NDIS document fraud

Fake NDIS Document Detection — Catch Tampered Worker PDFs

NDIS providers are accountable for the workers they engage — and accountable for the documents they kept on file. NDIS Quality and Safeguards Commission audits look at evidence: worker screening clearances, qualifications, training certificates. When any of those PDFs were tampered before they reached your file — backdated screening expiry, fabricated qualifications, edited training completion dates — your registration and the safety of participants are both at risk. Read the file before it gets filed.

~3 sec

per document

35 checks

forensic layers

From $15

per month

1,500+

docs / month on Growth

Scope

htpbe? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. The official NDIS Worker Screening Database remains the primary registration check for screening clearances; htpbe? catches tampering on the supporting PDFs you keep on file.

When htpbe? returns INCONCLUSIVE on an NDIS supporting document, that’s itself a fraud signal in this context — real clearances and qualification certificates always come from institutional systems (government portals, RTOs), never from a desktop tool.

How it looks

One REST call, one deterministic verdict

Upload the PDF. The API returns INTACT, MODIFIED, or INCONCLUSIVE with named markers — in about three seconds.

What this looks like

How fake and tampered NDIS supporting PDFs actually look

Three real fraud mechanics we catch at the structural PDF layer.

NDIS Worker Screening clearance with edited expiry

A worker’s genuine screening clearance is approaching expiry. They open the PDF in Adobe Acrobat and edit the expiry date forward by twelve months before submitting. The visual layout is unchanged; the underlying text or annotation layer changes. Incremental update markers in the xref chain expose the edit.

Qualification certificate fabricated in Word

A required qualification (Certificate III in Individual Support, mental health first aid, NDIS-specific training) the worker does not actually hold gets built in Word using a template lifted from the institution’s site. Producer field shows Microsoft Word; structured institutional metadata is missing.

Training completion date backdated

Training that was completed late (or not at all) gets a backdated completion certificate. The PDF dates align with the participant-facing claim; the modification timestamp does not. ModDate after the claimed completion is a high-confidence flag.

The scale

Compliance

NDIS Quality and Safeguards Commission audits look at evidence files

~3 sec

per supporting document via API

Audit trail

every verdict produces named structural markers for the file

Why your existing checks miss this

The Worker Screening Database verifies the clearance status. It does not verify the file you kept.

On audit, the Commission opens your retained PDFs — that file is what defends you.

The NDIS Worker Screening Database lets you check whether a worker has a current clearance — the live status. But your registration depends on retaining evidence of the clearance, the qualifications, the training. If the supporting PDFs were tampered before they reached your file, the audit reads tampered files. htpbe? inspects every supporting PDF at the moment it lands in your evidence file — standalone, no Worker Screening Database integration, no government-portal call required.

Results in under 3 seconds·30 to 1,500+ documents/month·From $15/mo

How it works

Five forensic layers, one deterministic verdict

Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.

Metadata analysis

Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.

File structure

Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.

Digital signatures

Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.

Content integrity

Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.

Verdict with markers

Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.

See the full 35-check breakdown

Document types

NDIS supporting PDFs we check

Every type listed below is analyzed at the structural file layer — not the rendered image.

NDIS Worker Screening clearance PDFWorking With Children Check PDF (state-issued)Qualification certificate PDF (Cert III Individual Support, etc.)Mental Health First Aid certificate PDFManual handling training certificate PDFNDIS Worker Orientation Module completion PDFPolice check certificate PDFReference letter PDF

What htpbe? checks

Detection capabilities

Deterministic structural signals. No probabilistic scores, no model training.

Producer signature on the supporting PDF

Authentic NDIS Worker Screening clearances and state-issued WWCC certificates carry recognisable government-portal producer signatures. Qualification certificates from RTOs (Registered Training Organisations) come from learning-management systems with their own producer signatures. When the producer is Microsoft Word, Excel, LibreOffice, Chrome Headless, or a generic PDF library, the document was authored or edited on a desktop.

