Verifying Credentials in 2026: A Practical Guide for HR and Recruitment Teams

If you have ever sat at your desk on a Tuesday afternoon trying to decide whether the candidate's "Member, Chartered Institute of Marketing" line is real, with their offer letter waiting on your screen and the hiring manager pinging you on Slack, this guide is for you.

Verifying credentials is one of those tasks every HR team officially does and, in practice, mostly does not. The reasons are familiar: the registrar's office doesn't pick up. The candidate sends a scan that looks fine but proves nothing. The professional body charges a fee for written verification that takes three weeks. By the time the verification arrives, either the candidate has accepted another offer, or you have made the hire on faith.

This guide is a practical playbook for verifying credentials in 2026 - what to ask for, what to check, what red flags actually matter, and how to use the new digital credential infrastructure that is rolling out across Africa to make all of this faster and more reliable.

Why this matters more than people think

Hiring is the single most expensive activity most companies do. The cost of a mis-hire - including recruitment costs, productivity loss, the second hire, and the reputational damage from a fraudulent claim slipping through - runs into multiples of annual salary for senior roles.

The verification step is the cheapest insurance you can buy. And yet across most African employers, it is the step most likely to be skipped. A 2023 PwC survey of African mid-market employers found that 68% rely on the candidate's self-attested CV with no formal verification of academic or professional credentials. Of those that do verify, the median time-to-completion was 14 days. Most hires are made before that median.

This is not a moral failure of HR teams. It is a tooling problem. The verification infrastructure that exists is slow, expensive, and unreliable. Until that changes, the rational behaviour of a hiring manager under pressure is to skip the step. Read more about why the system is broken in our piece on why paper certificates are failing Africa's professional class.

The good news is that the infrastructure is changing. And HR teams that adapt early will spend dramatically less time on verification while catching dramatically more fraud.

The four things you actually need to verify

For most professional hires in 2026, the credentials you should be checking fall into four buckets:

Academic qualifications. Degrees, diplomas, postgraduate awards. Issued by universities and recognised tertiary institutions.

Professional memberships. ICAG for accountants, CIMG for marketers, GIB for bankers, GIE for engineers, IPHRMP for HR professionals. These signal active standing in a regulated profession.

Certifications. Vendor or industry-specific - AWS, PMI, Google, Salesforce, Microsoft. Increasingly issued as digital badges that can be verified online directly.

Identity and right-to-work. National ID, passport, work permit. Outside the scope of "credentials" strictly speaking but always part of the same verification flow.

Different roles need different combinations. A junior accountant needs the degree and the ICAG membership. A senior cloud engineer might lean more on the AWS certification than the degree. A regulated role - auditor, lawyer, doctor - needs the membership confirmed not just as historical but as current and in good standing.

The trap of "we'll verify after hire"

A common pattern is to make the offer conditional and then forget to actually do the verification. By the time the new hire is in their first month, nobody wants to be the person who calls the registrar's office for a hire who has already moved cities and signed a lease. The verification never happens. The risk sits on the books quietly until something blows up.

The fix is to push verification as early in the process as possible - ideally before the offer letter goes out. Which is exactly what the new tooling lets you do.

How to actually verify, step by step

Here is a practical workflow that works in 2026, given the mix of paper and digital credentials you are likely to encounter.

Step 1: Ask for a verification link, not a PDF

Begin by asking the candidate to share a verification link, not just a scanned certificate. If their issuing institution has digitised - and a growing number have - the candidate will have a public URL like avogy.com/verify/CRED-2026-CIMG-00042. That URL takes you straight to the credential, signed and verifiable in real time.

If the candidate cannot produce a verification link, ask for the credential ID and the issuer name. Then go directly to the issuer's verification page or the credential platform's lookup. You should never be relying on the candidate's word for what the credential says.

