Fake Document Detection API
HTPBE is a REST API that detects fake and tampered PDF documents submitted during onboarding, lending, and document intake workflows. One integration handles all document types: bank statements, invoices, payslips, certificates, and contracts.
Fake documents submitted during onboarding are different from each other. The detection method is the same: the binary structure of a PDF always tells the truth.
Forgery Patterns by Document Type
Every PDF carries hidden evidence of its history. Here is what to look for.
Bank statements — rebuilt in a spreadsheet
The most common bank statement fraud: export the real statement, edit figures in Excel or Google Sheets, convert back to PDF. The resulting file carries spreadsheet software as its producer, not a banking system. HTPBE flags this producer mismatch as a critical modification marker.
Certificates and diplomas — edited with a consumer PDF tool
Academic certificates and professional credentials are commonly forged by opening the original in a consumer PDF editor, changing the name or grade, and saving. These tools leave their own fingerprint in the producer field — a fingerprint that should never appear on a document issued by an institution.
Invoices — bank details changed after creation
In BEC invoice fraud, a real vendor invoice is intercepted, the bank account details are changed in a PDF editor, and the modified invoice is forwarded to the payer. The modification date trails the invoice date, an additional revision layer is added, and the producer fingerprint changes from the vendor’s accounting software to the attacker’s editor.
Contracts — modified after signing
Contract fraud often involves modifying terms after a digital signature has been applied. The signature cryptographically locks the document at the moment of signing — any subsequent change invalidates it. HTPBE detects both the invalidated signature and the post-signature modification markers.
The Easy Way: Use HTPBE
All checks run automatically in seconds — no technical knowledge required.
One API, every document type
The same POST /api/v1/analyze endpoint handles all PDF document types. Your system sends the document URL; HTPBE determines what it is, what it should look like, and whether it has been altered.
Analysis returns a verdict with document-specific markers
The API response includes a “status” field (intact / modified / inconclusive), a confidence level (certain / high / none), and named modification markers. The markers are specific — DIFFERENT_DATES, KNOWN_EDITOR_IN_PRODUCER, MODIFICATIONS_AFTER_SIGNATURE — not a generic risk score.
Route flagged documents to enhanced review
Build routing logic on the “status” field. Intact documents proceed. Modified or inconclusive documents are held for manual review, with the HTPBE check ID stored in the application record as part of your compliance audit trail.
Frequently Asked Questions
What document types can HTPBE detect fakes for?
Any PDF: bank statements, payslips, tax returns, utility bills, invoices, contracts, academic certificates, professional credentials, insurance documents, and government-issued PDFs. The API performs binary forensic analysis — it does not need to know the document type in advance. It examines internal structure, metadata, and signatures, which are present in all PDF files regardless of content.
How is this different from a database lookup?
Database-based verification checks whether a document number or credential exists in an external registry. HTPBE checks whether the specific PDF file submitted has been altered since it was issued. The two approaches detect different fraud types: a fraudster with a real credential number but a tampered PDF file would pass a database lookup and fail HTPBE’s analysis. They are complementary, not interchangeable.
Can it catch AI-generated fake documents?
HTPBE detects modifications to existing PDF files — it is not designed for detecting entirely AI-generated documents that were never real to begin with. However, most real-world document fraud uses a real document as the starting point (because it passes visual review) and modifies specific values. That modification process leaves structural traces that HTPBE detects. Fully synthetic documents with no real-document origin are a different problem requiring different detection methods.
What confidence levels does it return?
The API returns three confidence levels: “certain” (for markers with cryptographic or structurally definitive evidence, such as a modification after a digital signature), “high” (for markers that strongly indicate modification but are not cryptographically provable, such as a producer mismatch or timestamp gap), and “none” (when no modification evidence was found). The confidence level helps your team calibrate escalation thresholds for different document types and risk tolerances.
For Teams
Checking PDFs at scale?
The same tamper detection analysis runs via REST API. Integrate into your lending, accounts payable, or compliance workflow — self-serve from $15/mo, no sales call required.
Who uses this in production
The same detection engine, framed for the teams that rely on it.
KYC & Onboarding
Proof of address, bank letters, and corporate documents — structural forensics alongside identity verification.
HR & Hiring
Fabricated offer letters, altered reference letters, and edited employment verification PDFs.
Insurance Claims
Repair invoices, medical bills, and proof-of-loss PDFs flagged before payout.