[notathing]

Fake IDs in EU don't really work, since anyone who really cares (banks, police, ...) will just read the info from the machine readable zone and run that against the relevant database. So EU IDs are more like a web-server session cookie, you can't just make one up.

There are online services who also provide this for a cost: https://www.idcheck.io

[hombre_fatal]

Those just analyze photos for photoshop artifacts for a CYA receipt. They don't verify that the ID info is real.

That's next to useless under identity fraud / attacks any more sophisticated than MS Paint level skills. You're severely underplaying how easy it is to fake documentation and the attacks it enables.

[tom_mellior]

I had to verify my identity for an online service a while back. They used a third party company that has a mobile phone app essentially for video conferencing; you then call this company via the app and talk to them. They ask you to show your face and move around and to show your ID, including moving it around so they can check that the security hologram (this was an EU passport) is indeed one. So for this kind of check MS Paint skills would not be enough by far.

I guess they had no way of verifying that the ID info is real, but apparently this process was trustworthy enough for their client.

[drusepth]

This sounds like something vulnerable to real-time deepfakes in the very near future.

[tom_mellior]

Maybe, but you can say that about anything that is not in-person face-to-face communication along with physically handing over the passport for inspection. I think the process was pretty rigorous for the current state of the art, and infinitely better than the normal approach of mailing around PDFs into which I have pasted a scan of my signature.