Why Your Chinese Supplier's ISO Certificate Might Be Fake

Certification fraud is one of the most common and least detectable forms of supplier misrepresentation. A certificate that looks entirely legitimate can belong to a different company, have expired years ago, cover a different product scope, or have been fabricated from scratch. Here is how it works and what genuine verification actually requires.

Certifications are intended to provide independent assurance of quality and compliance. When they are fraudulent, they do the opposite — creating false confidence at the point it matters most.

When a supplier presents ISO 9001, CE marking, or any other quality certification, most buyers treat it as independent assurance that the supplier meets a recognised standard. In practice, the certification a supplier presents may have nothing to do with their actual compliance, and the document itself provides no reliable way to tell the difference.

The four types of certification fraud

Expired certificates presented as current

ISO certifications carry a defined validity period, typically three years, after which they must be renewed. A supplier whose certification lapsed two years ago still has the document. It still has the right logos and the right format. The only thing that reveals its invalidity is the expiry date and a confirmation with the issuing body. A buyer who accepts a scanned PDF without verifying current status has no way of knowing.

Certificates issued to a different legal entity

ISO and other certifications are issued to a specific legal entity under its exact registered company name. A trading company presenting a manufacturing facility's certification is presenting documentation that does not apply to the business you are transacting with. This form of misrepresentation is particularly difficult to detect because the certificate itself is genuine. It simply belongs to someone else.

The scope problem. ISO 9001 certifications cover a defined scope of activities. A certificate issued for office furniture manufacturing does not cover electronic component production, even if both happen under the same roof. A supplier presenting a certification that covers a different product category from the one you are ordering is presenting a document that is simultaneously genuine and irrelevant.

Fabricated certificates

Some suppliers present certifications created from scratch using templates and real accreditation body logos. These documents are professionally produced and indistinguishable from genuine certificates by appearance alone. They are detectable only through direct verification with the named certification body. A certificate number that does not appear in the issuing body's records is fabricated, regardless of how convincing the document looks.

Certificates for facilities other than the one producing your order

Some suppliers operate multiple facilities or source from third-party factories. The certification they present may be genuine and currently valid but issued for a facility that is not the one that will actually produce your order. If production is subcontracted to an uncertified facility, the quality assurance framework the certificate represents does not apply to your goods.

A document review establishes that a certificate exists. Verification establishes that it is current, genuine, and applies to the specific entity and activities relevant to your order.

What genuine certification verification involves

Accepting a copy of a certificate does not constitute verification. Verification requires going to the issuing body rather than the supplier.

Contact the certification body named on the certificate directly, not through any contact details provided by the supplier
Confirm that the certificate number exists in their records and is currently active
Confirm that the named certificate holder matches the exact legal entity you are transacting with
Confirm that the certified scope covers the specific products or activities relevant to your order
For CE marking, check the relevant EU declaration of conformity database or contact the notified body

Why it matters beyond the certificate itself

The consequences of relying on fraudulent or inapplicable certifications extend beyond the supplier relationship. If your products require CE marking for sale in the UK or EU market, and those products were manufactured by a supplier whose CE declaration does not legitimately apply to them, the goods themselves are non-compliant. They cannot legally be placed on the market. They may be seized at customs, recalled from retailers, or trigger liability exposure that far exceeds the value of the original order.

A certificate that looks legitimate tells you only that someone produced a convincing document. Verification tells you whether it means anything.

The standard buyer practice of requesting a certificate and accepting the scanned copy provided by the supplier provides no meaningful assurance. Genuine verification is not significantly more time-consuming. What it requires is knowing that the step exists and that accepting the document without it is not the same thing as confirming compliance.

ALIX Solutions verifies certifications directly against issuing bodies as part of every supplier background report, cross-referencing the named certificate holder against the supplier's registered legal entity and confirming current validity and scope. Reports are delivered within 48 hours.