Annotation and form-field tampering

Edited expiry dates and conditions on screening clearances often live in the annotation or form-field layer. Tracked separately in PDF structure — annotation-layer changes show structural traces.

Incremental update trail

A clean clearance or certificate has one cross-reference table. Re-saves through Adobe Acrobat or PDF editors append a second xref — visible structural evidence of post-issuance editing.

Modification date vs. claimed issue date

When a clearance dated June 2023 has a ModDate of January 2024, the file was touched after issuance — a high-confidence flag for backdated or extended clearances.

Image-stream artefacts in fabricated headers

Fabricated qualification certificates often paste institutional logos lifted from public sites. The pasted image stream carries different compression characteristics than the surrounding document — a structural fingerprint of fabrication.

Font subset divergence across pages

Multi-session edits or page reassembly leave font subset prefix shifts. Single-session legitimate exports have consistent subsets across all pages.

Integrate in minutes

Two HTTP calls to verify any NDIS supporting PDF

Buyers can skip this section — developers, the integration is two HTTP calls.

Step 1 — submit the PDF

curl -X POST https://api.htpbe.tech/v1/analyze \
  -H "Authorization: Bearer $HTPBE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://your-storage/worker-ndis-clearance.pdf"}'

Step 2 — read the verdict

{
  "id": "n1d2i3s4-5w6x-7y8z-9a0b-c1d2e3f4g5h6",
  "status": "modified",
  "modification_confidence": "high",
  "modification_markers": [
    "Adobe Acrobat producer with incremental update",
    "Annotation layer change detected (expiry date region)",
    "Modification date 8 months after creation date"
  ],
  "producer": "Adobe Acrobat 24.0",
  "creator": "NDIS Worker Screening Portal (original)",
  "creation_date": 1685577600,
  "modification_date": 1707955200,
  "has_digital_signature": false,
  "xref_count": 2,
  "has_incremental_updates": true
}

Original came from the NDIS Worker Screening Portal in June. Then eight months later it was opened in Adobe Acrobat and the annotation layer covering the expiry date was changed. Verdict: modified at high confidence. The clearance was edited after issuance — pull the file, check the live database.

Get your API key — free test keys included Full API documentation

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use htpbe? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

No. The Worker Screening Database is the authoritative live status — always run that for clearance currency. htpbe? inspects the supporting PDFs you retain on file (clearances, qualifications, training certificates) to confirm none were tampered between issuance and your retention. Use both.

WWCC PDFs from state authorities (NSW Office of the Children’s Guardian, VIC Department of Government Services, etc.) carry recognisable producer signatures. Edits to expiry, conditions, or scope leave incremental update markers and annotation-layer changes. htpbe? catches them.

Yes. RTOs use learning-management systems with their own producer signatures. Fabricated certificates authored in Word lack those signatures and the structural metadata genuine certificates carry. Verdict is typically modified or inconclusive with producer-mismatch and missing-metadata flags.

Yes. NDIS providers must retain supporting evidence for participants’ safety and for Quality and Safeguards Commission audits. htpbe? produces a structured verdict with named markers for each PDF, suitable as an audit trail. Providers use it as a pre-retention check at the moment a worker’s evidence file is built.

htpbe? returns INCONCLUSIVE when an NDIS supporting PDF lacks the institutional metadata that genuine government-portal-issued clearances, RTO qualification certificates, and state-issued WWCC certificates carry — typically because the file was authored on a desktop with consumer software (Word, Excel, LibreOffice) rather than exported from the NDIS Worker Screening Portal or a learning-management system. In the NDIS context, INCONCLUSIVE is itself a high-confidence fraud signal: legitimate clearances and qualification certificates always come from institutional systems. Treat INCONCLUSIVE on any NDIS supporting document as fraud-positive and verify the original against the live NDIS Worker Screening Database or issuing institution before onboarding the worker.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Secure your workflow View API docs