Bank Statement Fraud Detection API
HTPBE.tech is a REST API that detects fabricated and edited bank statements before they reach your underwriters. It performs binary forensic analysis on the PDF file itself — no original statement needed, no comparison required — and returns a structured verdict in under 3 seconds.
Bank statements are the most-faked document in alternative lending. Your KYC platform verified who the borrower is. It did not verify the document they submitted.
How Fraudulent Bank Statements Are Detected
Every PDF carries hidden evidence of its history. Here is what to look for.
Producer mismatch — the statement was rebuilt in a spreadsheet
Bank-issued PDFs are generated by core banking systems. A genuine statement carries the fingerprint of that system in its producer field. When the producer field shows spreadsheet software or a PDF editing tool instead, the document was reconstructed outside the bank’s system — the most common fabrication method HTPBE detects.
Multiple xref tables — post-issuance editing sessions
Every time a PDF is edited and saved, a new cross-reference table is appended to the file. A bank-issued statement should have exactly one. Multiple xref tables in a submitted bank statement represent multiple post-issuance editing sessions — each one a direct indicator of tampering.
Modification date gap — the file was altered after issuance
The creation timestamp embedded in the PDF should match the statement period end date. When the modification timestamp trails the creation date by days or weeks, the applicant altered the file after the bank originally produced it. HTPBE surfaces this gap with exact timestamps.
No digital signature on a bank-issued document
Large banks and financial institutions digitally sign statements at issuance. An absent signature on a statement from an institution that routinely signs documents — or a signature that has been invalidated — is a structural indicator that the file is not the original bank-issued PDF.
The Easy Way: Use HTPBE
All checks run automatically in seconds — no technical knowledge required.
Add one API call to your loan origination pipeline
When an applicant uploads a bank statement, your system sends the document URL to the HTPBE API with a single POST request. No change to your document storage or intake flow required.
Forensic analysis returns before the next step loads
HTPBE checks producer fingerprints, xref table count, timestamp deltas, and digital signature status in parallel. The structured JSON response arrives in under 3 seconds with a verdict and named modification markers.
Route flagged applications before underwriting
Applications returning a “modified” verdict are held for enhanced review before reaching your underwriting team. Store the HTPBE check ID alongside the application record to maintain an auditable trail of every document verification.
Frequently Asked Questions
What percentage of fake bank statements does this catch?
HTPBE reliably catches the methods used in the overwhelming majority of real-world bank statement fraud: spreadsheet rebuilds, consumer PDF editor modifications, and metadata-manipulated files. No tool catches 100% of cases — sophisticated fabrications that reconstruct the entire PDF from scratch without leaving tool fingerprints may not be detected. But those attacks require significant technical expertise; most fraud operations use the common methods HTPBE is designed to flag.
Can it detect Excel-edited statements?
Yes. When a fraudster exports a bank statement to a spreadsheet, edits the figures, and converts it back to PDF, the resulting file carries the spreadsheet application’s fingerprint as the producer. HTPBE maintains a database of known tool signatures and flags this mismatch as a critical modification marker.
How do I add this to my loan origination flow?
The HTPBE API accepts a publicly accessible PDF URL and returns a JSON verdict. Integrate it as a step in your document intake process: after the applicant uploads the statement, before it reaches underwriting. Free test keys are available on all plans including free accounts, so you can build and test the integration before purchasing a paid plan. Full API documentation is at htpbe.tech/api.
Does it work with statements from any bank?
Yes. HTPBE performs one-sided forensic analysis — it examines internal evidence within the PDF itself without needing a reference copy or knowledge of the specific bank’s format. It works on statements from any bank in any country, in any language, because it analyzes binary structure rather than visual content.
For Teams
Checking PDFs at scale?
The same tamper detection analysis runs via REST API. Integrate into your lending, accounts payable, or compliance workflow — self-serve from $15/mo, no sales call required.
Who uses this in production
The same detection engine, framed for the teams that rely on it.
Alternative Lending
Bank statement fraud in alt-lending, MCA, and BNPL pipelines — the primary ICP for this analysis.
Mortgage Underwriting
Same income-document forensics for W-2s, 1099s, tax returns, and asset statements in mortgage files.
Tenant Screening
Payslip and bank statement verification for rental applications before lease signing.