Diploma & degree fraud

Fake Diploma Detection — Catch Forged Degrees

A fake diploma costs $40 online and qualifies someone for a job that pays six figures — visual review never sees it. BGV operators, talent ops teams, immigration officers, and licensing bodies all rely on diploma and transcript PDFs as proof of qualification. Diploma mills and fraud rings know the visual signal is trivial to copy. They mint diplomas in Microsoft Word using a real university template, edit grades, sign the registrar’s name, export to PDF. Visual review passes; structural analysis does not.

~3 sec

per document

35 checks

forensic layers

From $15

per month

1,500+

docs / month on Growth

Scope

htpbe? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, embossed seals, or physical paper. If your fraud problem is a digitally fabricated or tampered diploma, degree, or transcript PDF, we’re the most specific tool for it.

When htpbe? returns INCONCLUSIVE on a diploma or transcript, that’s itself a fraud signal in this context — real diplomas and transcripts come from university registrar systems (Banner, PeopleSoft Campus Solutions, in-house print engines) or accredited verification platforms (National Student Clearinghouse, Parchment, Digitary), never from a desktop tool.

How it looks

One REST call, one deterministic verdict

Upload the PDF. The API returns INTACT, MODIFIED, or INCONCLUSIVE with named markers — in about three seconds.

What this looks like

How fake and tampered diplomas actually look

Three real fraud mechanics we catch at the structural PDF layer.

Diploma fabricated in Microsoft Word from scratch

No university involved. The applicant downloads the university crest from the public site, drops it into Word with a degree template, types the candidate name and graduation date, signs the registrar’s name, exports to PDF. The producer field shows Microsoft Word — not the registrar print engine or accredited verification platform real diplomas carry.

Real transcript with edited grades or GPA

Applicant has a genuine transcript but the grades or GPA don’t qualify them for the role, programme, or visa. They open the PDF in any editor, change the grades, re-export. Incremental update markers expose the edit even when the visual layout looks pixel-perfect.

Diploma from a diploma-mill or fictional institution

A "university" name nobody can verify, with a polished diploma at a high credential level. The structural fingerprints (Word producer, single-session export, no e-sign chain, no accredited-platform metadata) match a desktop fabrication regardless of whether the named institution exists at all.

The scale

~30%

of resumes contain some form of credential exaggeration; outright diploma fraud is a smaller but high-impact subset

$50K+

typical first-year salary granted against a fabricated degree before discovery

~3 sec

per diploma or transcript via API

Why your existing checks miss this

Education-verification platforms verify the record. They do not verify the file.

And manual visual review of a diploma rarely catches a polished Word fabrication.

Education-verification platforms (National Student Clearinghouse, World Education Services, Trua, Sterling Education) check the candidate’s record against the institution’s database — this works when the institution participates and the candidate consents. But coverage is partial (international institutions, recent graduates, defunct universities, diploma mills posing as real schools), and consented verification takes days to weeks. htpbe? catches the file the candidate uploaded — instant, no consent flow, no institutional relationship required. Use both: education-verification for the record when reachable, htpbe? for the file always.

Results in under 3 seconds·30 to 1,500+ documents/month·From $15/mo

How it works

Five forensic layers, one deterministic verdict

Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.

Metadata analysis

Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.

File structure

Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.

Digital signatures

Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.

Content integrity

Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.

Verdict with markers

Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.

See the full 35-check breakdown

Document types

Diploma and education-verification PDFs we check

Every type listed below is analyzed at the structural file layer — not the rendered image.

Bachelor / Master / PhD diploma PDFUniversity transcript PDFDegree certificate PDFMark sheet PDFConvocation certificate PDFProvisional degree certificate PDFProfessional licensing certificate PDF

What htpbe? checks

Detection capabilities

Deterministic structural signals. No probabilistic scores, no model training.

Producer signature on the diploma or transcript

Authentic diplomas and transcripts come from university registrar systems (Banner, PeopleSoft Campus Solutions, Workday Student) or accredited verification platforms (National Student Clearinghouse, Parchment, Digitary, MyCreds). When the producer field shows Microsoft Word, LibreOffice, Google Docs, Chrome Headless, or a generic PDF library, the document was authored on a desktop — not issued by an accredited registrar.

