🤖 AI Summary
This work addresses the escalating risk of identity document forgery driven by generative AI, highlighting the absence of a unified evaluation benchmark encompassing realistic, multidimensional attacks—including physical presentation, digital injection, and fully synthetic generation. The study proposes the first comprehensive threat model integrating these three attack vectors and systematically traces the evolution of detection methodologies from rule-based heuristics to foundation models and few-shot learning. Through rigorous dataset auditing, multimodal model analysis, zero-shot evaluation, and forensic localization, it uncovers script-dependent generation instability (SDGI) in non-Latin scripts and reveals a pervasive reality gap in publicly available datasets from 2019 to 2025. Notably, even the strongest open-source models exhibit an APCER exceeding 25% under security-oriented conditions on unseen synthetic documents, underscoring severe limitations in cross-domain generalization.
📝 Abstract
Identity document forgery has undergone a fundamental capability shift: generative AI tools now enable high-fidelity document synthesis and field-level manipulation with minimal technical expertise, while detection methods remain constrained by benchmarks that do not reflect this threat. The resulting attack surface spans physical presentation, digital injection, and fully generative synthesis, introducing distinct forensic failure modes that require a unified threat model and evaluation framework. This survey provides, to our knowledge, the first unified treatment of Presentation Attacks, Digital Injection Attacks, and GenAI-driven synthesis within a single identity verification threat model. We trace detection methodologies from rule-based heuristics through forensic localisation, injection-aware pipelines, foundation models, and few-shot frameworks. A systematic audit of public datasets from 2019--2025 exposes a persistent Reality Gap between benchmark conditions and operational deployment. We further analyse large multimodal models for identity document manipulation, identifying Script-Dependent Generative Instability (SDGI) as a recurring typographic failure mode in non-Latin script inpainting. Finally, zero-shot benchmarking on unseen synthesised ID cards shows that even the strongest publicly available models achieve APCER values above 25% under security-oriented operating conditions, highlighting substantial limits in cross-domain generalisation. We conclude by outlining future directions toward forensically grounded, privacy-preserving, and legally accountable identity verification systems.