Step 2: Check the signature, not the look

If you are looking at a digital credential, the most important check takes about three seconds. Open the verification URL. Look for a clear "verified" or "valid" status. Click into the details. Confirm the signing algorithm (Ed25519 is the modern default), the issuer's name, and the issuance date.

Importantly, do not be reassured by visual polish. A scanned certificate that looks beautiful tells you nothing about authenticity. A stripped-down web page showing a signature status tells you everything. The trust comes from the cryptography, not the design. For the underlying mechanics, see our explainer on tamper-proof digital credentials.

Step 3: Cross-check the issuer's public key

For high-stakes hires - senior roles, regulated industries - go one level deeper. The credential platform will show the issuer's public key fingerprint. Cross-check it against the institution's own website or official registry. This guards against the rare but real risk that someone has set up a fake "verifier" page that signs credentials with their own key and presents them as legitimate.

For most hires this is overkill. But for the chief financial officer role, it is the kind of small extra step that earns its keep.

Step 4: Handle paper-only credentials carefully

Plenty of credentials are still paper-only. A 2018 graduate from a university that hasn't digitised will hand you a scanned PDF and that is the best they can do. Here, the older protocols still apply.

Phone the registrar's office. Use the number from the institution's official website, not the one printed on the certificate (which could be forged). Ask them to confirm the credential by serial number, programme, and graduation year. Document the call: who you spoke to, when, what they said.

For professional bodies, the better ones publish a member directory online. ICAG, CIMG, and others have searchable directories you can use to confirm active membership in seconds. Use those before reaching for the phone.

If the institution offers a written verification service, request it for senior or regulated hires, even if it takes weeks. The cost is low and the audit trail is invaluable.

Step 5: Document everything

Whatever method you use, save the evidence to the candidate's file. A screenshot of the verified credential page. A copy of the email response from the registrar. A note of the phone call. This protects the company if a question arises later about due diligence.

A growing number of background-screening tools now offer integrated credential verification - they will pull verified credentials directly into your ATS. This is worth the budget if you are hiring at scale.

Red flags that actually matter

Most fraudulent claims are not subtle. Here are the patterns that genuinely indicate a problem, in rough order of how often they catch real fraud.

The candidate hesitates to provide verification information. Honest candidates respond within hours with the credential ID, the issuer name, or a verification link. If the candidate "needs to find it" and goes silent for a week, the credential probably does not exist or was issued differently from how it was described.

The credential is from an unfamiliar institution that turns out to be unaccredited. Africa has a non-trivial population of degree mills issuing credentials that are technically real but worthless. Cross-check the institution against the relevant national accreditation body - for Ghana, the Ghana Tertiary Education Commission; for Nigeria, NUC; and so on.

The dates do not line up. Graduation date that precedes admission date, certifications issued before the certifying body existed, work histories that overlap implausibly with study periods. These are the kinds of errors people make when they are inventing.

The credential cannot be found in the institution's records. This is the definitive red flag. If the registrar's office, with the candidate's name and graduation year, cannot find the record, you have your answer.

The professional membership is "lapsed" or "removed." People sometimes keep listing memberships years after they have stopped paying dues or been struck off the register. For regulated roles, this is not a minor issue - it is a compliance problem.

Red flags that don't matter as much as you think

Conversely, a few things that look bad usually aren't.

A candidate sending a low-resolution scan rather than a high-quality one is usually just a candidate who took a phone photo. It is not, by itself, a fraud signal.

A small typo on a certificate does not mean it is fake. Institutions make typos. Real credentials sometimes have wrong middle names.

An older credential from an institution that has since changed names or merged with another can be unverifiable through the new entity's systems even though it is genuinely real. The mitigation is to ask the candidate for documentation of the institutional change.

The shift HR teams need to understand

The single most important shift for HR teams to internalise is this: the verification burden is moving from you to the issuing institution. For decades, you have been the one having to chase credentials, phone registrars, wait for written responses. With cryptographically signed digital credentials, the institution has done the work upfront. Their public key, published online, lets anyone verify any credential they have ever issued, in seconds.

