logo
Utility bill fraud

Fake Utility Bill Detection — Catch Forged Proof of Address

A utility bill is the cheapest forgery in fintech onboarding — and the one your KYC stack waves through. KYC ops at neobanks, brokers, crypto exchanges, and lenders all accept utility bills as proof of address. Fraud rings know it. They author bills in Microsoft Word using a real provider’s template, paste the applicant’s name and target address, export to PDF, upload. The visual layout passes; the file structure does not.

~3 sec
per document
35 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth
Scope

htpbe? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. If your fraud problem is a digitally fabricated or tampered utility bill, we’re the most specific tool for it.

When htpbe? returns INCONCLUSIVE on a utility bill, that’s itself a fraud signal in this context — real bills always come from utility-provider billing systems (SAP, Oracle Utilities, in-house print engines), never from a desktop tool.

How it looks

One REST call, one deterministic verdict

Upload the PDF. The API returns INTACT, MODIFIED, or INCONCLUSIVE with named markers — in about three seconds.

What this looks like

How fake and tampered utility bills actually look

Three real fraud mechanics we catch at the structural PDF layer.

01

Bill fabricated in Microsoft Word from scratch

No provider involved. The applicant downloads a real utility-provider template image, drops it into Word, types the name and target address, exports to PDF. The producer field shows Microsoft Word — not the billing system real bills carry.

02

Real bill with edited address or name

Applicant takes a real bill from another tenant or family member, opens it in any PDF editor, replaces the name or street, re-exports. The xref chain shows an incremental update — visible structural evidence of post-issuance editing.

03

Old bill with edited statement date

A genuine bill from two years ago becomes a "current" bill by editing the statement period and due date. Modification timestamp gap (years between CreationDate and ModDate) exposes the freshening.

The scale

~30%
of address-fraud cases use fabricated utility bills as the primary document
$5K–$15K
average loss per synthetic-identity account opened with fake POA
~3 sec
per utility bill via API

Why your existing checks miss this

KYC platforms verify the address. They do not verify the file.

Address-validation services confirm the address exists. Not that this PDF is real.

KYC platforms (Onfido, Persona, Jumio, Sumsub) extract the address with OCR and check it against postal databases — they cannot tell whether the underlying PDF was issued by the utility provider or fabricated on someone’s desktop. Address-validation APIs confirm the address exists and is reachable; they don’t confirm this specific bill came from the provider. htpbe? inspects the file structure (producer, xref, metadata, image streams) and surfaces structural fraud markers before account opening.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo
How it works

Five forensic layers, one deterministic verdict

Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.

01

Metadata analysis

Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.

02

File structure

Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.

03

Digital signatures

Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.

04

Content integrity

Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.

05

Verdict with markers

Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.

See the full 35-check breakdown
Document types

Utility bill and adjacent proof-of-address PDFs we check

Every type listed below is analyzed at the structural file layer — not the rendered image.

Electricity bill PDFGas bill PDFWater bill PDFInternet / broadband bill PDFMobile phone bill PDFCouncil tax / property tax bill PDFCable TV bill PDF
What htpbe? checks

Detection capabilities

Deterministic structural signals. No probabilistic scores, no model training.

Producer signature on the bill

Authentic utility bills come from provider billing systems (SAP IS-U, Oracle Utilities, CIS+, in-house print engines that route through enterprise PDF libraries). When the producer field shows Microsoft Word, LibreOffice, Google Docs, Chrome Headless, or any consumer PDF tool, the bill was authored on a desktop — it didn’t come from the provider.

Incremental update trail

A clean export from a billing system has one cross-reference table. Re-saves through any PDF editor append a second xref — visible structural evidence of post-issuance editing on a name, address, or amount.

Statement-date vs metadata gap

A bill claiming "Statement period: March 2026" but with a CreationDate or ModDate from a year earlier (or vice versa) is a high-confidence flag. Real bills are issued the day they’re generated.

