A COA Is Not Proof. It's a Claim.
Every week, someone walks into a secondary market transaction holding a certificate of authenticity like it's a hall pass. Like the paper itself is the point.
It isn't.
A COA is a document. Documents can be printed. Documents can be copied, altered, fabricated, and stapled to anything. The piece of paper tells you nothing about the piece of art unless you can independently verify that the number on that paper exists in a real database, attached to a real submission, processed by a real human being who actually held the work.
So why do collectors keep treating the COA as the destination instead of the starting line?
Part of it is the way the market sells itself. Dealers say "comes with COA" the way car lots say "runs great." It sounds complete. It sounds like the homework has been done. In reality, for a significant percentage of certified collectibles changing hands right now, nobody has gone back to check whether that certificate number resolves to anything at all.
That gap — between holding a COA and verifying one — is where fraud lives.
FBI Operation Bullpen, which ran from the late 1990s into the early 2000s, is the benchmark case study here. Federal agents dismantled a counterfeiting ring that had moved hundreds of millions of dollars in forged sports memorabilia, much of it accompanied by convincing-looking certificates of authenticity. The certificates weren't incidental to the fraud. They were central to it. They were the mechanism by which fake items achieved market credibility.
The art and collectibles market has changed since then. Database infrastructure has improved. Third-party authenticators have built verification systems specifically to close the paper-only loophole.
But the loophole is still being exploited, because collectors keep stopping at the paper.
This article is about why that's a mistake, and exactly what to do instead.
What "Comes With COA" Actually Tells You
Let's be precise about what you have when a seller hands you a certificate of authenticity with no further context.
You have a document that makes a claim.
The claim may be accurate. The claim may have been accurate at some point and since been separated from the correct item. The claim may have been fabricated entirely. The paper itself cannot tell you which of those is true.
There are three failure modes worth understanding:
1. Fully Fabricated Certificates
These are documents created to support fraudulent items. They may mimic the design language of legitimate authenticators — similar fonts, similar layouts, official-looking seals. The cert number either doesn't exist in any database or, more dangerously, has been recycled from a legitimate certification applied to a different item.
PSA has specifically warned collectors about fake PSA labels and certificates circulating in the market. Their guidance is direct: do not assume a PSA label or cert is genuine without running the cert number through PSA's online verification tool at PSAcard.com. The visual alone is not sufficient. Counterfeit PSA labels have been sophisticated enough to fool casual inspection.
2. Real Certificates, Wrong Items
This is arguably more insidious. A legitimate COA from a legitimate authenticator gets separated from the item it was issued for and reattached to something else. The cert number verifies. Everything looks correct. But the item in your hand is not the item that was authenticated.
This is why the database lookup is necessary but not always sufficient on its own. You need to cross-reference the description on the certificate against the physical characteristics of the item. PSA, Beckett, and JSA certification records all include item-specific details precisely to catch this.
3. Expired or Dissolved Authentication Authority
Authentication bodies come and go. The Andy Warhol Art Authentication Board — once the definitive source for Warhol attributions — dissolved in 2012. Any COA issued under that board's authority cannot be verified through a currently active database, because the database no longer exists in an active, maintained form. For Warhol works today, the operative framework is the TrueCOA system. A COA referencing a dissolved or defunct organization tells you very little about current consensus on the work's authenticity.
When did you last think to check whether the organization named on your COA still exists?
The Authenticators Who Built Real Databases
Not all authentication is equal. The market leaders in third-party authentication have built infrastructure that makes verification genuinely possible. Here's how to use it.
PSA (Professional Sports Authenticator)
PSA's online verification tool allows you to enter a cert number and retrieve the full record: item description, grade, population data, and submission history. This is the baseline check for any PSA-certified piece.
PSA has also issued specific warnings about counterfeit PSA certification. Their official guidance is to run every cert number, every time, regardless of how legitimate the physical label appears. The verification lookup is at PSAcard.com. It's free. There is no acceptable reason to skip it.
Beckett Authentication Services (BAS)
Beckett operates at multiple service tiers, and understanding the distinction matters. Within BAS, the Roger Epperson REAL designation functions as the specialist tier for music memorabilia authentication. Epperson is among the most credentialed music autograph experts in the field, and REAL-certified pieces carry a verification record tied to that specific examination.
