — often to extend an expired licence or add type ratings the holder has not earned
• Transferred identity: a genuine licence presented by someone other than the named holder, relying on weak photo verification

The Air Canada case illustrates how long fraudulent licences can go undetected when verification relies on visual inspection and self-reported credentials. In India, Delhi Police arrested 12 pilots, 3 DGCA officials, 3 middlemen, and 2 forgers in a coordinated fake licence operation. Two fraud patterns ran concurrently: fabricated CPL exam marksheets to obtain licences, and flying schools crediting flight hours in certificates for training never undertaken. The DGCA subsequently placed approximately 10,000 CPLs and 4,000 ATPLs under review.

Type ratings — which certify a pilot to operate a specific aircraft type such as the Boeing 737 or Airbus A320 — are individually endorsed on the licence. An altered rating endorsement allowing a pilot to fly an aircraft they have not been trained on is among the highest-risk fraud scenarios in commercial aviation.

Class 1 Medical Certificates

Commercial pilots must hold a Class 1 Medical Certificate issued by an Aviation Medical Examiner (AME), confirming they meet the medical standards required to fly. These certificates are time-limited and must be renewed periodically.

The Michael Fay case is instructive: a former US Air Force pilot forged both his commercial pilot licences and medical certificates to obtain a contract flying role with Afriqiyah Airways, a Libyan carrier. He was not caught through document verification — he was caught because a fellow pilot grew suspicious of his technical knowledge and alerted authorities. He was convicted in 2011. The fraud would likely have continued if not for that colleague's observation.

Fraud vectors include altering expiry dates, removing disqualifying conditions noted on the certificate, and fabricating the certificate entirely. A pilot with an undetected cardiac condition, untreated mental health issue, or substance use disorder flying on an altered medical certificate represents a direct safety risk that no amount of flight-deck instrumentation mitigates.

Part-66 / A&P Maintenance Engineer Licences and Airworthiness Documentation

Aircraft engineers are required to hold a maintenance licence confirming their authorisation to certify airworthiness. EASA Part-66 covers European operations; the FAA Airframe and Powerplant (A&P) certificate covers the US. Both specify categories and subcategories of authorisation.

The AOG Technics case — uncovered in August 2023 — showed the scale possible when airworthiness documentation is forged. AOG Technics, a British company, sold over 60,000 aircraft parts for CFM56 engines (which power the Boeing 737NG and Airbus A320 families) accompanied by fabricated certificates of conformance. The company's director used his home computer to create fake manufacturer certificates, invented fictitious employees, and sent emails signed by nonexistent quality managers to make used or untraceable parts appear airworthy. The fraud caused losses exceeding £39.3 million and triggered fleet inspections across multiple airlines. The director was jailed for four years and eight months in February 2026.

Separately, Aircraft Engineers International (AEI) documented a case in which a European Part-147 Maintenance Training Organisation was found to have issued more than 1,200 Certificates of Recognition across more than 1,300 Part-66 exam modules fraudulently — evidence of systematic irregularities during examinations. AEI raised this directly with EASA, and the issue prompted regulatory rule changes to Part-66 and Part-147.

A maintenance engineer operating outside their certified category — or without a genuine licence at all — can sign off work they are not qualified to inspect. The consequences emerge not at the time of signing but later, in the air.

Security Clearances and Background Checks

All aviation personnel with airside access — pilots, cabin crew, ground handlers, fuelling staff, baggage loaders, maintenance engineers — are required to hold a security clearance. In the UK, this is a Criminal Record Check (CRC) administered through the CAA. EASA member states have equivalent requirements. In the US, the TSA administers background checks for airside workers.

These clearances are among the most frequently targeted aviation documents. A conviction for theft, violence, or terrorism-related offences disqualifies an applicant from airside access. Altering a clearance document to remove a disqualifying record is a documented fraud pattern.

Cabin Crew Training Records and Safety Certificates

Cabin crew are required to complete and document specific safety training before flying commercially: emergency procedures, first aid, evacuation drills, dangerous goods handling. These training records are issued by approved training organisations (ATOs) and must be current.

Fraudulent training records — fabricated to show completion of training that never occurred — are a relatively low-effort fraud with high safety consequences. A crew member who has never completed an evacuation drill may not perform correctly under pressure.

Logbooks and Flight Hour Records

Total flight hours are a core hiring criterion for pilots. Minimum hours are specified for licence categories, and airlines set their own minimums for specific fleet types. Logbooks — whether physical or digital — are frequently inflated, altered, or partially fabricated to meet minimum thresholds.

The India DGCA investigation surfaced this explicitly: flying schools were found to be crediting flight hours in certificates for hours never actually flown — a parallel fraud to the fake marksheets, designed to help pilots meet minimum thresholds for licence upgrades and airline applications.

Why AI-Generated and AI-Assisted Deepfakes Make This Worse

Aviation credential fraud is not new — the cases above span 2011 to 2026. What has changed in the last two years is the quality of the tooling available to commit it.