Image-stream artefacts in pasted logos and headers

Fabricated bills paste the provider’s logo lifted from the public site. The pasted image stream carries different compression characteristics and object structure than authentic embedded headers — a structural fingerprint of fabrication.

Font subset divergence

Real billing-system bills use a single font subset across the full document. Fabricated bills assembled by hand often show subset prefix shifts where text was retyped or pasted, exposing the multi-source authoring.

Single-session vs multi-session creation pattern

Provider billing systems produce bills in one shot — single xref, no incremental updates, CreationDate equals ModDate. Edits and hand-fabrications break this pattern in different but consistent ways.

Integrate in minutes

Two HTTP calls to verify any utility bill

Buyers can skip this section — developers, the integration is two HTTP calls.

Step 1 — submit the PDF

curl -X POST https://api.htpbe.tech/v1/analyze \
  -H "Authorization: Bearer $HTPBE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://your-storage/applicant-utility-bill.pdf"}'

Step 2 — read the verdict

{
  "id": "u1t2i3l4-5b6i-7l8l-9z0z-a1b2c3d4e5f6",
  "status": "inconclusive",
  "modification_confidence": "none",
  "modification_markers": [
    "Desktop-tool producer (Microsoft Word) — no billing-system signature",
    "Single-session creation — no provider metadata",
    "No digital signature chain"
  ],
  "producer": "Microsoft Word",
  "creator": "Microsoft Word",
  "creation_date": 1707091200,
  "modification_date": 1707091200,
  "has_digital_signature": false,
  "xref_count": 1,
  "has_incremental_updates": false
}

htpbe? returns inconclusive — there’s no edit trail, but the file lacks the billing-system metadata real bills carry. For a utility bill, inconclusive with a desktop producer is itself a high-confidence fraud signal: a genuine bill from any major utility provider would carry a producer string from their billing engine — not Microsoft Word. Treat inconclusive on a POA bill as fraud-positive and route to manual review before account opening.

Get your API key — free test keys includedFull API documentation

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use htpbe? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

Yes. The analysis is producer-agnostic — it inspects whichever PDF arrives. Utility-provider billing systems leave recognisable producer signatures regardless of country (US, UK, EU, India, AU, CA). Hand-fabricated bills authored in Word, Docs, or generic PDF tools leave non-institutional signatures htpbe? flags equally across regions.
Address-validation APIs (Loqate, Smarty, Google Address Validation) confirm the address exists and is correctly formatted — they don’t verify the PDF that claims someone lives there. htpbe? inspects the file structure to detect that the bill itself was fabricated or edited. Use both: address validation for the address fact, htpbe? for the file integrity.
Yes. Name swaps require opening the PDF in an editor and re-saving, which appends an incremental update to the xref chain. The verdict will be modified with the incremental-update marker — even when the visual layout looks pixel-perfect.
htpbe? returns INCONCLUSIVE when a utility bill PDF lacks the institutional metadata genuine billing-system exports carry — typically because the file was authored on a desktop with consumer software (Word, Docs, generator tools) rather than exported from the provider’s billing engine. For utility bills, INCONCLUSIVE is itself a high-confidence fraud signal: a real provider bill always carries a billing-system producer string. Treat INCONCLUSIVE on a POA bill as fraud-positive and route the case to manual document review or alternative POA before account opening.
Related

Related solutions and guides

Solution

Fintech & Lending

KYC, account opening, and lending document fraud detection for fintech ops teams.

Read more
Technical guide

Fake Bank Statement Detection

Sister page — same forensics for bank statements submitted in KYC and lending flows.

Read more
Technical guide

Fake Pay Stub Detection

Same forensics for pay stubs submitted as proof of income alongside POA.

Read more
Technical guide

Fake Receipt Detection

Same claims and expense cluster — forensics for fabricated and edited receipt PDFs.

Read more

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Secure your workflowView API docs