A $40 Fake ID Shouldn't Cost a Credit Union $35,000

In my conversations with credit union leaders, the tension is almost always the same: they know fake IDs are a real and growing problem, but they're reluctant to add friction to the member experience to address it. Nobody wants a loyal member of 15 years to feel like a suspect at the teller window.

A recent incident at a Navy Federal Credit Union branch in Virginia Beach, Virginia puts that tension in concrete terms. A fraudster presented a fraudulent North Carolina driver's license, used it to obtain a debit card in a victim's name, withdrew $10,800 in cash directly from a teller, and then wired another $24,750 to an outside account. Total loss: over $35,000. What's notable about this incident is not how sophisticated it was – it's how straightforward it was. A single fake ID. A single branch interaction. A very large check written against another person's life.

This is not an edge case. It is a pattern.

Our 2026 Intellicheck North America Identity Verification Threat Report analyzed nearly 100 million anonymized identity verification transactions from 2025, covering roughly half of the adult population in the United States and Canada. One finding that bears directly on this incident: retail banks see approximately 1.7% of identity verification used an invalid ID. A successful fraudster can monetize a single fake or synthetic identity multiple times, stealing tens of thousands of dollars before detection. When you're processing membership applications and branch transactions at scale, 1.7% is not a rounding error. It is a steady stream of exposure.

Why the teller was never going to catch this

I want to address something directly, because I think the instinct when incidents like this surface is to ask what the branch staff could have done differently. That framing misplaces accountability in a way I find both unfair and strategically counterproductive.

A teller is trained to serve members. They can compare a face to a photograph and assess whether a license conforms to the state’s general format. What they cannot do – and this is a technology limitation, not a training one – is detect a high-quality counterfeit driver's license through visual inspection. A sophisticated fake ID can be produced for roughly $40, and it will look and feel exactly like a genuine document. Studies consistently show that even trained law enforcement officers, professionals whose specific job involves document authentication, fail to detect the best counterfeits at rates approaching chance. Expecting frontline branch staff to outperform law enforcement on this problem is not a reasonable standard.

What happened in Virginia Beach is the entirely predictable outcome of a verification process that was designed before today's threat environment existed.

Standard barcode scanning doesn't close the gap

Many institutions have moved to scanning the barcode on the back of driver's licenses and believe they have meaningfully improved their security posture. In most cases, they have shifted the vulnerability rather than eliminated it.

The 2D barcode standard used on North American driver's licenses is publicly documented. The American Association of Motor Vehicle Administrators (AAMVA) specification is accessible to anyone. That means anyone can generate a scannable barcode that reads correctly and displays data matching whatever is printed on the front of a fake ID. A standard scanner tells you what the barcode says. It cannot tell you whether that barcode was legitimately produced by the issuing DMV. A counterfeit ID with a properly templated barcode will pass a standard scan every time because the scan reads surface data rather than verifying it’s an authentic DMV barcode.

Barcode scanning is a more consistent version of the visual check. It is not identity verification.

What works – and why

For more than 25 years, Intellicheck has served as the official testing laboratory for the AAMVA Driver's License/ID Card Verification Program. This relationship has provided us with something no other identity verification company possesses: a unique understanding of the hidden, jurisdiction-specific security that each state and provincial DMV embeds in its IDs – data that is not published, not accessible to fraudsters, and cannot be replicated because it never left the DMV’s systems.

When an ID is scanned with Intellicheck, the system conducts a forensic analysis of that hidden authoritative information and cross-validates it against our continuously updated proprietary database, which covers every issuing authority across all 50 states, U.S. territories, and Canadian provinces and territories. A fraudster can replicate a hologram. They can produce a convincing polycarbonate card. They can generate a standard-compliant barcode. They cannot replicate data they have never had access to.

The fake North Carolina ID used in Virginia Beach would have failed that analysis.

What's at stake for credit unions specifically

The $35,000 figure in this story is significant, but it represents only the beginning of what an incident like this actually costs a credit union. A PYMNTS Intelligence report found that 42% of scam victims consider switching financial institutions after a fraud event, and 19% have already done so. For a credit union – a member-owned institution where relationships routinely span 17 years or more – that is not merely a financial risk. It is a threat to the institutional promise.

Credit unions exist because members trust them with something personal: their financial lives. When a fraudster exploits a gap in verification to drain a member's account, the institution absorbs not just the dollar loss but the erosion of that trust. And unlike a data breach, which can feel abstract and distant, a teller-window fraud event is immediate, personal, and very hard to explain away.

Intellicheck Desktop was built for exactly this scenario

Intellicheck Desktop installs on an existing Windows PC connected to a document or image scanner – no proprietary hardware, no IT overhaul, no operational downtime. When a member presents a driver's license at the teller window, the system reads the authoritative DMV-issued barcode data, cross-validates it against our proprietary database, and delivers a clear result in milliseconds: verified or flagged. If an ID fails, tellers receive an explanation, giving them the confidence to escalate consistently. Every transaction is logged centrally, providing compliance teams with a complete audit trail across all teller windows and branch locations.

Critically, the member experience is unaffected. The verification happens faster than it takes a teller to open an account screen. There is no awkward pause, no secondary inspection, no moment that signals to a legitimate member that something is wrong. The process that protects them is, from their perspective, invisible.

The problem this addresses is not theoretical. Cases like Virginia Beach happen regularly. A teller shouldn't have to be the last line of defense against a $40 fake ID. With the right verification infrastructure in place, they don't have to be.

‍