AI-generated documents are now realistic enough to pass visual inspection by experienced document handlers. A generative model trained on genuine EASA or FAA licence images can produce a visually indistinguishable output — correct field positioning, matching fonts, plausible licence numbers — in minutes.

AI-assisted alteration removes the forensic fingerprints that previously betrayed manual edits. Where a cut-and-paste name change would leave visible compression artefacts, AI inpainting fills in surrounding texture and background patterns in a way that is invisible to the eye.

Deepfake photo substitution on genuine documents — replacing the licence holder's portrait with the fraudster's — is now achievable with consumer tools. The document is genuine; the identity claimed is not.

The AOG Technics fraud was executed using a home computer and basic document editing software in the early 2020s. The same scheme today, using current AI tooling, would produce certificates far harder to detect visually. The pre-AI detection heuristic — "it looks right" — is no longer sufficient. Document fraud is no longer visually distinguishable from genuine issuance by anyone without forensic tooling.

What Forensic Analysis Catches That Visual Checks Miss

ATPL and CPL Licences

Genuine pilot licences issued by authorities like the UK CAA, EASA member states, or the FAA carry structural properties that forensic analysis verifies:

• Font consistency: pilot licences use specific typefaces at defined sizes and weights. Name, rating, and date fields altered post-issuance introduce font substitution errors detectable at the pixel level
• Compression profile: a document scanned and re-uploaded after alteration carries compression artefacts in the altered zones inconsistent with the surrounding image
• Structural template integrity: field positions, header layout, and border geometry match known genuine templates for each issuing authority; deviations indicate fabrication or alteration
• Metadata analysis: PDF metadata, creation timestamps, and editing software identifiers reveal post-issuance manipulation

In the Air Canada case, a forensic document check at the point of hire — or at any of the 17 subsequent annual renewals — would have examined the physical document properties, not just the licence number. Register checks confirm a number is active; forensic checks confirm the document presenting that number is genuine.

Class 1 Medical Certificates

Medical certificates are issued as structured documents with defined layouts by authority. Forensic signals include:

• Error Level Analysis (ELA) identifying manipulated zones — expiry dates and restriction fields are the most common targets
• Issuing authority seal and logo pixel integrity
• Font matching against AME-issued genuine examples

Michael Fay's fraud was discovered by a colleague, not a document check. Forensic verification of his medical certificate at the point of hire would have been a systematic catch that didn't rely on a pilot noticing something was off.

Maintenance Licences and Airworthiness Certificates

EASA Part-66 licences carry authority-specific structural properties. Category and subcategory endorsements — the most fraud-relevant fields — are a primary target for pixel forensics.

Airworthiness release documents, certificates of conformance, and manufacturer certificates — the document types at the centre of the AOG Technics fraud — carry issuing organisation letterhead, layout, and reference number formats that forensic analysis cross-checks against known genuine templates. The AOG Technics director fabricated these documents on a home computer; the forgeries fooled visual inspection across multiple airlines for years, but the pixel-level inconsistencies, metadata, and structural deviations would have been detectable forensically.

Security Clearance Documents

Criminal Record Check documents issued by the UK CAA, US TSA equivalent checks, and EASA national equivalents carry specific layouts. Forensic analysis catches:

• Altered text zones where conviction records have been removed
• Date manipulation (extending clearance validity)
• Photo zone substitution on identity-bearing clearance documents

The Regulatory and Liability Context

Aviation regulators take credential fraud seriously — and increasingly expect the organisations they oversee to apply more than visual review.

EASA (European Union Aviation Safety Agency) requires approved organisations to verify the validity and authenticity of personnel licences before granting certification privileges. Visual inspection of a licence is not sufficient evidence of authenticity.

UK CAA guidance on personnel licensing notes that organisations are responsible for ensuring the credentials they accept are genuine. An organisation that places a pilot or engineer on a fraudulent licence faces regulatory action regardless of whether it was aware of the fraud.

FAA (Federal Aviation Administration) enforcement records include cases where operators were found liable for failing to adequately verify the credentials of personnel they employed, on the basis that a reasonable verification process would have detected the fraud.

GCAA (General Civil Aviation Authority, UAE) — the regulator for carriers like Etihad Airways — applies equivalent personnel licensing standards with its own verification requirements.

Transport Canada charged Air Canada's Geoffrey Wall with seven offences including uttering forged documents. The case raises the question of whether Air Canada itself faces regulatory scrutiny for the verification process that failed to detect the fraud across 17 years and 900+ flights.

The civil liability exposure is substantial. An incident traceable to an unverified credential creates direct liability for the employing organisation, the operator, and potentially the approving authority that accepted the document.

