UNESCO just priced fake degrees at US$22 billion. The technology to stop them already exist.

Accredify Logo Cropped

Accredify

UNESCO priced fake degrees at US$22 billion — a forged paper certificate beside a cryptographically verified digital credential

Last week, UNESCO put a price on the fake-degree industry. Speaking at a webinar on 8 July, Noah Sobe, UNESCO’s chief of section for higher education, described a business now worth US$22 billion, and pointed to the organisation’s Global Convention on Higher Education, now ratified by more than 40 states, as a vehicle for international cooperation against it.

If you work in a registrar’s office or a qualifications authority, “international cooperation” is a phrase that can sound like a decade of summits before anything changes on your desk. That reading is too pessimistic. For credential verification, a large part of the cooperation has already been negotiated, written down, and published. It exists as open technical standards that any institution or government can adopt today. The gap is adoption, not agreement.

Why detection keeps losing

The experts on UNESCO’s panel described the problem honestly. Norway’s qualification recognition agency assesses roughly 20,000 foreign credentials a year, and its representative acknowledged that verifying each one directly with the issuing institution is impossible at that volume. So verifiers do what verifiers everywhere do: they combine document analysis, fraud-detection specialists, databases, and judgement, and they accept that some forgeries will get through.

AI has tilted this contest further. A convincing forged transcript now costs almost nothing to produce, while a careful manual check still costs a trained evaluator’s time. Every improvement in detection is answered, cheaply, by an improvement in forgery.

The deeper weakness sits a layer down. A forged certificate competes on equal terms with a legitimate one because, in most of the world, the legitimate one carries no way to prove itself. Both are a PDF or a piece of paper. Both depend on a human judging whether they look right. When institutions issue credentials that verify themselves cryptographically, that contest changes shape: a forger is no longer trying to fool an evaluator’s eye, but to defeat the mathematics of a digital signature. Fraud at a US$22 billion scale is an issuance problem wearing a detection costume.

The cooperation already exists as standards

Here is what has already been agreed, by open consensus, across borders:

W3C Verifiable Credentials 2.0 became a full W3C Recommendation in May 2025. It is the same standards body and process that gave the world HTML. The specification defines how any issuer, anywhere, can sign a credential so that any verifier, anywhere, can check it in seconds without contacting the issuer.

OpenAttestation, the open-source framework developed by the Singapore government, has carried this idea in production for years. Singapore’s HealthCerts, which Accredify built during the pandemic, let border authorities around the world verify millions of test results and vaccination records issued under it. OpenCerts does the same for academic certificates from Singapore’s institutions, and ACRA now issues verifiable business profiles on the same principles. OpenCerts has since aligned with the W3C VC 2.0 data model, which is exactly how open standards are meant to converge. Note: OpenAttestation is currently being deprecated and will be replaced by TrustVC.

Open Badges 3.0 brings skills-based and micro-credentials into the same verifiable family.

The practical meaning is easy to miss: a diploma issued on these standards in Singapore can be verified by an employer in Riyadh or a university in Toronto with no bilateral agreement, no verification fee, and no email to the registrar. The treaty is the spec.

What standards will not fix

It would be overclaiming to present open standards as the whole answer, and the UNESCO panellists were right to say so. Joanne Duklas of the Groningen Declaration Network noted that tackling fraud requires professional judgement, clear policies, and trusted institutional relationships alongside any technology, and that no country can solve this independently.

Two limits are worth naming. First, a cryptographic signature proves who issued a credential and that it has not been altered. It does not prove the issuer deserves to be trusted. A diploma mill can sign its certificates too, which is why accreditation registries and instruments like UNESCO’s convention still matter: they answer the question the signature cannot. Second, institutions sit at very different stages of digital readiness, and a standard only cooperates on behalf of those who implement it. An institution that receives a handful of verification requests a year may reasonably decide this is not yet its most urgent project. The case is strongest where volumes are high and stakes are international.

Three questions for registrars

If the US$22 billion headline prompted any internal discussion at your institution this week, these three questions will take it further than a review of your fraud-detection procedures.

  1. 1 Can anyone verify a credential you issued without emailing your office? If every background check routes through your staff, your verification capacity is your headcount, and the queue is the fraudster’s friend. Self-verifying credentials remove your office from the critical path.
  2. 2 If you already issue digital credentials, are they on open standards? A credential locked to one vendor’s platform verifies only as long as that vendor exists and only for verifiers who use it. Ask whether your credentials would still verify if you changed providers, and whether an employer abroad who has never heard of your vendor can check them.
  3. 3 Will it still verify in thirty years? Alumni present credentials for decades. Institutions merge, systems are replaced, staff move on. Verification that depends on your office being reachable, or on a proprietary platform being maintained, ages badly. Verification anchored in open standards does not.

Issue credentials that verify themselves

The US$22 billion is a demand-side number, and demand for shortcuts to qualifications will not shrink because institutions check documents harder. What institutions control is the supply side of trust: whether the credentials they issue can prove themselves. The cooperation UNESCO is calling for does not need to wait for a treaty. The spec is published, the tooling is open source, and institutions across Southeast Asia and the Middle East are already issuing on it.

Sources: Times Higher Education (8 July 2026) · Inside Higher Ed (10 July 2026) · W3C press release (May 2025) · OpenAttestation · OpenCerts documentation

What Can We Do For You Today?

Whether you are looking to transform your business, have questions about our solution, or curious to explore new use cases with verifiable information, we are always happy to chat!