Who do I contact to report a fake ISO certificate in Australia?

In Australia, the primary body to contact is JAS-ANZ, which is the national accreditation body responsible for overseeing ISO certification bodies operating in Australia and New Zealand. If the certificate names a specific certification body, contact that body directly as well. For fraud involving misleading conduct in commerce, you can also lodge a complaint with the Australian Competition and Consumer Commission under the Australian Consumer Law.

What evidence do I need to report a fraudulent ISO certificate?

You should gather a copy of the certificate in question, any documentation showing how and where it was presented to you, screenshots of any online claims made by the company, and the results of your verification search showing that the certificate does not match the certification body's public register. The more complete your evidence, the faster the investigation can proceed.

Can a company be prosecuted for using a fake ISO certificate?

Yes, depending on the circumstances. Using a fraudulent certificate to win contracts or to mislead clients can constitute fraud, misrepresentation, or misleading and deceptive conduct under consumer protection legislation. In the context of government procurement, it may also constitute a criminal offence under procurement fraud provisions. The severity of consequences depends on the jurisdiction, the nature of the fraud, and the losses caused.

What is the difference between a fraudulent certificate and an unaccredited one?

A fraudulent certificate is one that has been forged, altered, or issued under false pretences. An unaccredited certificate is one that was genuinely issued by a certification body, but that body has no recognised accreditation from a national accreditation body such as JAS-ANZ or UKAS. Both are problematic, but for different reasons. Unaccredited certificates are generally not accepted by serious clients or government agencies, even if the company holding one believes it is legitimately certified.

Will I be told the outcome of my fraud report?

This varies by organisation. Accreditation bodies and certification bodies typically acknowledge receipt of complaints and provide some feedback on the outcome, but they may not share all details of their investigation, particularly if it involves confidential information about the company under investigation. You can follow up with the body you reported to if you have not received an update within a reasonable timeframe, which is generally four to six weeks for an initial response.

How do I know if a certification body is legitimate before I accept a certificate from a supplier?

Check whether the certification body is listed on the JAS-ANZ register if you are in Australia, or on the relevant national accreditation body register for the country in question. You can also check the IAF's list of accreditation bodies that are party to the Multilateral Recognition Arrangement. If the certification body does not appear in any of these registers, treat the certificate with significant caution and investigate further before relying on it.

How to Report a Fraudulent ISO Certificate

Why Fraudulent ISO Certificates Are a Bigger Problem Than You Think

ISO certificate fraud is not a rare edge case. It happens across industries, in every country, and it costs businesses real money. A supplier wins a government contract by showing a fake ISO 9001 certificate. A subcontractor passes a pre-qualification check with a certificate that expired two years ago. A manufacturer claims ISO 13485 certification to sell medical devices, when no audit has ever taken place. These are not hypothetical scenarios. They happen regularly, and in most cases, the fraud goes undetected until something goes wrong.

On this page

If you have discovered a fraudulent ISO certificate, or strongly suspect one, you are probably wondering what you can actually do about it. Who do you report it to? What evidence do you need? Will anything actually happen? This article answers those questions directly, with a step-by-step approach you can follow regardless of whether you are in Australia, the UK, or anywhere else.

Before we get into the reporting process, it is worth understanding how to spot fake ISO certificates in the first place, because the evidence you gather at that stage will be critical when you make a formal report.

Understanding the ISO Certification Chain Before You Report

To report fraud effectively, you need to understand how legitimate ISO certification actually works. ISO itself does not issue certificates. The International Organisation for Standardisation writes the standards, but it has no role in certifying individual companies. Certification is carried out by certification bodies, which are independent organisations that conduct audits and issue certificates when a company meets the requirements of a given standard.

Those certification bodies are supposed to be accredited by a national accreditation body. In Australia, that body is JAS-ANZ. In the UK it is UKAS. In the United States it is ANAB. Accreditation bodies are members of international forums such as the IAF, which maintains mutual recognition agreements so that certificates issued in one country are accepted in others.

This structure matters because it tells you exactly where to direct a fraud report. There are three possible targets depending on what type of fraud you are dealing with.

Type 1: A Certificate Issued by a Real Certification Body Has Been Altered or Forged

This is the most common type of fraud. A real company holds a certificate, but someone has changed the scope, the expiry date, or the name on it. Or a completely different company is using someone else's legitimate certificate as their own. In this case, you report to the certification body that supposedly issued the certificate.

