In most regulated trades — gas engineering, electrical work, structural inspection, asbestos removal — a contractor must hold a valid licence or certification before they can legally operate. That credential is the primary control that protects the public, the principal contractor, and the project from unqualified work.
The problem: credentials are documents. And documents can be fabricated or altered.
A fraudulent gas engineer presenting a fake Gas Safe registration number, or a subcontractor submitting an altered electrical competency certificate, bypasses the control entirely. The licence check passes. Work begins. The safety risk and legal liability are real; the credential was not.
The Credential Fraud Landscape in Trades and Construction
Contractor credential fraud takes several forms across the trades:
Fabricated Licences — entirely generated documents that were never issued by a legitimate body. A Gas Safe registration card that carries a plausible-looking registration number that doesn't exist in the scheme's records, or an electrical competency certificate from a scheme with the wrong formatting.
Altered Genuine Credentials — a real credential belonging to another contractor (or a lapsed credential) altered to show the presenting contractor's name, photo, or registration number. Font substitution, pixel-level editing, and metadata forensics catch these reliably.
Lapsed Credentials Presented as Current — a credential that was genuine at one point but has since expired or been revoked. A forensically genuine document presenting fraudulently current status.
Credential Sharing — a genuine credential belonging to a qualified contractor presented by someone else. This is a document misuse case rather than fabrication, but it creates the same liability.
Why Standard Credential Checks Miss Document Fraud
The standard approach to contractor credential verification involves:
- Asking the contractor to present their licence or certificate
- Visually inspecting it
- Optionally calling the issuing body to verify
Visual inspection catches only obvious forgeries. Phone verification with issuing bodies is slow, inconsistent, and only catches entirely fabricated registration numbers — it doesn't catch a genuine registration number presented on a forged card belonging to a different person.
Neither approach runs forensic analysis of the document itself.
What Forensic Analysis Catches
Structural Verification
Each trade certification body issues documents with consistent structural properties: specific fonts, layout templates, colour profiles, and security features. Forensic analysis compares submitted documents against known genuine templates:
- Font metrics: the character spacing, weight, and family used on genuine Gas Safe cards differs from the template used by desktop publishing tools commonly used for forgeries
- Layout geometry: field positioning, margin widths, and element sizing on genuine credentials follow precise specifications that forgeries frequently approximate rather than replicate exactly
- Colour space: genuine printed certificates have specific colour profile signatures; digitally fabricated documents differ measurably
Metadata Forensics
PDF certificates and digital images carry metadata that reveals their origin. A certificate generated by the issuing body's official system carries different creation metadata than one generated in Adobe Acrobat or an online PDF editor.
Key metadata signals:
- PDF creator application and version
- Creation and modification timestamps
- Author fields
- Embedded font tables and image compression parameters
A Gas Safe certificate generated in Canva carries Canva's metadata signature. A genuine one does not.
Pixel-Level Analysis
For image-based credentials (photographed cards, scanned certificates), pixel forensics identifies:
- Cloning artefacts: areas where content has been copied from elsewhere in the image (common when replacing a name or registration number)
- Compression discontinuities: re-saved image regions at different JPEG quality settings, visible at the pixel level as boundary artefacts
- Error level analysis: regions of a document that have been re-rendered at different compression settings than the surrounding content
AI-generated credentials — produced using generative image models — carry generation model signatures in pixel noise patterns and spatial frequency distributions that distinguish them from photographs of genuine printed documents. Detection rates for AI-generated credentials are high with current forensic models.
Integrating Credential Verification in Construction Onboarding
The verification workflow fits naturally into subcontractor onboarding:
Subcontractor submits credentials during onboarding
↓
Forensic document verification API (per credential, ~3s)
↓
Scheme verification (registration number cross-check)
↓
Verdict: genuine / suspicious / likely fraudulent
↓
Genuine → proceed to engagement
Suspicious → enhanced review, request original
Likely fraudulent → decline + flag
This runs at upload rather than at the point of site access — catching fraudulent credentials before the contractor is engaged, not after.
Document Types Covered
Trade and construction credential verification covers:
- Gas Safe registration cards and certificates
- NICEIC, NAPIT, and ELECSA electrical competency certificates
- CSCS (Construction Skills Certification Scheme) cards
- Asbestos removal licences (HSE-issued)
- Scaffolding licences and height safety certifications
- Plant operator licences (CPCS cards)
- Structural engineer PII certificates
TamperCheck covers all of these within its 100+ supported document types, returning forensic verdicts in under 3 seconds per document.
Verify contractor credentials forensically before work begins
Catch fake trade licences and compliance certificates at onboarding. $5 free, no storage.
Start free →The Liability Question
When a principal contractor engages a subcontractor based on fraudulent credentials:
- Health and safety liability attaches to the principal if the unqualified subcontractor's work causes an incident
- Regulatory penalty applies if the principal is found to have engaged an unlicensed contractor in a regulated trade
- Insurance void risk: many project insurance policies exclude claims arising from work by unlicensed contractors
Forensic credential verification is a practical control against all three exposure types. The cost of a credential check is measured in cents; the cost of an incident involving an unqualified contractor is not.
FAQ
- Does forensic verification replace scheme registration checks?
No — they're complementary. Scheme checks (calling Gas Safe, checking the NICEIC register) verify that a registration number is valid and active. Forensic verification checks that the document presenting that number hasn't been altered or fabricated. You need both: a valid registration number on a forged card still represents credential fraud.
- How does this work for contractors from other countries?
Many EU trade qualifications are mutually recognised across member states, and the UK recognises several equivalent qualifications. Forensic analysis works regardless of the issuing country — it analyses the document's intrinsic properties rather than checking against a UK-specific registry.
- What about CSCS cards — are they commonly forged?
Yes. CSCS cards are one of the more commonly forged construction credentials because they're required for site access across most major projects and are checked visually by site security rather than by qualified assessors. The card's chip (where present) can be verified electronically, but many checks remain visual.
- Can I verify credentials in bulk for large subcontractor panels?
Yes — the API supports batch processing. For large subcontractor onboarding exercises, documents can be submitted in bulk with results returned asynchronously, enabling high-volume credential screening without per-document manual review.