Digital signature presence and chain

Modern accredited verification platforms (Parchment, Digitary, MyCreds, National Student Clearinghouse) digitally sign their PDFs with the institution’s certificate. Authentic verified credentials carry a valid signature chain. Fabrications either lack signatures entirely or have invalidated chains — visible regardless of the visual signature image.

Incremental update trail

A clean export from a registrar system or accredited platform has one cross-reference table. Re-saves through any PDF editor append a second xref — visible structural evidence of post-issuance editing on grades, GPA, or graduation date.

University crest and image-stream artefacts

Real registrar templates embed the institutional crest as part of the template’s font and image objects. Lifted-and-pasted crests from public sites appear as redundant image streams with mismatched compression characteristics — a structural fingerprint of fabrication.

Modification timestamp gap

A real diploma issued at the time of conferral has CreationDate matching ModDate (single-session export). A weeks-or-months-later modification on a "freshly issued" diploma is a high-confidence flag for post-export editing.

Cross-document signature and crest reuse

When the same registrar signature image or institutional crest appears across multiple "different" university diplomas from a single applicant pool, image-stream hash matching exposes the shared source — a fingerprint of a single diploma-mill or fabricator producing multiple credentials.

Integrate in minutes

Two HTTP calls to verify any diploma or transcript

Buyers can skip this section — developers, the integration is two HTTP calls.

Step 1 — submit the PDF

curl -X POST https://api.htpbe.tech/v1/analyze \
  -H "Authorization: Bearer $HTPBE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://your-storage/candidate-diploma.pdf"}'

Step 2 — read the verdict

{
  "id": "d1i2p3l4-5o6m-7a8t-9z0z-a1b2c3d4e5f6",
  "status": "inconclusive",
  "modification_confidence": "none",
  "modification_markers": [
    "Desktop-tool producer (Microsoft Word) — no registrar or accredited-platform signature",
    "Single-session creation — no incremental update trail",
    "No digital signature chain"
  ],
  "producer": "Microsoft Word",
  "creator": "Microsoft Word",
  "creation_date": 1707091200,
  "modification_date": 1707091200,
  "has_digital_signature": false,
  "xref_count": 1,
  "has_incremental_updates": false
}

htpbe? returns inconclusive — there’s no edit trail, but the file lacks the registrar or accredited-platform metadata real diplomas carry. For a diploma or transcript, inconclusive with a desktop producer is itself a high-confidence fraud signal: a genuine credential from any accredited institution would carry a producer string from the registrar system or a verification platform like Parchment, Digitary, or National Student Clearinghouse — not Microsoft Word. Treat inconclusive on a diploma as fraud-positive and route to manual education verification before hiring or visa decisions.

Get your API key — free test keys included Full API documentation

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use htpbe? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

Yes. The analysis is producer-agnostic — it inspects whichever PDF arrives. Authentic diplomas from US, UK, EU, Indian, AU, CA, and international institutions all come from registrar systems or accredited verification platforms that leave recognisable producer signatures. Hand-fabricated diplomas authored in Word, Docs, or generic PDF tools leave non-institutional signatures htpbe? flags equally across regions.

NSC and WES check the candidate’s record against institutional databases — they verify the fact when the institution participates and the candidate consents. htpbe? inspects the PDF the candidate uploaded — works instantly, no consent flow, no institutional relationship required. Use both: NSC/WES for the record when reachable, htpbe? for the file always.

Yes. Grade or GPA edits require opening the PDF in an editor and re-saving — which appends an incremental update to the xref chain. The verdict will be modified with the incremental-update marker even when the visual layout looks pixel-perfect.

htpbe? returns INCONCLUSIVE when a diploma or transcript PDF lacks the institutional metadata that genuine registrar exports or accredited verification platforms carry — typically because the file was authored on a desktop with consumer software (Word, Docs, generator tools) rather than issued by an accredited institution. For diplomas and transcripts, INCONCLUSIVE is itself a high-confidence fraud signal: a real credential always carries a registrar or verification-platform producer string. Treat INCONCLUSIVE on a diploma as fraud-positive and route the case to manual education verification (NSC, WES, registrar contact) before hiring or licensing decisions.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Secure your workflow View API docs