Onboarding checks alone won’t protect you from document fraud. You need ongoing monitoring too, and most companies don’t have it.
Here’s the uncomfortable truth: fraudsters have figured out that the hardest part of their job is getting through the front door. Once they pass your initial KYC checks (or take over an account that already did), they operate in a trusted environment with almost no scrutiny. And criminals know this.
The numbers back this up. Account takeover fraud hit $2.9 billion in losses in 2024, according to the Javelin 2025 Identity Fraud Study and TransUnion reports that ATO volume surged 141% between 2021 and 2025. That gap between onboarding and the next time anyone looks at a customer’s documents? That’s where fraudsters live.
At VerifyPDF, we see this constantly. Companies pour money into onboarding verification, then never look at those documents again. I want to explain why that approach is broken and what you can do about it.
The one-and-done illusion most compliance teams live with
The traditional KYC model works like a nightclub bouncer: check the ID at the door, let the person in, forget about them. It made sense when customer relationships changed slowly and fraud was less creative.
That world is gone. Documents submitted during onboarding go stale. A payslip from six months ago doesn’t reflect a customer who just lost their job. A bank statement from January doesn’t show the suspicious transactions that started in March. A proof of address verified at signup doesn’t account for someone who moved, or never lived there in the first place.
Companies like iProov and Fourthline have been making this case publicly: single-point identity checks are dangerously insufficient. iProov’s 2025 Threat Intelligence Report found that face swap deepfake attacks rose 300% year over year, with over 120 different tools now available to attackers.
If fraudsters can beat biometric checks, the supposed gold standard, what chance does a six-month-old document have?
How fraudsters exploit the gap after onboarding
The playbook is surprisingly simple. A fraudster (or a legitimate customer turned fraudster) passes your initial checks with real documents or good fakes. Then they wait. A few weeks, sometimes months. Once the account is established and trusted, they make their move.
Here’s what that looks like:
-
Account takeover: Someone gains access to a verified account and changes the details. New phone number, new email, new beneficiary. The original onboarding documents are still “valid” in your system, but the person using the account is someone else entirely. According to Security.org research, 29% of US adults experienced an account takeover in 2024. That’s not a niche problem.
-
First-party fraud: The customer is who they claim to be, but their circumstances changed or they’re lying about them. They submitted real bank statements at onboarding, but those statements no longer reflect reality. This category is growing fast because these people already passed KYC. We’ve written about the different types of fraud, including first-party fraud in more detail.
-
Document decay: The documents in your system are technically authentic but practically useless. A business verified with last year’s financials may have since gone insolvent. A tenant screened with a genuine payslip may have lost their job three months later.
None of these would be caught by even the best onboarding process. You need a second look. And a third.
What ongoing document monitoring actually looks like
Ongoing monitoring doesn’t mean re-running the entire onboarding process every month. That would be expensive, slow and annoying for customers. It means applying the right scrutiny at the right moments.
Periodic re-verification means requesting updated documents (bank statements, payslips, proof of address) at intervals matched to the customer’s risk profile. A high-value mortgage account might warrant quarterly checks. A standard retail banking customer might only need them annually or when something specific triggers a review.
Trigger-based reviews kick in when something changes: a large transaction, a new beneficiary, an address change or adverse media about the customer. Instead of waiting for the next scheduled review, the system automatically requests fresh documents.
Regulatory pressure is building too. The EU’s AMLD6 (Directive EU 2024/1640), which member states must transpose by July 2027, explicitly requires continuous monitoring of business relationships, not just point-in-time checks at onboarding. If you only verify documents once, you’re not compliant. Simple as that.
In our experience, companies that implement even basic periodic re-verification catch fraud that would otherwise go undetected for months or years. Those fake bank statements that passed initial scrutiny? Much harder to sustain over multiple re-checks.
As we covered in the rising threat of fake bank statements, fraudsters count on the fact that nobody will ask for the same document twice.
Onboarding and monitoring aren’t competing strategies
This isn’t either/or. Strong onboarding checks and ongoing document monitoring serve different purposes, and you need both.
Onboarding catches the obvious stuff: synthetic identities, stolen documents, blatant forgeries. It’s your first line of defense, filtering out fraud attempts before they become customers. If you’re still relying on ID verification alone without automated document checks, close that gap first.
Ongoing monitoring catches what develops later: changed circumstances, account takeovers, first-party fraud, document decay. It’s the safety net for what slipped through or what went wrong after the customer was already in your system.
Think of it this way: onboarding answers “is this person who they claim to be right now?” Ongoing monitoring answers “is this still true?”
How often do you actually re-verify the documents in your system? If the answer is “never” or “only when something goes obviously wrong,” you have a blind spot. Fraudsters are already exploiting it.
How to build periodic re-verification into your workflow
The challenge isn’t whether to do ongoing monitoring. It’s how to do it without burying your compliance team in manual work. An API-driven approach makes the difference.
-
Segment customers by risk. High-value accounts, PEPs, customers in high-risk jurisdictions and accounts with unusual transaction patterns get re-verified more frequently. Standard accounts follow a lighter schedule.
-
Set re-verification triggers. Beyond scheduled intervals, define events that automatically request fresh documents: transactions above a threshold, changes to account details, adverse media alerts or a risk score crossing a defined level.
-
Automate the document checks. This is where we come in. Our API processes re-verification requests in under 5 seconds, the same document forensics applied at onboarding, now running on a schedule. Your system sends us the updated documents, we flag anything suspicious, your team only gets involved when something needs human review.
-
Keep an audit trail. Regulators don’t just want to know you verified documents at onboarding. They want to see that you monitored the relationship over time. Automated re-verification creates a compliance record that manual spot-checks never could.
This scales. Whether you’re re-checking 50 high-value accounts quarterly or running annual reviews across your entire customer base, the process is the same and your compliance team’s workload barely changes.
The fraud you don’t catch at onboarding will catch up with you
Onboarding verification and ongoing monitoring are two halves of the same problem. One without the other leaves you exposed, at the front door or inside the house.
The companies that stay ahead of fraud (and regulators) are building continuous verification into their workflows now. Before AMLD6 makes it mandatory. Before the next account takeover costs them millions.
If your document verification stops at onboarding, fix that. Try VerifyPDF’s API and see how periodic re-verification closes the gap fraudsters are counting on.