Learn

Verifying certificates of insurance

A certificate of insurance is a one-page document that gets contractors onto job sites, vendors into contracts, and tenants into commercial leases. It's also one of the most casually accepted documents in business, which is exactly why fabricated and altered COIs keep surfacing in claims disputes, when it's too late. The uncomfortable truth about a COI is printed on the form itself: it's issued for information only and confers no rights. Verifying one means checking the document, then checking the coverage, and they're different jobs.

Checking the document

Most COIs are generated on the standard ACORD 25 form by an agent's management system. A genuine one carries that system's fingerprint, a creation date matching the issue date, and no consumer-editor traces. The common fakes are recycled, last year's real certificate with the dates pushed forward, or edited, real certificate, inflated limits, added endorsements. Both leave the usual marks: editor or converter fingerprints, modification after creation, or update layers on a document that should have been generated once and sent.

Watch the dates especially. A COI created months before its stated issue date is a recycled certificate. One created the night before mobilization, by a PDF editor rather than an agency system, deserves a phone call before anyone steps on site.

Checking the coverage

The document being genuine doesn't mean the policy is in force. Coverage lapses, limits change, and endorsements get dropped. The only verification that counts is confirmation from the issuing agent or carrier, at a number you found independently, that the policy number on the certificate is active with the stated limits and endorsements. For ongoing relationships, require certificates at renewal and confirm additional-insured endorsements in policy language, not just a checkbox on the certificate.

FAQ

Who fakes COIs?

Most commonly, small contractors caught between a job that requires coverage and a premium they didn't pay. The work is usually an edit of a certificate they once legitimately held, which is why date and edit-history checks catch so many.

Is a COI from a broker's email trustworthy?

Direct delivery from the issuing agency is much stronger than hand delivery by the insured, and a certificate holder can request exactly that. It still doesn't replace confirming the policy is active.

What should a flagged COI trigger?

A call to the issuing agent before access or payment, nothing more dramatic. Genuine certificates confirm in one call. The contractor whose certificate can't be confirmed has answered your question.