BAS verification runs through the Beckett Marketplace verification portal. The cert number on a Beckett-authenticated piece should resolve to a record that matches the item, the grade (if graded), and the type of authentication service performed.
JSA (James Spence Authentication)
JSA operates two primary service levels, and this distinction matters enormously for valuation and secondary market acceptance.
JSA Basic (also referred to as a witnessed authentication or sticker-only service) is the entry-level offering. It means a JSA representative was present when the signing occurred, or that the item was submitted and received a sticker. It does not necessarily reflect the same depth of forensic examination as a full letter.
JSA Full LOA (Letter of Opinion of Authenticity) represents the full examination service, with a letter documenting the authenticator's review. The LOA is the document the serious secondary market respects. A JSA sticker alone is a starting point, not an endpoint.
Both levels are verifiable through JSA's online database at jsa.cc. Run the cert number. Confirm the level of service that was actually performed.
Beckett + JSA + PSA/DNA for Music and Space Memorabilia
For high-value music memorabilia and space memorabilia categories, the market standard is cross-authentication across multiple services. A single authenticator's opinion, even from a reputable firm, carries less weight in these categories than items bearing multiple independent certifications.
For space memorabilia specifically, a Zarelli specialist letter adds further depth — this is a category where provenance chain and mission documentation are as important as signature examination, and specialist knowledge matters significantly.
Artist-Specific Authentication: The Rules Are Different Everywhere
One of the most dangerous assumptions a collector can make is that authentication works the same way across all artists and categories. It doesn't. Each corner of the market has its own standard, and applying the wrong framework creates real exposure.
Banksy
The only accepted authentication for Banksy works is Pest Control, the artist's own authentication body. Full stop.
Pest Control issues a Certificate of Authenticity for works they have examined and confirmed. Importantly, Pest Control maintains records that can be cross-referenced. Their process is specific about what they will and won't authenticate, and the secondary market has aligned accordingly — major auction houses and serious dealers require Pest Control documentation for any significant Banksy transaction.
Third-party authenticators issuing opinions on Banksy works outside of Pest Control carry essentially no weight in the institutional market. The artist has been explicit about this. Pest Control is the standard. There is no substitute.
Gauntlet Gallery does not claim Pest Control authentication for Banksy works. Any representation otherwise would be inaccurate, and we're not in the business of inaccurate representations.
Shepard Fairey
Fairey does not issue a formal artist COA in the traditional sense. Authentication for Shepard Fairey works operates through a convergence of factors: the signature itself (examined forensically), edition numbering that aligns with documented Obey Giant drop records, and a clean provenance chain traceable to an authorized release.
The Obey Giant drop record is a meaningful verification layer. Officially released editions are documented, and that documentation can be cross-referenced against the edition number on the piece in question. An edition number that doesn't match any documented release is a serious red flag.
Does the edition number on that Fairey actually appear in any release record you can find?
Death NYC
Death NYC authentication requires two specific elements working together: an artist-signed COA and the studio gold seal. Both. Not one or the other.
A Death NYC piece with a COA but no studio gold seal is incomplete documentation. A piece with a gold seal but no signed COA is similarly incomplete. The market standard for this artist is both elements present and verifiable together. If a seller presents only one component, the provenance is not complete.
KAWS and BE@RBRICK
The authentication landscape for KAWS works and BE@RBRICK figures has evolved with technology. For pieces covered by the OneCOA system, authentication includes NFC chip pairing — the physical chip embedded in or with the piece communicates with the OneCOA record to confirm the match. A cert without a successful NFC pairing where that system has been deployed is incomplete.
For pre-OneCOA pieces, authentication relies on original packaging integrity, hologram verification, and cross-referencing against Medicom release records for BE@RBRICK figures. The chain of custody documentation for earlier pieces requires more manual verification, but the Medicom release record remains the authoritative source for confirming legitimate production runs.
How to Actually Run a Database Lookup
Knowing that you should verify is only useful if you know how. Here's the practical process.
-
Locate the cert number on the COA.
- On PSA items: the cert number appears on the label itself, typically a sequence of digits.
- On Beckett items: the cert number is on the holographic sticker and/or the accompanying letter.
- On JSA items: the cert number appears on the sticker or the letter header.
- For artist-specific documentation (Pest Control, Death NYC studio seal, etc.): follow the artist-specific verification process described by the issuing body.
-
Go directly to the authenticator's official website.
