New Zealand has launched a trust framework for digital identity, a crucial step towards the country's digital transformation.
ISO fraud: transparency and compliance for building trust
Certification audits are tools for improvement granted by highly prestigious organizations, and yet many companies have no qualms about forging them.
Rigorous processes to build consumer trust
I
n corporate circles, ISO certifications are a badge of honor, meant to symbolize a guarantee of quality, environmental responsibility, or expertise in cybersecurity. The International Organization for Standardization (ISO) has meticulously crafted these certifications to make them a global benchmark of excellence. However, beneath the shine of this industry lies a troubling truth.
Many technology companies display manipulated or outright false ISO certifications, using them as tools to gain a competitive edge, attract investments, or deceptively influence consumers to trust in their products and services. The tactics to possess a strong but fictitious core of certifications are directly reflected in the quality of their digital onboarding or video identification solutions. By not meeting certain standards, Know Your Customer (KYC) and Anti-Money Laundering (AML) protocols are weakened. Our specialists will be happy to advise you on the best strategies to strengthen your KYC.
The path to obtaining a legitimate ISO certification is not exactly quick and easy: it demands solid dedication and a rigorous process. That’s why, in many cases, deceptive or fraudulent texts are used to achieve goals in the quickest way possible.
China: the ISO 9001 charade that undermines compliance
In 2018, a comprehensive study1 revealed that Chinese companies were falsifying the ISO 9001 quality certification. The report, authored by Iñaki Heras-Saizarbitoriam from the University of the Basque Country (UPV), in collaboration with the Université Laval in Quebec, serves as a paradigmatic example of certain practices that contaminate business activity on a large scale.
The ISO 9001 standard at the center of this case sets requirements for an effective quality management system in organizations. Its aim is to enhance the quality of products and services, achieve operational efficiency, manage risks, and promote continuous improvement and stricter compliance. For providers of user authentication solutions or video banking, aligning with such standards is essential.
The study concludes that fake ISO 9001 quality certificates are widespread in Chinese companies, and the certification procedures conducted by auditors lack credibility. Heras and his team denounced that a high percentage of the analyzed Chinese products and services did not meet the necessary specifications to be worthy of ISO 9001 and pointed out various manipulation methods:
- Direct creation in Photoshop.
- Fraudulent acquisition of the official certificate, claiming to follow specific procedures, when in fact they are not, solely to pass the external audit.
- Purchase of the official certificate without any system or process involved.
- Acquisition of the certificate from a non-certified organization.
Additionally, the report also emphasized that this is a problem that permeates many other countries. In some territories, such as Pakistan or Russia, the situation is particularly serious.
Shared responsibility against fraud
Unscrupulous companies, corrupt auditors, and a lack of public awareness perpetuate the fraud, which has profound consequences. It undermines trust in the entire certification system, devalues genuinely earned ISO certifications, and misleads consumers who rely on these seals of approval to make critical decisions about products and services. Their financial well-being and, in some cases, their safety, hang from a thread.
At times, we come across company websites, especially in the technology sector, that do not directly include false seals but manipulate information to mislead visitors and claim virtues they do not possess or possess only partially. By not consistently meeting all requirements or by only activating part of a standard, there is a possibility that the consumer will experience a false sense of support.
Some companies choose to obtain certifications in ISO standards that are not directly related to their core activity, diverting attention from essential aspects of their operation.
We also encounter another problem when companies decide to misuse the ISO (or other organization) standard logo, confusing customers and undermining their reputation by presenting a deceptive image of regulatory compliance. This tactic is often accompanied by texts explaining that the relevant procedures are being carried out or that similar audits have been passed, of lesser value perhaps.
The response to this issue lies in the adoption of strict measures to prevent and punish the falsification of certifications. Institutions that grant these accreditations must implement rigorous verification procedures and sanction those who violate their integrity. Transparency and communication are key to exposing deceptive practices and protecting consumers.
Defending transparency to provide the best onboarding services
TrustCloud has established a robust set of certifications that support and validate its outstanding track record as a responsible and reliable technology company. These certifications cover a variety of crucial areas, from organizational resilience (ISO 22316) to presentation attack detection (ISO 30107) and information security management (ISO 27001), to the robustness of its biometrics, digital identification, VideoID, or electronic signature solutions (ETSI 119 461, CFR 21 part 11, etc.). Through these certificates, TrustCloud demonstrates its constant commitment to the highest standards of quality and security in all its departments and operational stages.
Best practices in cybersecurity and the protection of sensitive data are at the core of every decision, which is why TrustCloud seeks to exceed not only ISO but also NIST, eIDAS, or LINCE guidelines. Furthermore, its commitment to privacy and individual freedom aligns with the principles of the Nuremberg Code.
This repertoire of certifications is not static. TrustCloud continuously strives to stay updated with the latest trends in electronic identification or onboarding processes, as well as in security standards, ensuring the most demanding lines of action in terms of sustainability, innovation, transparency, and technological humanism.
Learn more about the most certified platform worldwide.
Certifications should be a symbol of authentic progress, not a method to mask deficiencies. When used correctly, audits can be the compass that guides companies towards greater efficiency, security, and quality at all levels.
1 Faking ISO 9001 in China: an exploratory study | Iñaki Heras Saizarbitoria, Olivier Boiral. 2018.