This glossary defines 40 of the most important terms in document verification and authenticity — the concepts behind proving a document is genuine, who issued it, and that it has not been altered. Whether you are issuing documents, verifying them, or just trying to make sense of the field, these are the words you will meet, grouped into five themes: authenticity and verification, trust and provenance, cryptography and technical, electronic signatures, and fraud, identity and cross-border.
Each definition is self-contained, so you can jump to any term.
Authenticity & verification
1. Document verification — The process of confirming that a document is genuine, was issued by the party it claims to come from, and has not been altered. Verification can be done by inspecting the document, by checking it against an issuer or registry, or, most reliably, by confirming it at source.
2. Issuer-side verification, or verify-at-source — An approach in which the organisation that issues a document builds in a way for anyone to confirm its authenticity directly, rather than leaving recipients to detect fakes. Examples include government registries and QR-backed proof pages.
3. Recipient-side verification — The opposite approach, where the receiver of a document tries to determine whether it is genuine, through forensic inspection, detection software, or contacting the issuer. It is an arms race against increasingly convincing forgeries.
4. Verifiable document — A document that any recipient can confirm is authentic and unaltered, typically because the issuer attached a verification mechanism, such as a QR-backed Certificate of Authenticity, at the point of issue.
5. Certificate of Authenticity (CoA) — A record, attached to a document, confirming that a specific issuer produced it and that it is genuine. In digital form, a CoA is often paired with a QR code and a hosted proof page so it can be verified instantly.
6. Proof page — A live, hosted web page that a verifier reaches, often by scanning a QR code, to confirm a document is authentic, who issued it, and that it has not been changed since issuance.
7. Document integrity — The property of a document being complete and unaltered since it was issued. A loss of integrity means something — a figure, a name, a date — has been changed, whether accidentally or fraudulently.
8. Tamper-evidence — A characteristic that makes any alteration to a document detectable. Unlike tamper-proof, which implies a document cannot be changed, tamper-evidence means a change can always be spotted, which is what verification systems rely on.
Trust & provenance
9. Authentication — Confirming that something, whether a document, a signature, or a person's identity, is genuine and is what or who it claims to be. In document terms, authentication answers: is this real and from whom it says?
10. Provenance — The documented origin and history of a document: who created it, when, and what has happened to it since. Strong provenance makes a document easier to trust and harder to fake.
11. Audit trail — A chronological record of the actions taken on a document — issuing, signing, accessing, verifying — with timestamps and attribution. Audit trails are central to proving who did what and when, especially in disputes.
12. Chain of custody — An unbroken, documented record of who has held or handled a document, or piece of evidence, from creation to use. It supports both integrity and admissibility.
13. Non-repudiation — Assurance that a person cannot credibly deny having signed or sent a document. It depends on reliably linking the action to the individual, usually through attribution and an audit trail.
14. Trusted timestamp — A record, issued by a reliable source, proving that a document or signature existed at a specific point in time. Timestamps help establish sequence and prevent backdating.
15. Metadata — Data about a document rather than its visible content — author, creation date, software used, edit history. Metadata is often examined to detect tampering, for example a PDF edited after its stated date.
16. Verifiable credential — Under the W3C standard, a tamper-evident digital credential whose issuer and contents can be cryptographically verified. It uses an issuer-holder-verifier model and underpins modern digital identity and credentialing.
Cryptography & technical
17. Cryptographic hash — A one-way mathematical function that turns any input into a fixed-length string, a digest. Because any change to the input produces a completely different hash, hashes are a core tool for detecting tampering.
18. Digital fingerprint, or checksum — A short, unique value derived from a document's contents, often via a hash, that acts as its fingerprint. If the document changes, the fingerprint no longer matches, revealing the alteration.
19. Cryptographic binding — Linking a document's contents to a verification record, such as a Certificate of Authenticity or signature, using cryptography, so the two cannot be separated or altered without detection.
20. Public Key Infrastructure (PKI) — The framework of cryptographic keys, digital certificates, and certificate authorities that underpins secure digital identity, encryption, and digital signatures.
21. Digital certificate — An electronic credential, issued by a certificate authority, that binds an identity to a public key. Digital certificates underpin digital signatures and the higher tiers of electronic signature.