Type 2: The Certificate Was Issued by a Fake or Unaccredited Certification Body

Some organisations operate as certification bodies but have no legitimate accreditation. They charge a fee, conduct a cursory review or nothing at all, and issue a certificate that looks official. The certificate is technically real in the sense that it was issued, but the issuing body has no standing. In this case, you report to the national accreditation body in the country where the certification body is registered, as well as to the IAF if the body claims international recognition it does not have.

Type 3: A Company Claims Certification With No Certificate at All

Some companies simply state on their website, in tenders, or in marketing materials that they are ISO certified when they have never been through any audit process. This is outright misrepresentation. In this case, you report to the accreditation body, but you may also have grounds for a complaint to a trade regulator or consumer protection authority.

Get 3 ISO Quotes. 24 Hours Response

Tell us what you need and compare vetted ISO consultants or certification bodies within 24 hours. Free, no obligation.

Trusted by 400+ businesses like yours

Step-by-Step: How to Report a Fraudulent ISO Certificate

Step 1: Verify the Certificate First

Before you make any report, confirm that the certificate is actually fraudulent. Most accredited certification bodies maintain a public register of current certificates. You can search by company name, certificate number, or both. If the certificate does not appear in the register, that is a strong indicator of fraud. If it appears but the details do not match what you were given, that is evidence of alteration.

The process for verifying an ISO certificate online is straightforward for most major certification bodies, and it takes less than five minutes. Do this first. It gives you a clear foundation for your complaint and prevents you from making an accusation based on a misunderstanding.

Step 2: Gather and Preserve Your Evidence

Once you have confirmed the fraud, gather everything you can before taking any action that might alert the party involved. This includes the certificate itself in its original format, any email or document in which the certificate was presented to you, screenshots of the company's website if they are displaying the certificate or making certification claims, and the results of your verification search showing the discrepancy.

If the certificate was submitted as part of a tender or contract process, retain copies of all those documents too. The more complete your evidence, the more seriously your complaint will be taken and the faster the investigation can proceed.

Step 3: Report to the Certification Body

If the certificate names a real certification body, contact that body directly. Most major certification bodies have a dedicated fraud or complaints contact. Look for a section on their website labelled something like “certificate verification”, “complaints”, or “report misuse”. Send them the certificate, your evidence of the discrepancy, and a clear description of where and how the certificate was presented to you.

The certification body has a direct interest in investigating this. Their brand and accreditation status are at stake. Reputable bodies take these reports seriously and will typically respond within a few business days to acknowledge receipt and advise next steps.

Step 4: Report to the National Accreditation Body

In parallel with your report to the certification body, or as your primary contact if the certification body itself appears to be fraudulent, report to the national accreditation body. In Australia, that is JAS-ANZ. They oversee the conduct of accredited certification bodies and have the authority to investigate complaints, suspend accreditation, and withdraw accreditation entirely if fraud is confirmed.

JAS-ANZ maintains a complaints and feedback process on its website. Your report should include the name of the certification body, the certificate details, and your evidence. If the certification body in question is not accredited by JAS-ANZ, they can still advise you on which body has jurisdiction and where else to direct your complaint.

Step 5: Report to the IAF If International Accreditation Is Being Misrepresented

If a certification body is falsely claiming IAF membership or claiming that its certificates are internationally recognised under the IAF Multilateral Recognition Arrangement when they are not, you can report this to the International Accreditation Forum directly. The IAF maintains a public list of its members and the accreditation bodies that are party to the MLA. If a body claims IAF recognition that it does not hold, that is a serious misrepresentation and the IAF will investigate.

Step 6: Consider Reporting to a Trade or Consumer Regulator

If the fraudulent certificate was used to win a contract, pass a procurement requirement, or mislead a customer, there may be grounds for a complaint to a trade or consumer protection regulator. In Australia, the Australian Competition and Consumer Commission handles misleading and deceptive conduct under the Australian Consumer Law. Falsely claiming ISO certification to win business could constitute exactly that.

If the fraud occurred in the context of a government tender, the relevant government procurement authority should also be notified. Many government agencies require ISO certification as a condition of contract, and fraudulent claims in that context may constitute a criminal offence under procurement fraud provisions.

Step 7: Notify the Party Who Relied on the Certificate

If you discovered the fraud because a supplier or subcontractor presented you with a fraudulent certificate, you obviously already know about it. But if you discovered it through other means, such as a random verification check on a competitor or a company you are considering engaging, consider whether there are other parties who are currently relying on that certificate and who need to know.

