Why fake certificates hurt everyone
Hiring managers see polished PDFs with logos that mean nothing. Learners who earned credentials suffer when fraud saturates the market. Online academies including Toolliyo partners need verification employers can complete in thirty seconds without calling a helpdesk. This article walks system design from MVP lookup page to tamper-resistant issuance—not hype about NFT diplomas.
What employers actually need
- Confirm learner name, course, completion date, and issuing organization.
- See if credential was revoked (plagiarism, chargeback fraud).
- Trust the link is official, not a phishing clone.
Phone verification does not scale. Blockchain alone does not solve trust if nobody checks the chain.
Core data model
Certificate {
certificateId: UUID (public, non-guessable or signed token)
userId, courseId, issuedAt, expiresAt?, revokedAt?
gradeSummary?, credentialUrl
pdfHashSha256
issuerKeyId
}Generate certificateId at issuance; never sequential integers attackers can scrape. Store PDF hash to detect tampered files re-uploaded to job portals.
Public verification flow
URL pattern: https://academy.example/verify/{certificateId} or QR encoding same path. Page shows name, course, dates, status badge Valid/Revoked/Expired. Rate-limit lookups to prevent enumeration. CAPTCHA only if abuse appears.
QR on PDF certificates
Embed QR linking to verify URL. Print at vector resolution for credentials students screenshot. Test scan from phone cameras in bright and low light.
API for HR systems
REST endpoint GET /api/v1/certificates/{id} returns JSON with HMAC signature header employers can validate if they integrate. API keys for bulk recruiters; anonymous single lookup for humans. Log verification events for analytics—not for selling personal data without consent.
Tamper resistance without blockchain
Signed PDFs (optional PAdES) or detached JSON Web Signatures on certificate metadata prove issuer origin. Rotate signing keys annually; publish JWKS endpoint. For most LMS teams, HTTPS verify page plus immutable audit log beats distributed ledger complexity.
When blockchain helps: consortium of universities sharing revocation registry. Cost and UX rarely justify it for single SaaS academy.
Issuance workflow integration
Trigger issuance when course completion criteria met: all modules, proctored exam pass, project rubric approved. Manual override by admin with reason code. Delay twenty-four hours if chargeback window active on payment—reduces fraudulent completion after card fraud.
Revocation and reissue
Revoke with public reason category (conduct, error, name change). Reissue new ID when learner legally changes name; link old ID as superseded internally, do not expose chain to public unless required. Email learner when verification page status changes.
Fraud patterns to block
- Template shops selling fake PDFs — watermark subtle patterns, unique typography per cohort.
- Scraping valid IDs from social posts — rate limits, optional employer login for detail view.
- Insider admin abuse — dual approval for manual certificates, audit trails.
Privacy and GDPR
Public page shows minimum necessary—maybe first name last initial option. Full name on authenticated employer view. Right to erasure complicates verification; anonymize record while retaining hash tombstone that credential is no longer valid.
White-label for Toolliyo-style platforms
Multi-tenant LMS: verification domain per academy verify.clientbrand.com, shared engine, isolated data. Custom branding on verify page increases trust versus generic SaaS subdomain.
AI-generated coursework caveat
If learners used AI against policy, revocation must be possible and reflected in verification API. Policy link on verify page clarifies what completion means academically.
Implementation roadmap
- Sprint 1: UUID certificates + public verify page + revoke admin action.
- Sprint 2: QR PDF generation + email with verify link.
- Sprint 3: Signed API responses + employer analytics dashboard.
Communicate value to students
Teach graduates to add verify link on LinkedIn Licenses section. Employers save background check cost; students differentiate from PDF-only bootcamp scams.
Certificate verification is trust infrastructure. Build lookup that works on mobile, revoke honestly, sign metadata if budget allows, skip blockchain theater unless partners demand it. Academies that prove credentials win placements; those that only email PDFs fade when recruiters get burned once.