The natural consequence is that your verification protocol becomes much lighter. You don't need a 14-day SLA from a vendor any more. You need a URL and a click. The candidate's experience improves too - they can finally share their credentials directly without going through a third party.

But this only works if the institutions in question have actually digitised. Right now, the situation in Africa is mixed. Some institutions are well into their digital credential rollout. Others are still issuing paper only. The practical implication for HR is that your verification protocol will be hybrid for several years yet - fast for digital credentials, slower for paper.

The good news is that the digital share is rising fast. CIMG launched its digital member certification in 2024. ICAG is piloting digital credentials for new admissions. Several training providers have moved entirely to digital-first issuance. Within five years, the majority of credentials you will encounter from new graduates will be digitally verifiable. Your protocols should be ready.

How to update your hiring playbook

Concretely, here are five small changes worth making to your hiring process this quarter:

Add a "credential verification link" field to your application form. Most candidates with digital credentials will fill it in. Those without one give you a clean signal that paper-only verification is required.

Train your recruiters to spot the difference between a scanned PDF and a verifiable credential link. The former needs the slow protocol; the latter needs only a click.

Push verification to before the offer, not after. With digital credentials, you can verify in minutes during the screening stage. There is no reason to defer.

Build a small internal directory of "trusted issuers" - the institutions whose digital credentials you have validated public-key fingerprints for. This makes the cross-check in step 3 above much faster.

Audit your candidate database against the new infrastructure. Past hires whose credentials you only had paper copies of can often be re-verified now using the institution's digital records. Useful for compliance reviews.

Special cases

A few credential types deserve their own quick note.

International credentials. A degree from a foreign university follows the same logic. Look for digital verification if available; otherwise use the institution's official verification service. WES (World Education Services) and similar credential evaluators are useful for converting foreign qualifications to local equivalents but they are not, by themselves, primary verifiers.

Open badges and microcredentials. Increasingly common from training providers, MOOCs, and short-course offerings. Most are issued in standards-compliant formats and verify directly. Treat them as supplementary signal, not core qualification, unless the role specifically requires them.

Internal corporate certifications. A "Senior Account Manager Certified" credential issued by the candidate's previous employer is an internal artefact. Verify directly with the previous employer's HR if it is material to the hire.

Self-issued credentials. Be sceptical of credentials that the candidate has issued to themselves or that lack a clear institutional issuer. These are not credentials in the meaningful sense, regardless of how nicely they are designed.

A note on candidate experience

Tight verification is sometimes presented as adversarial - as if HR is trying to catch the candidate out. That framing is wrong, and it shows.

The honest candidate, with real qualifications, wants fast verification. They are tired of having their certificates doubted, their graduation dates queried, their professional standing treated as suspect. They will gladly send you a verification link. They will appreciate the company that confirms their credentials in five minutes rather than five weeks.

The candidate experience of a well-run verification protocol is better, not worse, than the slow paper-based one. Your time-to-offer drops. Your offers become firmer. Your accept rate goes up because candidates aren't being frustrated by procedural delays.

What this means for your function

HR functions that adapt early will get three durable advantages. Faster time-to-hire, because verification stops being the bottleneck. Lower fraud rate, because cryptographic signatures don't lie. Better candidate experience, because the friction goes down for honest applicants.

The HR teams that don't adapt will end up doing the same paper chase for another five years, while their competitors hire faster and cleaner. The shift is not optional. It is just a question of when.

For now, the practical answer is to use the workflow in this guide: ask for verification links first, fall back to direct registrar contact for paper-only credentials, document everything, and watch for the red flags that actually matter. Within a few quarters, the digital share of your candidates' credentials will be high enough that this is your default workflow, with paper as the exception.

That is a much better place to be than where most teams are now.

Related reading: Why paper certificates are failing Africa's professional class, The hidden cost of credential fraud in Ghana, The anatomy of a tamper-proof digital credential.