This is particularly important in supply chain contexts. If a manufacturer is using a fraudulent ISO 13485 certificate to supply medical devices, there may be downstream customers who believe they are buying from a certified supplier when they are not. Alerting them is the right thing to do and in some regulated industries it may be a legal obligation.

What Happens After You Report

The outcome of a fraud report depends on the type of fraud and the bodies involved. Here is what you can generally expect.

Reports to Certification Bodies

If you report to an accredited certification body that one of its certificates has been forged or misused, they will typically investigate quickly. They have a direct reputational interest in resolving it. If the fraud is confirmed, they will issue a public notice that the certificate is invalid, they may pursue legal action against the party misusing it, and they will notify the accreditation body. In some cases, particularly where a company has altered a certificate it legitimately holds, the certification body may suspend or withdraw the certificate and raise a formal nonconformity.

Reports to Accreditation Bodies

Accreditation body investigations take longer but carry more authority. If JAS-ANZ investigates and finds that a certification body has been issuing certificates without proper audits, or that a body has been operating without accreditation, the consequences can include suspension of accreditation, withdrawal of accreditation, and public notification. These outcomes are significant. They mean that all certificates issued by that body may be called into question, which affects every company that holds one.

Criminal and Civil Outcomes

In serious cases, particularly where fraud was used to win contracts or to supply regulated products, criminal charges are possible. Civil litigation by affected parties is also a realistic outcome. If your business suffered a loss because you relied on a fraudulent certificate, you may have a cause of action against the party that presented it. Document everything carefully and seek legal advice if this is the case.

Protecting Your Business From Certificate Fraud in the Future

Reporting fraud is important, but prevention is better. There are some practical steps you can take to reduce the risk of being misled by a fraudulent certificate in the future.

Verify every certificate before you rely on it. Never accept a certificate at face value. Check it against the certification body's public register. This takes minutes and costs nothing.
Check that the certification body is accredited. Confirm that the body that issued the certificate is accredited by a recognised national accreditation body. In Australia, check the JAS-ANZ register. For international suppliers, check the relevant IAF member body.
Check the scope matches your requirements. A certificate for one site does not cover another. A certificate for one product category does not cover a different one. Make sure the scope on the certificate actually covers the work you are engaging the company to do.
Build verification into your procurement process. Make certificate verification a standard step in supplier onboarding, not something you do once and forget. Certificates expire and can be suspended at any time.
Know the red flags. Certificates with no certificate number, certificates issued by bodies with no web presence, certificates with unusually wide scope for a small company, and certificates that cannot be found in any public register are all warning signs worth investigating.

Our article on how to confirm an ISO certification is legitimate before you rely on it goes into more detail on each of these checks and is worth reading if you are building a supplier verification process.

A Note on Cheap and Unaccredited Certification

Not every problematic certificate is the result of deliberate fraud. Some businesses genuinely do not understand the difference between accredited and unaccredited certification. They pay a low-cost provider, receive a certificate, and believe they are legitimately certified. They present that certificate to clients in good faith, not realising it carries no real standing.

This is still a problem, and clients who rely on those certificates are still being misled, even if unintentionally. If you suspect a company holds an unaccredited certificate rather than a deliberately fraudulent one, it is still worth raising with the accreditation body and with the company directly. In many cases, companies in this situation are not aware of the issue and will take steps to obtain proper accredited certification once it is pointed out.

Our article on why cheap ISO certification is bad for your business explains how unaccredited certificates are created and why they are not accepted by serious clients or government agencies.

Summary: Who to Contact and When

To make this as practical as possible, here is a quick reference for where to direct your report depending on the type of fraud you have identified.

Certificate forged or altered: Report to the certification body named on the certificate, then to the national accreditation body.
Certificate used by the wrong company: Report to the certification body named on the certificate.
Certificate issued by an unaccredited body: Report to the national accreditation body in the country where the issuing body is registered. In Australia, that is JAS-ANZ.
Company claiming certification with no certificate: Report to the national accreditation body and consider a complaint to the ACCC or relevant trade regulator.
Fraud in a government tender: Report to the procurement authority as well as the accreditation body.
Body falsely claiming IAF recognition: Report to the IAF directly.

If you are unsure which category applies to your situation, start with the national accreditation body. They will direct you to the right place.

How CertBetter Can Help

At CertBetter, we only connect businesses with certification bodies and consultants that are verified and accredited. Every provider on our platform has been vetted, which means you are not going to end up with a certificate that fails a client verification check six months later. If you are looking to get properly certified, or if you have concerns about your current certification arrangement, submit a single form and receive up to three competing quotes from vetted providers. The service is completely free for businesses seeking certification.