P60 fraud

A P60 is one PDF a year — and any applicant can re-save it with a higher gross

Lettings agents use it for tenant referencing. Mortgage lenders use it as primary income proof. Sponsor-licence holders keep it on file for Home Office audit. And every applicant who needed a higher figure knows the original from Sage, IRIS, or Xero Payroll can be opened in any PDF editor and re-exported in five minutes.

~3 sec

per document

35 checks

forensic layers

From $15

per month

1,500+

docs / month on Growth

Scope

htpbe? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. If your fraud problem is a digitally altered or fabricated P60, we’re the most specific tool for it.

When htpbe? returns INCONCLUSIVE on a P60, that’s itself a fraud signal in this context — real P60 exports always come from a UK payroll engine, never from a desktop tool.

How it looks

One REST call, one deterministic verdict

Upload the PDF. The API returns INTACT, MODIFIED, or INCONCLUSIVE with named markers — in about three seconds.

What this looks like

How fake and tampered P60 PDFs actually look

Three real fraud mechanics we catch at the structural PDF layer.

Edit-and-re-save with bumped Total for year

Authentic P60 comes from a payroll system (Sage, IRIS, Brightpay, Xero, QuickBooks Payroll, Moorepay, ADP UK). The applicant downloads it, opens it in any PDF editor or spreadsheet, edits the Total for year (gross or net), exports back to PDF. The producer field changes from the payroll engine to whichever editor was used.

P60 fabricated in Word from a template

Online "P60 generator" sites and Word templates produce a P60-shaped PDF for any employer name and earnings the user types in. These tools miss the structured payroll-system metadata authentic P60s carry and leave generator-tool producer fingerprints.

Tax code edited but the figures don’t reconcile

Wrong-code P60s are a classic letting-agent flag — but most tenant-referencing teams catch only the obvious ones. When the applicant edits the gross figure, the PAYE deducted no longer reconciles with the tax code and bands. Row arithmetic catches this even before structural analysis.

The scale

~50%

of UK tenancy fraud involves fake or doctored income documents

~3 sec

per P60 via API

No HMRC

no HMRC API call needed — works on the file

Why your existing checks miss this

Open Banking verifies the income. It does not verify the P60.

Both layers matter. The applicant chose to upload the P60 because the bank doesn’t cover the full picture.

Tenant-referencing platforms (Goodlord, RentProfile, FCC Paragon) and mortgage tech vendors verify income through Open Banking when the applicant agrees to connect the account — but applicants who want a higher figure shown rarely do. They submit a P60 instead. HMRC operates Real Time Information for employers, but tenant agents and lenders cannot query it on behalf of an applicant. htpbe? catches the P60 the applicant uploaded, regardless of whether Open Banking is available — standalone, no HMRC API, no payroll-bureau lookup.

Results in under 3 seconds·30 to 1,500+ documents/month·From $15/mo

How it works

Five forensic layers, one deterministic verdict

Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.

Metadata analysis

Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.

File structure

Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.

Digital signatures

Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.

Content integrity

Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.

Verdict with markers

Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.

See the full 35-check breakdown

Document types

P60 and adjacent UK income-proof PDFs we check

Every type listed below is analyzed at the structural file layer — not the rendered image.

P60 PDF (annual)P45 PDF (on leaving employment)Payslip PDF (monthly)SA302 PDF (self-assessment)P11D PDF (benefits in kind)Bank statement PDF (salary credits)Employment contract PDF

What htpbe? checks

Detection capabilities

Deterministic structural signals. No probabilistic scores, no model training.

Producer signature on the P60

Authentic P60s come from a UK payroll engine — Sage, IRIS, Brightpay, Moneysoft, Xero, QuickBooks Payroll, Moorepay, ADP UK, FreeAgent. When the producer is Microsoft Excel, LibreOffice, Word, Chrome Headless, or a generic PDF library, the document was edited or fabricated on a desktop.

Incremental update trail

A clean payroll export has one cross-reference table. Re-saves through Excel or PDF editors append a second xref — visible structural evidence of post-issuance editing.

Tax code and figure arithmetic

Line arithmetic across the P60 (Total for year → tax deducted → NI) is verified row by row. Edited gross figures break the chain — even when the visual layout is preserved.

Modification timestamp gap

A real P60 issued in May has CreationDate ≈ ModDate. A six-month gap on a "freshly issued" P60 is a high-confidence flag for post-export editing.

Font subset divergence

Multi-session edits leave font subset prefix shifts across pages. Single-session legitimate exports have consistent subsets.

Text layer vs. raster layer mismatch

Some fraudsters replace text in the rendered image while leaving the underlying text layer untouched. The two layers stop agreeing — an immediate flag.

Integrate in minutes

Two HTTP calls to verify any P60

Buyers can skip this section — developers, the integration is two HTTP calls.

Step 1 — submit the PDF

curl -X POST https://api.htpbe.tech/v1/analyze \
  -H "Authorization: Bearer $HTPBE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://your-storage/applicant-p60-2024.pdf"}'

Step 2 — read the verdict

{
  "id": "p1q2r3s4-5t6u-7v8w-9x0y-z1a2b3c4d5e6",
  "status": "modified",
  "modification_confidence": "high",
  "modification_markers": [
    "Spreadsheet producer detected (Microsoft Excel)",
    "Two cross-reference tables — incremental update",
    "Modification date 8 months after creation date"
  ],
  "producer": "Microsoft Excel",
  "creator": "Sage 50 Payroll (original)",
  "creation_date": 1683417600,
  "modification_date": 1704067200,
  "has_digital_signature": false,
  "xref_count": 2,
  "has_incremental_updates": true
}

Original came from Sage 50 Payroll in May. Then eight months later it was opened in Microsoft Excel and re-saved — adding a second xref table. The verdict is modified at high confidence. The P60 was edited after issuance.

Get your API key — free test keys included Full API documentation

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use htpbe? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

Yes. The analysis is producer-agnostic — it inspects whichever PDF the applicant submits. Authentic P60s from Sage, IRIS, Brightpay, Moneysoft, Xero Payroll, QuickBooks Payroll, Moorepay, ADP UK, or FreeAgent all carry recognisable producer signatures. Re-saves through Excel or generator tools change those signatures, which htpbe? flags.

No. HMRC does not offer a public API for third-party P60 verification. htpbe? performs standalone forensic analysis on the PDF the applicant uploaded — no HMRC API, no payroll-bureau lookup, no applicant consent for portal access required.

Yes. Generator tools leave fingerprints in the producer field (often Chrome Headless or a specific PDF library) and miss the structured metadata authentic payroll exports embed. The verdict on a generator-produced P60 is typically modified or inconclusive with producer-mismatch flags.

A scan-to-PDF made from a real printed P60 typically returns inconclusive: institutional metadata is gone (because the scanner authored a fresh PDF). Treat inconclusive on a P60 as a prompt for manual review or a request for the original PDF from the payroll system.

htpbe? returns INCONCLUSIVE when a P60 PDF lacks the institutional metadata that genuine UK payroll-engine exports carry — typically because the file was authored on a desktop with consumer software (Word, Excel, LibreOffice) rather than exported from a UK payroll system such as Sage, IRIS, Brightpay, or Xero Payroll. In the P60 context, INCONCLUSIVE is itself a high-confidence fraud signal: a real P60 would always come from a payroll engine, never from a desktop tool. Treat INCONCLUSIVE on a P60 as fraud-positive and route the case to manual employer verification or Open Banking income check before progressing.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Secure your workflow View API docs