22. QR code — A scannable two-dimensional barcode. On a document, a QR code typically links to a proof page so a recipient can verify authenticity in seconds with a phone camera.
23. Electronic seal, or e-seal — Under frameworks like eIDAS, a mark applied by an organisation, a legal person, to confirm the origin and integrity of a document — the corporate counterpart to an individual's electronic signature.
24. Digital signature — A specific cryptographic technique, using PKI, that binds a signer's identity to a document and detects any later change. A digital signature is a method; an electronic signature is the broader legal concept, defined below.
Electronic signatures
25. Electronic signature, or e-signature — Any electronic indication of a person's intention to agree to or authenticate a document, from a typed name to a cryptographic signature. E-signatures are legally binding in most countries for the majority of documents.
26. Simple Electronic Signature (SES) — The most basic tier: a typed name, an email footer, or an I accept tick box. Legally valid in many cases, but offering the least built-in proof of identity.
27. Advanced Electronic Signature (AES) — A higher tier, defined under eIDAS, that is uniquely linked to the signatory, capable of identifying them, under their sole control, and able to detect any subsequent change to the signed data.
28. Qualified Electronic Signature (QES) — The highest eIDAS tier: an AES backed by a qualified certificate from a qualified trust service provider. A QES carries the same legal effect as a handwritten signature across the EU.
29. eIDAS — The EU regulation (910/2014) governing electronic identification and trust services, defining the SES, AES, and QES tiers. The UK retained a version known as UK eIDAS after Brexit.
30. ESIGN Act — The US Electronic Signatures in Global and National Commerce Act (2000), which establishes that a record or signature cannot be denied legal effect simply because it is electronic. It works alongside UETA.
31. UETA — The US Uniform Electronic Transactions Act (1999), a model law adopted by 49 states that provides the state-level framework recognising electronic signatures and records.
32. Trust Service Provider (TSP or QTSP) — An entity that provides electronic trust services such as certificates, timestamps, and seals. A Qualified TSP (QTSP) is accredited to issue the qualified certificates required for a QES under eIDAS.
Fraud, identity & cross-border
33. Document fraud — The creation, alteration, or use of a false document to deceive — for example, a forged certificate, a doctored bank statement, or a fake ID. See our document fraud statistics for current data.
34. Forgery — The act of producing a fake document or signature, or altering a genuine one, with intent to deceive. Forgery is a criminal offence in most jurisdictions.
35. Deepfake — Synthetic media — image, video, or audio — generated or manipulated by AI to convincingly imitate a real person or document. Deepfakes are a fast-growing driver of document and identity fraud.
36. Synthetic identity — A fabricated identity that combines real and fake information, for example a genuine ID number with an invented name, to pass verification checks. A common tool in layered fraud and money laundering.
37. Credential fraud, and the diploma mill — The use of fake or unearned qualifications. A diploma mill, or degree mill, is a bogus institution that sells official-looking but worthless degrees and certificates.
38. KYC, or Know Your Customer — The regulated process by which businesses, especially financial institutions, verify a customer's identity and assess risk. KYC is recipient-side verification of people, distinct from issuing verifiable documents.
39. Identity verification (IDV) — Confirming that a person is who they claim to be, using documents, biometrics, or database checks. Increasingly digital and at-source, as seen in eVisa and Companies House identity-verification regimes.
40. Legalisation and Apostille — Processes that authenticate a public document for use abroad. An Apostille is a single certificate recognised between countries party to the Hague Apostille Convention; legalisation is the longer authentication-and-embassy process used for non-member countries.
From definitions to verifiable documents
Most of these terms describe one shift: trust moving from the paper to the proof. VerifyDoc.ai puts that into practice — issuing documents with a QR-backed Certificate of Authenticity and a proof page, so anyone can confirm a document is genuine, who issued it, and that it has not been altered. Start free or see how it works.
Related reading: Document fraud statistics 2026 and Is an electronic signature legally binding? Country-by-country.
This glossary is for general information and educational use. Legal terms such as e-signature tiers and Apostille carry specific meanings that vary by jurisdiction; consult a qualified professional for advice on your circumstances.
