The authentication of security-related documents, including banknotes, identity cards, passports, and other sensitive materials, plays a vital role in combating fraud and ensuring confidence in financial and identification systems [1, 2].

The increasing prevalence of counterfeiting techniques underscores the necessity for the development of robust, reliable, and accessible methods for the authentication of these documents [10, 11]. For instance, smartphones are emerging as powerful verification tools due to their widespread availability and advanced capabilities, including high-resolution cameras [3, 4].

In recent years, such tools have increasingly utilised machine learning techniques, in particular convolutional neural networks (CNNs), to improve the accuracy and reliability of authentication processes [5, 6]. For example, Ghanmi et al. use a CNN to detect the alteration of identity documents by training the network on both genuine and altered images [5]. In addition, numerous solutions have been developed to detect counterfeit banknotes [6, 7, 8]. However, these systems remain vulnerable to adversarial examples, that can deceive the model into incorrectly identifying forged documents as authentic [9, 14]. Here, it is not even necessary to have comprehensive knowledge of the underlying models [12, 13, 14].

This vulnerability poses a major challenge to the trustworthiness and reliability of authentication systems highlighting the need for further research into robust and secure verification methods. The paper first provides an overview of the multiple CNN-based approaches to authenticate security documents. Furthermore, it shows in which security-relevant areas CNNs are already being deployed and which adversarial attacks can be exploited to falsify the authentication procedures.

Subsequently, to illustrate these challenges, a practical case study is conducted. A CNN model is trained to distinguish between genuine and counterfeit banknotes with high accuracy. After successful training, the model is subjected to an adversarial attack designed to induce misclassification of counterfeit banknotes as genuine. This experiment highlights the inherent vulnerabilities of CNN-based authentication systems and underscores the importance of developing more robust models, particularly in high-stakes applications like document verification.