- PSA: PSAcard.com — use the Cert Verification tool.
- Beckett: Beckett.com — use the BAS verification portal.
- JSA: jsa.cc — use the certificate lookup tool.
- Do not use third-party "cert checker" sites. Go directly to the source.
-
Enter the cert number and review the returned record.
- Does the item description match what you're holding?
- Does the grade (if any) match the grade on the physical label?
- Does the service level match what the seller represented (e.g., JSA Full LOA vs. JSA Basic)?
- Is there any indication the cert has been flagged or disputed?
-
Document your verification.
- Screenshot the verification result with a timestamp.
- Save it with your purchase records.
- If you ever need to make a claim or resell the piece, this contemporaneous verification documentation has real value.
-
For artist-specific authentication, follow the specific protocol for that artist.
- Pest Control has its own verification and inquiry process for Banksy works.
- Death NYC authentication requires both the signed COA and the studio gold seal to be present together.
- KAWS/OneCOA pieces require NFC chip pairing where applicable.
- Fairey authentication cross-references against documented drop records.
The Market That Grew Up Around Fake COAs
It's worth understanding the scale of the problem, because it explains why the verification step is not paranoia — it's table stakes.
FBI Operation Bullpen is the landmark reference point. The operation uncovered a network producing forged signatures on sports memorabilia at industrial scale, accompanied by fraudulent certificates that gave the items apparent legitimacy. The investigation led to numerous convictions and recovered a massive volume of fraudulent material. The key finding relevant to collectors: the certificates were not an afterthought. They were engineered specifically to defeat casual inspection by buyers who looked at the paper and didn't look further.
The playbook hasn't changed. What's changed is that serious authenticators have built the database infrastructure that makes meaningful verification possible. The obligation is on the buyer to use it.
If the database exists specifically to catch fraud, what's the argument for not using it?
There isn't one. Skipping the lookup because the paper looks good is the cognitive shortcut that Operation Bullpen-style fraud is designed to exploit.
What Happens When the Cert Number Doesn't Resolve
You run the lookup. The number doesn't return a record. Now what?
First: don't assume it's fraud. There are legitimate reasons a lookup might fail, including data entry variations, recently issued certs that haven't propagated to the public database yet, or older submissions in a legacy system. These are real possibilities.
What you should do is contact the authenticator directly, using contact information from their official website (not from the COA itself). Report the cert number and ask them to manually verify the record. Document that process.
If the authenticator cannot locate any record for the cert number after a direct inquiry — that's a significant red flag. At that point, the transaction should pause. The seller should be asked to provide documentation of the original submission. If they can't, the provenance is genuinely incomplete and the price should reflect that, or the transaction shouldn't proceed.
A seller who responds to "I ran the cert number and it didn't resolve" with pressure to proceed anyway is someone you should be paying very close attention to.
Red Flags
These are the patterns that should stop a transaction cold until they're resolved.
- Cert number doesn't resolve in the authenticator's database. No record returned on direct lookup from the official site. Requires manual escalation before proceeding.
- COA names an authenticator or organization you can't locate. Invented authentication bodies are a common fraud vector. If you can't find the organization through independent research, the COA is likely fabricated.
- Authentication body named on the COA has dissolved or is no longer active. Historical certificates from defunct organizations cannot be verified through a live database. Weight them accordingly and seek corroborating evidence.
- Item description on the COA doesn't precisely match the item you're examining. Even small discrepancies — different edition number, different medium description, different dimensions — may indicate the cert has been separated from the item it was issued for.
- JSA sticker presented as equivalent to JSA Full LOA. These are different service levels with different implications. Verify which service was actually performed.
- Seller resists or discourages verification. A legitimate seller with a genuine piece has no reason to discourage you from verifying the cert. Resistance is itself informative.
- Banksy work presented with non-Pest Control authentication. The only accepted standard is Pest Control. Any other documentation is insufficient for institutional market purposes.
- Death NYC piece missing either the signed COA or the studio gold seal. Both are required. One without the other is incomplete documentation, full stop.
- Pre-OneCOA KAWS or BE@RBRICK with no original packaging or Medicom release cross-reference. For earlier pieces where NFC wasn't deployed, the packaging integrity and release record are the primary verification path.
- Pressure to close quickly without time to verify. Urgency is a social engineering tool. Genuine pieces don't expire. Take the time.
