TEMPLATE ATTACK DETECTION

How to detect and prevent document template attacks in identity verification

Template-based document attacks are a growing threat, allowing fraudsters to deceive traditional identity checks. Knowing how to detect them is essential to staying ahead of increasingly sophisticated fraud.

Explore the solution

$23B

Deloitte estimates that synthetic identity fraud could cost U.S. institutions over $23 billion annually by 2030.

Deloitte

What is a document template attack in identity verification?

A document template attack is a form of identity fraud where criminals exploit the known layouts of official ID documents, such as passports or driver’s licenses, to create convincing digital forgeries. These forgeries mimic official design elements such as fonts, layouts, and visual security features to fool automated identity verification systems into accepting the fake documents as legitimate.

Mitek's illustration of template attack dangers

Why template attacks are dangerous

With the help of AI-powered tools, fraudsters can now generate highly accurate document templates at minimal cost. Once a template-based attack proves effective, it is quickly adopted by organized crime groups and scaled across multiple institutions and regions—exploiting the same document structure repeatedly until detection systems adapt.

These attacks go beyond merely creating a fake ID, serving as a launchpad for more complex identity fraud schemes. Template-based forgeries are frequently used to facilitate:

Synthetic identities that combine real and fake information
New account fraud to gain access to credit, payments, or services
Money laundering through accounts opened with manipulated credentials

Explore the FAQs

THE MITEK SOLUTION

How does Mitek template attack detection work?

Mitek’s template attack detection adds a critical layer of protection during identity verification and onboarding. When customers submit identity documents like passports or driver’s licenses, the system analyzes the velocity and frequency of submissions — checking for repeated use of the same facial images (portraits or selfies) and similar document background images across tenant-specific galleries.

Automated processes store document images and compare new submissions against prior transactions over a defined time. For this purpose, the system generates one-way image hashes — alphanumeric representations of the images that cannot be reversed to recreate the original images. By analyzing these hashes for similarities, the system can detect attempts to reuse or slightly modify ID templates. The velocity threshold is user-controlled to align to the organization’s risk tolerance.

Captured selfies can also be compared against a client-controlled gallery of known fraudsters, helping to identify and block synthetic identities and organized fraud attempts.

Graphic illustration for Mitek template attack detection

Face velocity checks

Identify recurrence of the same facial image over a specified time.

Gallery review

Compare selfies against as secure gallery of known fraudsters using facial biometrics.

Ring attack background checks

Detect repeated backgrounds (e.g., same lighting, environment) that suggest coordinated fraud.

The advantages of Mitek template attack detection

Learn how Mitek can help you deploy modern Identity Verification with a multi-layered solution for detecting and preventing advanced fraud.

Flag and respond to organized digital fraud faster by identifying recurring patterns from known fraud actors.

Run rapid 1:N searches against a gallery of biometric data in Mitek’s secure cloud, without storing full images.

Quickly flag and investigate forgeries using Mitek’s forensic fraud expertise.

Identify synthetic identities that combine real data, such as addresses or social security numbers, with realistic document templates.

Explore Mitek’s Verified Identity Platform

“Fraudsters don’t rest. They’re constantly evolving, which means we need to stay agile and adaptable. This isn’t a future threat, it’s happening right now. We’ve adopted Mitek’s fraud detection solution because of the clear benefits it brings in tackling these types of emerging fraud.”

LLOYDS BANKING GROUP

Mitek is trusted by over 7,000 organizations worldwide

Trusted by millions globally, our enterprise-grade solutions are relied on by some of the world’s leading enterprises, offering peace of mind for both the company and their customers.

Learn more about fighting template attack detection

In addition to detecting template attacks, Mitek’s Digital Fraud Defender also identifies deepfakes and injection attacks. It integrates seamlessly with Mitek’s identity verification solutions, combining document checks, face biometrics, and liveness for comprehensive fraud detection and prevention.

Explore Digital Fraud Defender

FREQUENTLY ASKED QUESTIONS

Why are template attacks dangerous?

Template attacks are scalable, low-cost, and often used by organized crime groups. Once successful, a single attack can quickly be replicated across multiple businesses or institutions, enabling synthetic identity fraud, credit abuse, and even money laundering.

How does Mitek detect template attacks?

Mitek’s template attack detection is part of the Digital Fraud Defender suite. It uses automated technology to:

Check for repeated facial images over time (face velocity)
Compare new selfies against a gallery of known fraudsters (gallery review)
Spot repeated backgrounds in ID documents (ring attack checks)

How are new identity documents compared to galleries?

These checks rely on one-way image hashes, which are secure, non-reversible representations of prior document submissions.

What is a face velocity check?

Face velocity checks detect how often the same or similar face image appears in document submissions over a customer-defined time period, an indicator of organized crime ring fraud.

How does a face gallery check work?

The gallery review matches submitted selfies against a curated database of known fraudsters’ facial biometric data, allowing for rapid 1:N comparisons while maintaining privacy.

What are ring attack background checks?

This technique identifies recurring document backgrounds, such as the same room or lighting setup, which can suggest repeated or coordinated fraud attempts.

Can clients customize the fraud detection settings?

Yes. Mitek allows clients to set custom thresholds for how often images must reappear before triggering an alert, providing flexibility based on your use case or risk tolerance.

How does template attack detection help prevent synthetic identity fraud?

Template attack detection helps identify forged documents that combine real and fake information. These documents are often used by fraudsters to build synthetic identities and open fraudulent accounts. Mitek’s technology detects these tampered templates early, stopping synthetic identity fraud before it can affect financial institutions or their customers.

What happens when a potential template attack is detected?

Clients have the flexibility to customize thresholds, alerts, and actions. Mitek’s forensically trained agents review suspect matches to confirm whether they’re forgeries. Confirmed attacks can be flagged and added to the known fraud gallery to help prevent future incidents.