Digital credentials are only as valuable as the trust behind them. A badge or certificate that cannot be verified is, functionally, a piece of clip art. Now that millions of badges are issued annually, credential verification has become an important skill for HR professionals, hiring managers, academic admissions officers, and anyone else who evaluates qualifications.
This guide explains how digital credential verification works and walks through a step-by-step process. You will learn how to spot red flags that suggest a fraudulent or invalid credential, and which tools and methods to use depending on the credential type.
Verification answers three fundamental questions:
A paper certificate requires a phone call or email to the issuing institution to answer these questions. A properly issued digital credential answers them instantly through cryptographic metadata or a live database query. This is the core value proposition of digital over paper: verification at scale, in seconds, at zero marginal cost.
Open Badges are the most widely used verifiable digital credential format. They contain embedded JSON-LD metadata that links to the issuer's hosted assertion record. Verification involves extracting this metadata and querying the issuer's server to confirm the assertion is live and unrevoked.
Some platforms anchor credential hashes to a blockchain (typically Ethereum or Hyperledger) to create a tamper-evident, decentralized record. Verification involves computing the hash of the credential document and checking that it matches the on-chain record. These are typically found in emerging W3C Verifiable Credentials (VC) implementations.
PDF or image certificates with embedded QR codes that link to a hosted verification page. The issuing platform stores a database record of each certificate, and the QR code is a unique identifier pointing to that record. Verification is as simple as scanning the code.
Plain PDF certificates issued without a verification URL or embedded metadata cannot be programmatically verified. They rely entirely on the difficulty of convincing forgery. This is the weakest form of digital credential.
The earner should provide you with one of:
If they provide a screenshot of a badge image with no link or file, that alone is not verifiable. Ask for the original file or share URL.
Use a compliant Open Badge validator to read and check the metadata. Reliable options include:
Upload the PNG or enter the share URL. The validator will extract the assertion JSON and check it.
The validator will display the issuer's name and URL. Your job is to evaluate:
Red flag: if the issuer URL is a dead link, a personal Wix site, or a domain registered last month, treat the credential with significant skepticism.
Open Badge assertions identify the recipient by a hashed email address (for privacy). To verify the badge belongs to the person presenting it:
The validator will show:
Technical validity is necessary but not sufficient. A badge can be technically valid while being issued by an organization with no real credentialing authority. After confirming technical validity, evaluate:
A technically valid badge from an unrecognized issuer with weak criteria has limited value, even if it passes all verification checks.
If you receive a PDF certificate with a QR code:
| Check | What to look for | Status |
|---|---|---|
| Metadata present | Badge PNG contains valid Open Badge JSON-LD | Must pass |
| Assertion live | Assertion URL returns valid JSON | Must pass |
| Issuer URL resolves | Issuer profile page is live and legitimate | Must pass |
| Recipient match | Email hash or name matches earner | Must pass |
| Not revoked | Not on issuer revocation list | Must pass |
| Not expired | Expiry date not passed (or no expiry) | Context-dependent |
| Issuer credibility | Recognized organization in the field | Judgment required |
| Criteria rigorous | Earning criteria are specific and meaningful | Judgment required |
If you've earned digital badges, take these steps to protect and preserve them:
For step-by-step LinkedIn sharing instructions, see our guide on how to add digital badges to your LinkedIn profile.
Click the badge on the LinkedIn profile. If it's a properly issued Open Badge, it will link to a verification page hosted by the issuing platform. That page shows the badge name, issuer, earner, issuance date, and criteria. If clicking produces no verification, the credential may not be a verifiable Open Badge.
Badge images can be copied, but the metadata inside a properly issued Open Badge cannot be forged without access to the issuer's platform. Any validator will show that a copied badge image either has no metadata or that the assertion does not match a valid issuer record.
Badge revocation occurs when an issuer invalidates a previously issued badge, for example, if an earner was found to have cheated on an assessment or if their professional license was suspended. A revoked badge will show as invalid when verified, even if the PNG file still exists.
No. Only badges issued according to the Open Badges standard carry verifiable metadata. Image-only badges have no embedded verification data. This is an important distinction when evaluating credential value.
First, try a different validator to rule out tool errors. If verification consistently fails, contact the issuing organization directly with the badge file or URL. Common causes include an expired issuer domain, a platform that has shut down, or a genuine forgery attempt.