The rise of sophisticated generative AI has fundamentally broken traditional document verification. What was once a routine procedural check – visually inspecting receipts and boarding passes has become a critical financial and compliance vulnerability. AI can now create flawless forgeries, rendering the historical “eyeball test” obsolete.
Illustrating the Problem
To illustrate the scope of this challenge, consider a hypothetical scenario focused on corporate travel:
An individual returns from a legitimate business trip. As an experiment, they submit an expense claim using a convincingly fabricated AI-generated boarding pass instead of the real one. The fake document is meticulously crafted with correct airline branding, plausible formatting, and realistic-looking barcodes, including:
- Correct airline branding and fonts
- Valid-looking ticket numbers
- Accurate gate information
- Realistic barcodes
- Proper date formatting
This experiment is not conducted to commit fraud, but to test the resilience of standard verification processes. The result is often a cause for concern: the claim, supported by the fabricated document, is frequently approved without question. This outcome demonstrates that manual checks, which typically verify the presence and basic appearance of a document, are no longer sufficient to guarantee its authenticity.
This scenario underscores a critical shift. Organizations can no longer rely on the document itself as proof. The integrity of processes for expense reimbursement, audit trails, and compliance reporting is now at risk unless new verification methods are adopted.
The Scope of the Problem
Boarding passes are just one example. AI can now generate flawless:
- Restaurant receipts
- Hotel invoices
- Taxi receipts
- Rental car agreements
- Any expense document imaginable
The barrier to expense fraud has effectively dropped to zero. My fake boarding pass was accepted as proof of travel without a single question. The age-old system of trusting submitted documents is officially broken.
A Practical Solution: Digital Wallet Files
Organizations face a spectrum of verification options, from basic document checks to expensive advanced systems. But there’s a practical middle ground that significantly improves security without excessive overhead: requiring digital boarding pass files instead of screenshots or photos.
This approach is increasingly feasible as digital boarding passes have become the norm rather than the exception. Most airlines now default to mobile boarding passes, with travelers routinely saving them to Apple Wallet or Google Wallet. What once would have been a burdensome request is now simply asking employees to submit what they’re already using.
Why Digital Wallet Files Work
Modern digital boarding passes come in secure wallet formats (.pkpass for Apple Wallet, equivalent formats for Android). These files provide built-in security advantages:
Cryptographic signatures: Airlines digitally sign wallet files using platform-issued certificates. Any modification breaks the signature, making tampering immediately detectable.
Automatic verification: Wallet apps validate signatures when loading passes—no manual checking needed for basic authenticity.
Dynamic updates: Files with embedded webServiceURLs stay current with real-time changes like gate assignments, creating an audit trail back to the airline.
Cross-platform support: Both iOS and Android ecosystems support digitally signed wallet passes from major airlines.
The Paper Boarding Pass Problem
Traditional paper boarding passes remain highly vulnerable. Their barcodes and QR codes lack cryptographic protection, making them trivially easy to generate with AI tools. A realistic-looking barcode can be created in seconds, and standard scanners cannot distinguish between legitimate airline-issued codes and AI-generated fakes.
Verification Tools for Both Platforms
Official barcode scanning apps can verify boarding passes and wallet files on both platforms:
For iOS:
- “Pass Scanner and Verifier for Apple Wallet (Passbook)” – Scans barcodes and verifies digital signatures
For Android:
- “Boarding Pass Scanner” – Scans and validates boarding pass details
- “Passcreator Smart Scan” – Supports instant wallet pass validation with signature verification
These apps extract and verify key information while detecting tampering through signature validation. Some airlines also provide proprietary apps with built-in verification capabilities.
Simple Workflow for Admin Staff
- Request that travelers email or submit boarding passes as digital wallet files (not screenshots, PDFs, or photos)
- Use verification apps to scan and validate the file’s digital signature
- Optionally cross-check flight details against booking records
- Retain the verified wallet file as tamper-evident proof of travel
This approach delivers cryptographic protection against forgery while keeping submission simple for employees and verification manageable for admin staff – no expensive backend integrations required.
Beyond the Basics: Layered Verification
For organizations requiring stronger controls, implement verification layers:
The Triangulation Method (Moderate Cost)
Build a fuller evidence trail by correlating multiple data points:
Financial correlation: Cross-reference the boarding pass with credit card statements showing the airline charge. A fake pass won’t have a corresponding legitimate transaction.
Destination evidence: Verify with hotel receipts, local taxi receipts, and meal receipts proving physical presence at the destination.
Metadata validation: For digital submissions, leverage metadata where possible. Photos of receipts taken with smartphones may contain location data that corroborates the travel narrative.
While any single document could be faked, creating a complete and logically consistent set of documents for an entire trip is significantly more difficult and far more likely to be detected.
Booking platform verification: When feasible, make corporate travel systems the authoritative source. Verify against booking records rather than submitted documents.
Advanced Options (Higher Cost)
AI forensic detection: Specialized software analyzes pixel inconsistencies, metadata anomalies, and lighting patterns to flag AI-generated documents.
Direct airline API verification: Query airline databases through GDS systems (Amadeus, Sabre) or FlightAware to confirm flights occurred, eliminating document dependency entirely.
The Core Principle
Faking one document with AI is trivial. Creating a consistent, verifiable narrative across multiple independent systems – digitally signed wallet files, matching booking records, corporate card transactions, and destination receipts – is exponentially harder and significantly more likely to expose fraud.
The Broader Risk
This vulnerability extends far beyond expense fraud. AI-generated fake documents threaten:
- Insurance claims with fabricated damage photos
- HR verification with fake diplomas and certifications
- Vendor validation with counterfeit business licenses
- Legal proceedings with manufactured evidence
- Compliance audits with artificial documentation
Any process relying on “submit a document for review” is now vulnerable. Organizations must adapt their verification procedures to match the sophistication of modern document forgery tools.