Bottom Line
A certificate of authenticity is the beginning of a verification process, not the end of one.
The paper tells you what someone claims. The database tells you whether that claim has a verifiable basis. Those are different things, and treating them as the same thing is how collections get compromised.
The infrastructure exists. PSA, Beckett, JSA, and the major artist-specific authentication bodies have all built lookup tools precisely because the market needed a way to get past paper-only claims. Use them. Every time. Before money changes hands.
If the cert number verifies, the item description matches, the service level is what was represented, and the provenance chain is clean — you're in a position to make an informed decision. If any of those elements don't hold, you're not there yet.
That's not overcaution. That's the minimum standard for operating in this market with any seriousness.
The collectors who get burned aren't always the inexperienced ones. They're often the ones who knew what a COA was supposed to mean and stopped asking whether this particular one actually did.
Don't stop at the paper.
Frequently Asked Questions
Q: What's the difference between a COA and a certificate verification lookup?
A COA is a document — a claim made by whoever issued it. A verification lookup is an independent confirmation that the cert number on that document exists in the authenticator's database, tied to a specific item record. The COA is a piece of paper. The database lookup is evidence. One is the claim; the other is the corroboration.
Q: Can a fake COA have a real cert number on it?
Yes, and this is one of the more sophisticated fraud vectors. A legitimate cert number from a genuine authentication can be copied onto documentation for a different, fraudulent item. This is why the database lookup alone is not sufficient — you also need to confirm that the item description in the database record matches the physical item in front of you. If the cert resolves but the description doesn't match, that's a serious red flag requiring immediate investigation.
Q: I have a Banksy piece with a COA from a well-known third-party authenticator. Isn't that enough?
For institutional market purposes, no. The accepted standard for Banksy authentication is Pest Control, the artist's own body. Third-party authenticator opinions on Banksy works are not accepted by major auction houses or serious dealers as a substitute for Pest Control documentation. If your piece doesn't have Pest Control authentication, that's a real consideration for resale value and marketability, regardless of what other documentation exists.
Q: What's the difference between a JSA Basic sticker and a JSA Full LOA?
JSA Basic (or witnessed) authentication typically means a JSA representative was present at a signing or that the item received a sticker through a basic submission process. A JSA Full LOA (Letter of Opinion of Authenticity) involves full forensic examination by a JSA authenticator, with a letter documenting their findings. The LOA reflects greater depth of examination and is the tier the secondary market generally requires for higher-value transactions. The verification lookup at jsa.cc will show which service level was performed on a specific cert.
Q: If the Warhol Authentication Board dissolved in 2012, how do I authenticate a Warhol piece now?
The operative framework for contemporary Warhol authentication is TrueCOA. The dissolution of the Warhol Authentication Board created a genuine gap in the market, and TrueCOA developed as the response to that gap. Any COA referencing the dissolved board as an active authority should be treated with significant caution — not because it's necessarily wrong, but because the organization it references can no longer be contacted for verification, and the database behind it is not actively maintained in the same way. Seek counsel from a specialist in this category before transacting on Warhol works.
Q: Does it matter which PSA, BAS, or JSA service tier was used when I'm buying a piece?
Significantly, yes. The same authenticator can offer different service tiers, and the depth of examination varies between them. For high-value transactions, you want to know not just that an item was submitted to an authenticator, but what specific service was performed. This information is visible in the database record. A basic submission and a full letter examination are different products with different implications for your confidence in the opinion.
Q: What should I do if a seller tells me the COA is authentic but doesn't want me to run a verification lookup?
Treat that resistance as meaningful information. There is no legitimate reason for a seller with a genuine piece to discourage a buyer from verifying a cert number through the authenticator's free, publicly available online tool. The most charitable interpretation is that they don't understand the process. The less charitable interpretations are more numerous and more concerning. If a seller is applying social pressure against verification, that should raise your level of scrutiny significantly, not lower it.
Q: Are there categories where COA verification is especially important because of known fraud patterns?
Sports and music memorabilia have historically been the highest-fraud categories in terms of documented cases — Operation Bullpen, for example, was specifically focused on sports memorabilia. But the problem is not limited to those categories. Signed fine art prints, urban and street art works, and high-value collectible figures all have documented fraud patterns. The verification discipline applies across categories. The specific lookup tools vary by category and authenticator, but the fundamental obligation — verify the cert number against a live database before money changes hands — is universal.