Aviation hire / onboarding trigger
              ↓
Document collection (licence, medical, security clearance, training records)
              ↓
Forensic verification API (~1 min per document)
              ↓
Regulatory register check (CAA / EASA / FAA licence database)
              ↓
Composite verdict
              ↓
Genuine → proceed to operational deployment
Suspicious → request originals, contact issuing authority directly
Likely fraudulent → decline + report to regulator + retain evidence

Where Carriers Like British Airways and Etihad Are Most Exposed

Large carriers operate at scale — hiring hundreds of pilots, thousands of cabin crew, and large ground and maintenance workforces annually. The exposure concentrates at several points:

Third-party and agency hiring: when pilots or engineers are sourced through staffing agencies or wet-lease arrangements, the verification chain may be shallower than direct-hire processes. The employing operator retains regulatory responsibility but has less control over what was verified upstream.

International recruitment: pilots and engineers recruited internationally present credentials from a wide range of issuing authorities. The India DGCA case illustrates this directly — licences issued through a compromised system, complete with fabricated exam records and flight hours, can look identical to legitimately issued credentials from the same authority.

Contract and seasonal staff: ground handling, catering, and cleaning staff with airside access are often engaged through contractors. These staff require valid security clearances. Contractor hiring processes vary significantly in verification rigour.

Maintenance supply chain: the AOG Technics case shows that the document fraud risk extends beyond personnel credentials to parts and airworthiness documentation throughout the supply chain. Any certificate of conformance or airworthiness release entering an airline's maintenance operation is a potential forgery vector.

High-volume type rating fraud: as airlines expand fleets rapidly — particularly the surge in narrow-body aircraft demand post-pandemic — type rating fraud becomes more attractive. An altered rating endorsement costs a fraudster nothing; the training it represents costs a legitimate pilot tens of thousands of pounds and months of time.

Integrating Document Forensics in Aviation HR and Compliance

The optimal integration point is at the conditional offer stage — before any operational deployment but early enough to avoid bottlenecks:

• Pilots: forensic check on licence and medical certificate at conditional offer; recheck when either document is renewed
• Maintenance engineers: forensic check on Part-66 or A&P licence, plus any additional type approval documents and airworthiness certificates in the supply chain
• Cabin crew: forensic check on training certificates and any identity documents submitted
• Ground and airside staff: forensic check on security clearance document and any supporting ID

TamperCheck supports pilot licences, maintenance engineer licences, security clearance certificates, and training records within its 100+ document types, processing via API with a verdict in approximately one minute and zero document storage — compliant with GDPR and data minimisation requirements.

FAQ

Does forensic verification replace EASA or CAA licence register checks?

No — both are necessary and serve different purposes. Register checks verify that a licence number is valid and active in the issuing authority's database. Forensic verification checks that the physical or digital document is genuine and hasn't been altered. The Air Canada case is instructive: Geoffrey Wall apparently had credentials that passed routine checks for 17 years. A forensic document check examines whether the document itself is genuine — a different question from whether the number in it is active.

Can the API handle licences from multiple issuing authorities — FAA, EASA, GCAA, DGCA?

Yes. Forensic analysis examines the document's intrinsic properties — metadata, pixel-level integrity, compression profile, structural consistency — rather than checking against a specific authority's database. It works across issuing countries and authority types, catching alterations and fabrications regardless of origin. This is particularly relevant for internationally recruited crew where the hiring team may be less familiar with the genuine templates of the issuing authority.

What should we do when the API returns a suspicious or likely fraudulent verdict?

Do not confront the candidate based solely on an automated verdict. Use the verdict to trigger enhanced review: request original documents rather than copies, contact the issuing authority directly to verify issuance for the named individual, and if fraud is confirmed, report to the relevant regulatory authority (CAA, EASA, FAA, GCAA as appropriate) and retain all evidence. In the UK, the CAA has a dedicated process for reporting fraudulent aviation credentials.

How does this work for scanned or photographed documents rather than digital originals?

The API accepts PDFs and images, including scans and phone photographs. Image resolution affects forensic depth — a high-resolution scan provides more signal than a low-quality photograph — but forensic analysis runs across all available channels in either case. For high-stakes documents like pilot licences, requesting a high-resolution scan or digital original is recommended.

Is there a specific risk with wet-lease or contracted crew where credentials come via a third party?

Yes — and it's one of the higher-risk scenarios. When crew are sourced through a wet-lease arrangement or staffing agency, the verification chain is typically shallower and the employing operator has less visibility into what was checked upstream. Regulators hold the operator responsible regardless. Running forensic checks at the point the crew member enters your operational environment — not just at initial agency onboarding — closes this gap.

Does this apply to maintenance supply chain documents, not just personnel credentials?

Yes. The AOG Technics case — 60,000+ parts sold with forged airworthiness certificates between 2019 and 2023 — shows that the document fraud risk extends to certificates of conformance, airworthiness releases, and manufacturer certificates throughout the maintenance supply chain. Forensic verification can be applied to any document entering the chain, not just personnel licences.