In today’s world, technology is becoming increasingly advanced, and with its development, criminal methods are evolving. One area gaining popularity in criminal circles is document forgery. The reliability of verification procedures and the authenticity of identity documents form the foundation of the operations of many companies and institutions. However, as fraudsters use more sophisticated techniques, businesses must constantly improve their security systems.
Who was deceived?
One of our clients, a foreign company specializing in short-term car rentals, fell victim to this fraud. The company had a fleet of cars of various brands, most of which were manufactured in recent years, making them new and valuable. Therefore, the company always verified customers renting cars based on their personal identification documents. This process ensured that vehicles went into the hands of reliable and trustworthy users, which helped maintain high service standards and protect the company’s assets. Until now, the procedures implemented by the company were sufficient and ensured continuous operation without major complications.
Vehicles rented permanently
The company faced a serious problem with the theft of several cars within a short period. Three different individuals rented cars, not at the same time, but over overlapping periods. The return of the vehicles was scheduled for three consecutive days. All three individuals signed the necessary documents on different days and presented their driving licenses, not only for viewing but also for scanning. The cars they chose were produced in 2023, but they differed in brands.
Nothing aroused suspicion until the scheduled return dates. Unfortunately, none of the described individuals returned the vehicles on time. Additionally, there was no way to contact them. The company then began to analyze these cases. At this stage, it was already known that the cars had been stolen. The documentation showed that all individuals presented Polish identity documents when renting, so the company decided to contact us for help in obtaining any information about these individuals in Poland.
Following the trail of the missing cars
The main goal of the company was, of course, to find the stolen cars, but to move to that stage, it was necessary to gather basic information about the people who rented them. The first step was to verify the names and birth dates provided in the documents. However, at this stage, our check revealed that no such individuals existed in Poland. This was the first warning sign, but we decided to continue the investigation, analyzing every available piece of information in the hope that it would help us move the case forward.
The names and surnames of these individuals were quite unusual, providing opportunities for other checks. We searched for their PESEL numbers, but again the trail indicated that such individuals simply did not exist.
In the next step, we checked the provided email addresses and phone numbers given as contact information during the car rentals. The emails did not yield any new information – OSINT methods showed no social media accounts or services associated with them. It appeared that these email addresses were created solely for the rental purpose. The phone numbers had a similar story – no related services were found, significantly narrowing the search field. One of the numbers was found to be assigned to a temporary phone number service. Therefore, we considered this data to be ‘burned’ – any internet user could use this phone number, and it was not associated with any individual information.
Despite all three men providing foreign addresses in the rental agreement, we decided to check these details to get a fuller picture of the situation. All three given addresses were of various restaurants. Nothing indicated that these could be residential addresses, which only confirmed our suspicions of using false information.
A “nearly” authentic document
When all the information provided by the men during the rental had been thoroughly verified and yielded no valuable leads, we moved to the analysis of the scans of the presented identity documents. Attempts to identify these individuals based on the photos from the driving licenses brought no results. So, we focused on a detailed analysis of the documents themselves.
At first glance, the documents looked authentic. We checked every element that could indicate a discrepancy with the original Polish driver’s license pattern. For a long time, nothing aroused our suspicions until we began verifying the element called the Multiple Laser Image (MLI).
The MLI is an advanced security feature that, in the original document, shows two overlapping images, one of which is the document’s expiration date. In original driver’s licenses, this date is written continuously. However, in the scan we received, this date was written with dots separating the numbers. This detail, though small, was crucial and ultimately confirmed our suspicions – the document was fake.
After discovering this discrepancy, our investigation took on a new dimension. We already knew we were dealing with a well-organized fraud attempt using false documents. Thanks to additional information provided by the client, we established that all three individuals used the same credit card when renting the cars. This discovery was an important piece of the puzzle, suggesting we were dealing with an organized group.
Reporting the findings
At this stage, with all the data the client had checked, we presented our findings to the client and informed them that unfortunately, they had data on individuals who physically did not exist. The only way forward in this case was to focus on strictly searching for the stolen cars or identifying the individuals based on their appearance, due to the lack of any other real data about these individuals.
In light of this incident, the company faced a new challenge related to the growing risk of identity document forgeries and fraud. This compels a rethinking and strengthening of verification procedures to protect their assets from similar incidents in the future. Through this experience, the company can take preventive measures, such as more rigorous identity verification of clients and strict document control, to minimize the risk of losses and threats to the business.
Author: Patrycja Kruczkowska
*Client data has been anonymised prior to publication.
Explore other articles on our blog: